·  Legal News, Analysis, & Commentary

Drugs & Medical Devices

Legal Challenges Posed by Smart medical Devices

— September 3, 2021

Current regulations may not be adequate to cover pertinent legal issues raised by these technologies.

The use of healthcare and wellness devices and technologies has increased in recent years. Most of these devices have profound benefits that enhance healthcare delivery and improve the quality of life for users. The challenge is to create a legal system that protects users while encouraging the adoption of healthcare technology. Become a Hearing Aid Provider and earn good commissions for promoting safe hearing devices. 

User Consent

Most smart devices are equipped with software such that they can collect user data for clinical applications. Health apps are often used to guide healthcare clients on proper dieting, health indicators, and medication adherence. 

Most of the data used to make these decisions is collected by wearable devices and smartphones. The pertinent issue raised by this practice is informed consent because most clients sign digital user agreements without looking at the finer details. The problem is further complicated by the frequent updates made to the software used on these devices and apps. 

Data Protection 

The success of artificial intelligence (AI) and machine learning (ML) algorithms is premised on access to large amounts of user data. The challenge is that collecting such large datasets may infringe fundamental privacy rights. At the minimum, users need to know the type of data being collected and have the right to waive access for uses outside the physician-patient relationship. 

Currently, most data protection policies are covered in the Health Insurance Portability and Accountability Act (HIPAA). This act targets healthcare and insurance industries but does not cover user data collected by creators of fitness and health monitoring devices and applications. For instance, major tech companies have invested heavily in healthcare technologies, yet they are not covered by the HIPAA. 

Another pertinent issue is the use of de-identification to reduce privacy concerns. Experts opine that de-identification does not provide users with adequate protection users to the risk of data triangulation. 

This was the argument in Dinerstein v. Google, where the plaintiff argued that Google had the capability to use triangulation to identify individual clients. It is imperative for policymakers to develop a more comprehensive data protection law that addresses the gaps in the HIPAA. 

Safety Issues

The data used by healthcare practitioners to make clinical decisions should be reliable and valid. However, some of the algorithms used in smart devices may be inaccurate, meaning that the decisions made using them may be flawed. 

Medical device developers should be transparent about the shortcomings of their applications. All too often, evidence emerges indicating that some popular devices are unsafe or the recommendations they make lead to incorrect treatments. 

Further, there is a need for adequate oversight to ensure the safety and effectiveness of these devices. The FDA is the organization responsible for approving the use of medical devices in the US. It provides comprehensive guidelines for the safe and fair use of medical devices and related software. 

The guidelines clearly state that device developers are responsible for ensuring that the devices and software they use can perform the intended use adequately without jeopardizing user or patient safety. 

Currently, the most contentious issue is the use of AI/ML to enable medical devices to adapt and improve their performance in real-time while ensuring safety and effectiveness. This is an ongoing policy issue that will continue to invite legal reforms. 


Smart devices raise several legal liability issues. The current legal regime places liability on healthcare providers for treatment decisions made using incorrect information or recommendations from smart devices. 

Medical practitioners are obliged to avoid harming patients, and an adverse outcome would constitute medical malpractice.  To avoid medical malpractice issues, most healthcare practitioners use medical devices and apps as confirmatory tools to aid existing decision-making processes rather than follow their recommendations. 

Going forward, policymakers need to find a regulatory regime that balances patient protection with promoting healthcare and wellness technology. 

Another solution to the liability problem is collectivized risk that compensates victims of technology-related harm without deterring practitioners. Vaccine manufacturers use this approach to pay out persons harmed by vaccines without apportioning liability to individual doctors. 

Device manufacturers could follow the same approach by spreading the risks and compensating patients to encourage health practitioners to use their devices and applications.

Another option is to introduce a rigorous pre-approval mechanism that transfers liability to the government while protecting healthcare professionals from some forms of liability. This form of liability transfer is especially desirable for ‘black box’ applications where the physician does not know how the software works. 


A padlock superimposed over a blue circuit board pattern.; image by jaydeep_ CC0, via Wikimedia Commons.
Image by jaydeep_ CC0, via Wikimedia Commons.

Most healthcare devices and applications of the future will operate in an IoT environment. This exposes users to cybersecurity threats. For instance, cybercriminals and adversarial nations can exploit health and wellness apps and devices vulnerabilities to threaten users or disrupt access to vital healthcare services. Possible targets include diagnostic devices, medical devices, and wearables. 

Cyberattacks also pose privacy risks because hackers can access sensitive information and threaten patient safety or social standing. The US implemented The Cybersecurity and Infrastructure Security Act of 2018 to increase national capacity to prevent and defend critical healthcare infrastructure against cyberattacks. However, experts opine that internationally enforceable laws need to be created to combat global cybersecurity threats. 


The increased use of smart devices and applications by the healthcare and wellness sectors poses several legal challenges. Current regulations may not be adequate to cover pertinent legal issues raised by these technologies. Stakeholders need to engage in constructive dialogue about these problems and find solutions that don’t hamper the adoption of healthcare technologies. 

Join the conversation!