Maintaining consumer privacy under the tsunami of health and wellness sensors

Having just spent two days at the mHealth summit in Washington DC, a major theme of the event was how wearables were going to play a part in healthcare. As I think back to how the medical system was when I was growing up, if you were sick you went to the Doctor to told them your symptoms after which the Doctor would perform an examination and tell you what was wrong with you and how to go about getting better. 

Contrast that with today where we can research our symptoms online using tools like WebMD and have a rough idea of what maybe wrong with us even before setting foot in the doctor’s office.  Actually we also have an option now to opt out completely from getting in the car to go to the doctor’s office by seeing a board certified doctor remotely through our mobile devices by using apps such as Teledoc, MDlive, or Doctor on Demand to name a few. 

Finally, through the use of wearables, we are able to collect actual data that we have been measuring such as blood pressure, heartrate, glucose, temperature, SpO2, etc. in addition to fitness data such as amount of exercise, weight providing doctor’s with further insights into a diagnosis.  

This is only increasing as fashion accessories such as smartwatches, such as the Apple Watch, are starting to incorporate sensors to monitor your heartrate providing further convenience of tracking key metrics as it relates to your health without you having to do anything. In the future these sensors could also be embedded into your clothing, many of these powered by Arm's low-power silicon technology.  

There are further innovations, powered by Arm technology, which drastically reduce the size of sensors such as this one from Sensogram which measures blood pressure, respiration rate, oxygen saturation, heart rate, and skin temperature all using a small device which fits in the palm of your hand. Imagine chronic illness patients with high blood pressure, now taking measurements discretely at their desk in the office throughout the day without attracting attention to themselves by having a large cuff around their arm. This is a major disruptive trend because of two key factors:

  1. acquiring health data is becoming unobtrusive and inconspicuous and probably most importantly
  2. acquiring data is seamless and requires little or no action on part of the user

It’s only a matter of time before this kind of technology gets integrated directly into the smartwatch. However this brings up a major concern which is whilst it’s getting easier to collect this health data in an unobtrusive and highly convenient way, the data being collected is that of an individual’s health which in and of itself, is very personal and needs to be kept secure, confidential, and private that that individual.

With the advent of many of these devices onto the market, raises more questions with regard to that data: who owns the data, where is it stored, who has access to it, what is the policy that governs access to that data, who determines that policy, can I opt out of having my data stored in the cloud, can I have it deleted at any time, the list goes on and on. Many of today’s popular wearable and healthcare devices such as Misfit, Fitbit, Withings, and Garmin, to name a few do store your personal data from these sensors in the cloud. Fortunately, many if not all of these companies listed do offer some kind of privacy policy on their website, although like any other cloud provide, these are subject to change.

In order to get the data to the EMR, healthcare aggregation services, like Validic for example, then aggregate the sensor data from these other clouds before finally sending it to the provider. A user’s data, in effect, traverses at least two third party cloud services before arriving at the user’s healthcare provider destination where that data can analyzed.

What if there was another way?

What if there was a way to keep your healthcare under users control and only authorize which data gets sent to whom? Arm is pleased to announce and demonstrate this week a new proof of concept which takes us a step in this direction.

Leveraging Arm’s hardware-based security technology, Arm TrustZone, Arm, together with industry partners, is offering an alternative solution.The solution enables a trusted entity (e.g. your healthcare provider) to acquire data directly from the sensor (from within their App on the mobile device), allow the user to validate the data is theirs and confirm their consent to share the data, then allow the third party to pack and send it their EHR directly, without the need for a third party cloud.

Data is kept secure by encrypting it from the sensor to the mobile device (in the future there will be support fixed gateways), the data is kept secure within the phone when data is “in motion” by utilizing a technology called Trusted UI. The user is then presented an option to validate the data and whether or not they consent to share that data by clicking “submit” then allowing the provider to pack and send the data directly to the EHR.

To demonstrate this proof of concept, Arm pleased to have partnered with two leading companies, HeartToHeart and Neurosky. Heart2Heart develops structured intelligence comprised of protocols with established algorithms and guidelines for personalized medicine and clinical decision support for care teams and the individuals and families they serve. NeuroSky biosensor technologies enable the most insightful and easy-to-understand health and wellness biometrics for mobile solutions, wearable devices, and service providers. The company’s proprietary, market-leading biosensor technologies provide a foundation for analyzing biometric data in a way that’s never before been practical.