Privacy and Regulatory Issues in Wearable Health Technology †

: This paper is based on a research literature review for identifying and evaluating the technical, ethical and regulatory challenges to adequately regulate the use of wearable health technology. The objective is to analyze how researchers address the use of smart wearables in healthcare under the scope of data privacy. The main challenges faced by states in regulating e-health wearables were identified, especially the different methods to ensure the privacy of personal health information (PHI) and the legal voids and complexities of regulating wearable health technology at both national and international levels. Finally, a few recommendations were made to more efficiently regulate wearable health technology at both national and international levels. AI could be used as a regulatory tool to monitor the use of e-wearables in healthcare. Also, European Union (EU) law—the upcoming EU Data Act and AI Act—can serve as models and guidance for the World Health Organization (WHO), which has a constitutional mandate to regulate the use of wearable health technology.


Introduction
Wearable [1] health technology is a global new trend that could disrupt healthcare by tracking health information in real time.However, real-time health monitoring systems such as e-wearables also raise ethical and regulatory challenges regarding health data privacy.E-wearables collect, process, store and share a considerable amount of data, including in the cloud from where third parties may be granted access to it [2].The biggest challenge is data privacy [3] as health data is sensitive and confidential by nature [4].It is important for all stakeholders-public and private actors-to find a consensus and an acceptable balance between regulation and innovation [5].Technical, ethical and regulatory challenges such as data collection [6], data quality, security [7], interoperability between different operating systems (OS), health equity and fairness [8] need to be addressed by states at both national and international levels.Concrete national and international regulations should be developed such as the implementation of quality standards, conditions to access health data, interoperability and representativity.Most importantly, compliance with key regulations such as the EU General Data Protection Regulation (GDPR) or the upcoming EU Data Act is a requirement.Self-regulation should also be encouraged as it will help to build public confidence in health wearable technology as important volumes of personal data are processed.Companies operating in this field are making efforts [9] and want to be seen as actors caring about personal health data and its processing, storing and sharing.Guidelines and voluntary codes of conduct developed by the private sector are concrete illustrations [10].Despite the existence of such challenges, health wearables are an opportunity to improve healthcare systems, as these devices could become a substantial addition to everyday healthcare practice [11].Indeed, health wearables could save lives as they act as computational systems allowing healthcare providers to adjust to patients' needs and situations; they can also be an important tool for people living in remote areas or far from hospitals or physicians.As observed, there is today a global adoption of health wearables such as smartwatches or fitness trackers; this trend demonstrates that individuals have already embraced health wearable technology which could help monitor people's health condition [12].A balance between the use of health wearable technology and data privacy is a necessity from a regulatory and ethical perspective [13], as several challenges need to be solved.Different measures can be adopted to ensure privacy and security of health data; AI can also be used as a regulatory tool for audits and inspections in wearable health technology.

Challenges Posed by Wearable Health Technology
There are several challenges posed by wearable health technology ranging from technical [14] issues such as the development of powerful batteries to ethical and regulatory gaps at both national and international levels.Data [15] accuracy is also a concern acknowledged by companies as physicians or lay people need precise data to be able to rely on it and monitor their health [16].Data security [17] and privacy [18] are other crucial challenges to be addressed.Improper device wearing [19] could be another obstacle to health monitoring.From a scientific perspective, the use of consumer wearables [20] in health research could be a limitation as data may not be accurate (see Table 1

below).
Table 1.Challenges posed by wearable health technology.

How Can We Ensure the Privacy and Security of Personal Health Data?
Different measures can be taken to ensure the privacy and security of personal health data [21].Companies and health professionals can help to secure patient privacy and data confidentiality (see Table 2

below).
Table 2. Measures to ensure privacy and security of personal health data.It has been demonstrated [22] that most data breaches are attributable to human errors.Adequate training and education should be provided by healthcare institutions to their personnel.Employees have to be well aware of all risks associated with personal health data and security issues.Risk assessments on a regular basis are a requirement [23] as they could help to identify intrinsic limitations-such as data security breaches-of any healthcare institution and help with their resolution.Health personal data can also be protected and secured with a virtual private network (VPN) [24].A VPN allows users to encrypt and mask their digital footprint.Healthcare institutions could protect themselves from data breaches and cyber attacks such as ransomware.Access to patients' health records has to be limited to certified personnel and restricted [25] for better data security and confidentiality.Healthcare institutions could implement improved authentication processes such as two-factor authentication.Based on the confidential and sensitive nature of health data, healthcare providers should implement role-based access control systems [26]; employees should only have access to a specific assigned system level.

Potential Measures and Safeguards for Effective Data Protection
In the US, the Health Insurance Portability and Accountability Act (HIPAA) 1996 [27] regulates health data and ensures its security and confidentiality.As such, when physicians assign health wearables to their patients, all data collected are considered protected health information (PHI).According to US federal regulations, all data collected, processed and shared must be protected and secured at all times [28].Companies commercializing health wearables should first consider data privacy and security issues to be reliable alternatives to healthcare providers.This could be achieved through the adoption of international standards for e-wearables in sport for instance [29].Health data privacy requires not only built-on security features, but also guarantees that the network is safe, as well as third-party applications available on the App Store or Google Store.Transparency is a key aspect of data privacy as users should know who can access their data, whether it is a third party or the healthcare provider itself.Here, some gaps exist in the US legal framework applicable to health data and its handling.Indeed, HIPAA only targets specifically health data and not all wearables such as smartwatches which also collect health data.However, US authorities could provide a regulatory answer if such companies start dealing with health data and promote their products as health devices.
EU law offers today detailed rules and guidelines relating to privacy and the handling of personal data.The GDPR [30] is indeed a key regulation and a law model that offers a comprehensive legal framework with stringent obligations and duties for service providers and manufacturers [31].Recently, the European Union Commission made a proposal [32] for an EU Data Act for adequate regulation of data specifically processed, stored or shared by electronic devices, including health wearables.In June 2023, the Council Presidency and the European Parliament came to a consensus and adopted the EU Data Act as a provisional agreement [33].The objective of the EU Data Act is to harmonize rules relating to fair access to data and its use by public and private actors.As its predecessor the GDPR, the EU Data Act will help wearable users to keep control over their health data more efficiently.It could also serve as a guideline or law model for the rest of the world and enshrine key international standards relating to health data privacy and security.

The Complexity to Regulate Wearable Health Technology at Both National and International Levels
The regulation [34] of wearable health technology at both national and international levels is a complex issue but potential solutions exist (see Table 3

below).
As stated, ethical and regulatory challenges need to be addressed by both states and international organizations such as the World Health Organization (WHO).There is a need for clear guidelines and standards [35] and how wearable health technology can help to promote healthcare systems worldwide.International guidelines and recommendations should be detailed as much as possible considering especially some important challenges such as accuracy, security, data privacy as well as ethics in the use of health wearables and data collected [36].Ethical issues [37] with health wearable technology include users' data privacy, transparency and the necessity to ensure that users have given informed consent to the processing of their personal data.Indeed, health wearables are small computers able to collect, process and store a considerable volume of personal data.Unauthorized access by third parties is an ethical issue and a violation of data privacy and informed consent [38].Potential threats such as cybersecurity need to be tackled as well.Wearable health technology will play an important role in the near future as it facilitates health monitoring and can save lives.However, public authorities will need to create new regulatory bodies or give new powers and attribution to existing watchdogs [39].Throughout audits and inspections, regulatory bodies such as the FDA in the US and the Medicines and Healthcare products Regulatory Agency (MHRA) in the UK play a crucial role by monitoring all stakeholders and ensuring that they comply with their obligations in terms of privacy, efficiency, safety and quality.The promotion of transparency and accountability [40] is fundamental as companies know that they might face severe consequences such as financial sanctions, especially regarding their sharing practices.They should also be held accountable for any breaches of data privacy or security.Self-regulation should be encouraged as codes of conduct can help to promote international standards such as data protection [41].As mentioned, states and international organizations need to cooperate, harmonize their national regulations and promote the safe and ethical use of wearable health technology [42].

AI as a Regulatory Tool
Artificial Intelligence (AI) can play a key role in the regulation of wearable health technology [43].AI tools already exist for fast and reliable analysis of data [44] generated by wearables.AI can also identify deviations or anomalies in health measurements.This can help healthcare providers save lives but also allow them to make more accurate diagnoses or provide better treatment.Regulatory authorities such as the FDA in the US and the MHRA in the UK can use AI to conduct regular inspections and audits to ensure compliance with established standards and regulations.At the international level, key players such as the European Union [45], the United Nations [46] (UN) and the WHO have also published proposals and guidance [47] on the ethical use of AI in healthcare.The objective of these regulations is to tackle the risks associated with the use of AI in healthcare.AI tools can help implement and regulate wearable health technology through data analysis, and facilitate compliance with established standards and regulations.

Conclusions
Wearable health technology can help build better healthcare systems.However, the novelty of this technology is the source of ethical and regulatory challenges, especially the necessity to comply with the right to privacy by protecting personal health data.Existing regulations such as the GDPR or upcoming ones such as the EU Data Act can provide reliable legal frameworks and established standards to be implemented by healthcare providers.States and international organizations such as the WHO need to cooperate and elaborate new guidelines and legally binding rules in this field.Also, AI promises to be a powerful tool with its ability to conduct automated audits and investigations.

4 . 7 .
Interoperability between different OS (Apple, Android, etc.) Access to technology in developing countries 8. Lack of regulations at both national and international level 9. Ability to control third-party access to personal health data 10.Security

1 .
Educate healthcare personnel 2. Conduct routine risk assessment 3. Secure data with a VPN 4. Restrict access to data 5. Implement role-based access 6. Two-factor authentication 7. Encryption 8. Security awareness training 9. AI to conduct regular inspections and audits to ensure compliance with regulations

2. Strengthening regulatory oversight 3 .
Promoting transparency and accountability 4. Encouraging industry self-regulation 5. Fostering international cooperation 6. Ethics in using personal health data

Table 3 .
Solutions to adequately regulate wearable health technology at both national and international levels.

Solutions to Adequately Regulate Wearable Health Technology 1
. Establishing clear guidelines and standards under WHO