illustration of person tracking his health condition with smart bracelet, mobile application and cloud services.

Should We Regulate Direct-to-Consumer Health Apps?

By Sara Gerke and Chloe Reichel

According to one estimate, over 318,000 health apps are available in app stores, and over 200 health apps are added each day. Of these, only a fraction are regulated by the U.S. Food and Drug Administration (FDA); those classified as “medical devices,” which typically pose a moderate to high risk to user safety.

In this final installment of our In Focus Series on Direct-to-Consumer Health Apps, we asked our respondents to reflect on this largely unregulated space in health tech.

Specifically, we asked: How can/should regulators deal with the assessment of health apps? For apps not currently regulated by the FDA, should they undergo any kind of review, such as whether they are helpful for consumers?

Read their answers below, and explore the following links for their responses to other questions in the series.

Read More

Close up of a computer screen displaying code

Mitigating Bias in Direct-to-Consumer Health Apps

By Sara Gerke and Chloe Reichel

Recently, Google announced a new direct-to-consumer (DTC) health app powered by artificial intelligence (AI) to diagnose skin conditions.

The company met criticism for the app, because the AI was primarily trained on images from people with darker white skin, light brown skin, and fair skin. This means the app may end up over-or under-diagnosing conditions for people with darker skin tones.

This prompts the questions: How can we mitigate biases in AI-based health care? And how can we ensure that AI improves health care, rather than augmenting existing health disparities?

That’s what we asked of our respondents to our In Focus Series on Direct-to-Consumer Health Apps. Read their answers below, and check out their responses to the other questions in the series.

Read More

Hand holding smartphone with colorful app icons concept.

Who Owns the Data Collected by Direct-to-Consumer Health Apps?

By Sara Gerke and Chloe Reichel

Who owns the data that are collected via direct-to-consumer (DTC) health apps? Who should own that data?

We asked our respondents to answer these questions in the third installment of our In Focus Series on Direct-to-Consumer Health Apps. Learn about the respondents and their views on data privacy concerns in the first installment of this series, and read their thoughts on consumer access to DTC health app data in the second installment.

Read More

Illustration of multicolored profiles. An overlay of strings of ones and zeroes is visible

Should Users Have Access to Data Collected by Direct-to-Consumer Health Apps?

By Sara Gerke and Chloe Reichel

Should consumers have access to the data (including the raw data) that are collected via direct-to-consumer (DTC) health apps? What real-world challenges might access to this data introduce, and how might they be addressed?

In this second installment of our In Focus Series on Direct-to-Consumer Health Apps, that’s what we asked our respondents. Learn about the respondents and their views on data privacy concerns in the first installment of this series. Read on for their thoughts on whether and how consumers should gain access to the data that direct-to-consumer health apps collect.

Read More

hands hold phone with app heart and activity on screen over table in office

Perspectives on Data Privacy for Direct-to-Consumer Health Apps

By Sara Gerke and Chloe Reichel

Direct-to-consumer (DTC) health apps, such as apps that manage our diet, fitness, and sleep, are becoming ubiquitous in our digital world.

These apps provide a window into some of the key issues in the world of digital health — including data privacy, data access, data ownership, bias, and the regulation of health technology.

To better understand these issues, and ways forward, we contacted key stakeholders representing a range of perspectives in the field of digital health for their brief answers to five questions about DTC health apps.

Read More

Illustration of a man and a woman standing in front of a DNA helix

A Proposal for Localized Review to Safeguard Genetic Database Privacy

By Robert I. Field, Anthony W. Orlando, and Arnold J. Rosoff

Large genetic databases pose well-known privacy risks. Unauthorized disclosure of an individual’s data can lead to discrimination, public embarrassment, and unwanted revelation of family secrets. Data leaks are of increasing concern as technology for reidentifying anonymous genomes continues to advance.

Yet, with the exception of California and Virginia, state legislative attempts to protect data privacy, most recently in Florida, Oklahoma, and Wisconsin, have failed to garner widespread support. Political resistance is particularly stiff with respect to a private right of action. Therefore, we propose a federal regulatory approach, which we describe below.

Read More

a pill in place of a model globe

Monthly Round-Up of What to Read on Pharma Law and Policy

By Ameet Sarpatwari, Beatrice Brown, and Aaron S. Kesselheim

Each month, members of the Program On Regulation, Therapeutics, And Law (PORTAL) review the peer-reviewed medical literature to identify interesting empirical studies, policy analyses, and editorials on health law and policy issues.

Below are the citations for papers identified from the month of May. The selections feature topics ranging from an analysis of the impact of generic drug spikes on Medicaid spending, to an evaluation of where drugs are tested for FDA approval and subsequent time to marketing approval in these countries, to an assessment of how net prices of diabetes drugs are affected by brand competition. A full posting of abstracts/summaries of these articles may be found on our website.

Read More

Transparency and Direct-to-Consumer Genetic Testing Companies

By Linnea Laestadius, PhD, MPP

Direct-to-consumer (DTC) genetic testing companies are now a fixture of U.S. consumer culture, with dozens of companies offering adults on-demand insights into their ancestry and health (sometimes loosely defined). While a compelling argument can be made for giving consumers the right to access information about their own genetic material, DTC-testing presents a range of legal and ethical concerns. Scholars and physicians have long been raising questions about the analytic validity, clinical validity, and clinical utility of these services. The FDA has increasingly worked to address these aspects of DTC-testing and has issued letters to multiple DTC genetic testing firms arguing that they are offering medical devices that should be subject to premarket review. Developments in this area continue to emerge and the FDA recently authorized marketing for 23andMe’s Bloom Syndrome carrier test, while also planning to exempt future carrier screening tests from premarket review.

These are clearly positive developments from the perspective of consumer protection, however, other aspects of DTC genetic testing remain largely unaddressed. Most notably, there are significant concerns about how firms handle consumer samples and data and how and if they use them for secondary purposes. To address this issue, Paul Auer, PhD, Jennifer Rich, MPH, and I set out to understand how transparent these firms are about their privacy, confidentiality, and secondary use policies. Recently published in Genetics in Medicine, this work offers an analysis of the terms-of-service and privacy policies of the top 30 DTC genetic testing firms that show up in a U.S. based web search.

While transparency about data practices varied across firms, a number of gaps appeared with regard to conveying information about the risks of data disclosure, the ultimate fate of samples and data, and use of data for research. Over the past decade, several major professional and governmental organizations have issued guidelines for transparency in these areas, including the American College of Medical Genetics and Genomics and the European Society of Human Genetics. At present, it does not appear that non-binding guidelines have been sufficient to encourage widespread compliance with best practices on these topics. Read More