© Askold Romanov | Thinkstock.com

There are many issues to consider when talking about wearables in the medical device sector – from technology advancements to the risks a company can face – so those entering the arena need to be prepared and protected on all fronts. Patty Nichols, second vice president of Medical Technology Underwriting at Travelers sat down with Today’s Medical Developments magazine to help explain the nuances in this fast-growing market.

Today’s Medical Developments (TMD): What is the growth potential of wearables?

Patty Nichols (PN): The growth potential of wearables in the medical and health care industry is extraordinary. Specifically, some of the biggest quality-of-life improvements from healthcare wearables include the promise of detection, prevention, and treatment of chronic disease, as well as the ability to reduce healthcare costs.

In fact, Swiss research firm Soreon expects the wearables market to top $40 billion by 2020 in the healthcare industry alone. The ability of wearables to improve quality of life and reduce the cost of care are key factors that will drive growth in the healthcare and medical sector. As a result, an increasing number of technology companies are aggressively pursuing the wearables opportunity in this sector, as are many emerging startups.

TMD: What are the major risks faced by medical device makers entering the wearables space?

PN: Medical device makers face three main categories of risk in integrating wearable technology.

Cyber risk – Often defined as the risk of financial loss, business interruption, or reputational damage due to an organization’s failure to properly secure the data held within its information systems. It can occur as a result of a cyber criminal’s attack, an ineffective information technology (IT) policy, a failure of IT security software, or even a disgruntled employee. Nearly all high-profile data breaches lead to proposed class action lawsuits and wearable device manufacturers can certainly be among the defendants in such suits if a device is alleged to have contributed to a breach.

Bodily injury risk – In order for wearable devices to deliver on the quality of life benefits they promise, they must be used as intended and function properly at all times. Should a wearable device ever fail, the device maker could be liable for bodily injury risk or damages from a resulting injury, illness, or even death of a user or patient. Wearable manufacturers should understand and mitigate the risk of a product liability claim.

Technology errors & omission risk – Despite a wearable device maker’s best efforts to manufacture and market a reliable product that people can use to enhance their quality of life, things can go very wrong. In addition to bodily injury, a company can be held liable for economic losses arising from the failure of a device to work as intended, due to an error; omission; or negligent act. Wearable device failures can impact business continuity, reputation, and other factors. Companies that understand the unique nature of this risk category can better protect themselves from liability claims.

Given the rapid pace of technological change, it is important to note that companies involved with wearable technology are unlikely to ever fully understand and eliminate their current or emerging exposures. However, safety features, data protection measures, effective contract risk management, and good design decisions can help companies significantly reduce their exposure to some of the major risks we see today.

TMD: Which types of coverage should companies consider in order to mitigate these risks?

PN: To effectively manage their exposures to these three main categories of risk, medical device makers should consider the following insurance options:

Information security coverage, which provides coverage for critical cyber risks. Coverage options vary, but most include network and information security liability, as well as communications and media liability. Companies can also opt for many first-party expense reimbursement coverages, including data restoration, business interruption, computer and funds transfer fraud, crisis management, and security.

Product liability coverage, which provides coverage for loss arising from bodily injury risk. Available options cover consumer fitness tracking devices, as well as doctor-prescribed medical wearables.

Errors & omissions (E&O) liability coverage, which protects against damages that a medical device manufacturer must pay because of economic loss resulting from its products or its work and caused by an error, omission, or negligent act.

TMD: Which steps should medical device manufacturers be taking to secure their wearable products from cyber threats?

PN: While the FDA is not aware of any patient injuries associated with cybersecurity incidents, nor is it aware of hackers purposely targeting any specific medical devices or systems in clinical use, that does not mean medical device manufacturers can ignore these risks.

The FDA has issued a series of guidance documents to assist medical device manufacturers in mitigating and managing cybersecurity threats which include:

Medical device manufacturers and healthcare facilities should take steps to ensure appropriate safeguards. Manufacturers are responsible for remaining vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity. They are responsible for putting appropriate mitigations in place to address patient safety risks and ensure proper device performance.

Hospitals and health care facilities should evaluate their network security and protect their hospital systems.

In addition, medical device manufacturers can protect themselves from potentially facing product liability and other claim types by designing simple, yet effect security features into their devices. This can include:

Bluetooth encryption. Bluetooth offers an encrypted Application Programming Interface (API) when exchanging data between a device and its target data store, but not all companies take advantage of this feature because it decreases battery life.

Encrypt critical data elements. The most critical pieces of data transferred between wearable devices and data stores are user IDs, passwords, and PIN numbers. Avoid transferring these data elements in plain text, which has no encryption measures at all.

Secure the cloud. Data is often transmitted from a wearable device to a smartphone and then to a cloud data store. Virtualized clouds can secure data with multiple diverse operating systems, each operating within a different security context. Banks often secure depositor payment details this way and wearables companies should consider similar functionality.


About the author: Elizabeth Engler Modic is the editor of Today’s Medical Developments. She can be reached at 216.393.0264 or emodic@gie.net.