This article has been written by Shubhangi Khandelwal, from KES Shri Jayantilal H Patel Law College, Mumbai.
In the era of digitalization, where technological advancements are sky-rocketing, technology has become an essential tool in our daily lives. One cannot imagine a life with technology, it is indispensable and irreplaceable. Fancy gadgets and latest, up to date devices have become a status of life, which helps us but also makes us lazy. One of the several technology developments that have been launched by tech companies such as Apple, Samsung, Xiaomi and more recently, Google, is the attractive feature of smartphones or smartwatches measuring the number of steps we take in a day, our heart rate, respiration rate, all the things related to health.
Most people consider this a helpful way to monitor their health, without considering the ill-effects and legal implications of the same. In order to understand the true value of an essential item, one must form a balanced opinion. The advantages and disadvantages of the applications are widely known, it is also integral to explore the legal aspects of the same.
Types of health applications
There are 3 main categories of health applications, which are as follows:
- General Health Apps– These apps track nutrition, calorie intake, sleeping patterns, etc.
- Health Management Apps– These apps help people in keeping a track of their health conditions, share the report of the health conditions and monitor the medications.
- Telemedicine Apps– These apps allow licensed doctors to give virtual patient care.
Insight into how the health vitals are measured
Health tracking/fitness applications measure the key vitals using a variety of sensors and API (Application Programming Interface). API is the acronym for Application Programming Interface, which is a software intermediary that allows two applications to talk to each other. Some of the sensors used in health apps are:
- Accelerometer– This sensor captures motion while performing the exercise of walking, cycling or running. Speed, calories burnt, distance, location and time taken is the data that is recorded.
- Bio impedance– This sensor uses body tissues to detect electric current, which records vitals such as respiration, heart rate and skin response.
- Barometric Altimeter– This sensor is used along with GPS to measure altitude and atmospheric pressure, which records the activity of climbing stairs, mountain climbing, etc.
- Ambient light- This sensor measures the amount of light in the environment of the phone user. These sensors are used to automatically adjust the brightness of smartphone displays.
Advantages of fitness applications
The pros of these apps can be made evident from the spurt in consumer usage. According to statistics from the World Economic Forum (see here), India witnessed the highest increase in the download of fitness applications, approximately 156%, which is 58 million users. The main reason for this tremendous rise is the fact that India had the biggest lockdown in the world, wherein 1.3 billion people were made to stay indoors. The COVID-19 pandemic made people focus on mental & physical health, thus becoming a trigger for the exponential growth in the use of health & fitness apps.
The advantages of such apps are as follows:
- Fitness applications go a long way to motivate users to have healthy habits, such as exercising, dieting, proper sleeping patterns and achieving health goals.
- It makes people physically active, while keeping them conscious about their health.
- It provides users with control over their health habits, and educates them about the human body, medical terms and any important information that will be useful.
- In addition to the above, health apps allow for storage of vital health information, which is helpful for healthcare providers and for keeping track of progress overtime.
- Generally, fitness apps are free of cost, easily available for download, with attractive user interfaces, which makes it alluring.
Downfalls of fitness applications
The innovation and the idea behind health tracking apps is path-breaking, these applications are indeed convenient & beneficial, yet there are issues that need to be pondered upon. One of the biggest issues is accuracy. The reliability of these apps is unverified and untested.
Some of the tech apps include a warning that their application should be used for recreational purposes only. There are studies which show that the devices comprising these apps, tend to lose their accuracy with the increase in the intensity of the exercise.
Tests performed by Aberystwyth University for BBC X-ray Programme (see here), lead to a discovery that some of the popular brands of fitness trackers have the tendency to overestimate the calories burnt during walking by 50% and more. These studies and tests signal us to use health tracking applications with caution, and preferably expert advice.
Furthermore, such apps could lack analytical interpretations which are dependent from case to case, as human tendencies & behaviors, body attributes can be unique. Every type of workout or diet cannot be widely applicable to everyone, allergies, food digestive patterns, body adaptability and many other factors need to be taken into consideration.
Moreover, data security & privacy is a major concern with these apps. GPS is used to track the location along with the barometric sensor along with connection to the internet. A hack into the app could leak the whereabouts of users, along with important health vitals which could be used against them in crimes. Imagine if someone gained access to your sleeping patterns, obtained knowledge as to when you are in your deepest sleep and robbed you during that period.
In 2018, Strava, a San-Francisco based fitness tracking company, released sensitive information about the location of military bases and soldiers which posed a big threat to the military, the soldiers and the missions carried on. The incident led the US Army to reexamine their security policies.
Along with inaccuracy and data privacy, another issue which arises is the lack of regulation. In the USA, a glance at statistics will reveal that approximately 160 out of 150,000 applications have received FDA approval. Surprisingly, the lack of FDA approval cannot be directly attributable to doubt of their accuracy or reliability, the FDA aims to maintain a balance as to allow for development and growth in this sector. The FDA considers health applications as “low-risk”, therefore they do not find the need to impose regulatory controls for the same.
Legal insight of health apps in India
On 14th May, 2020, with the powers as conferred under Section 33 of the Indian Medical Council Act 1965, the Board of Governors published a set of regulations in the Official Gazette (see here) in partnership with Niti Aayog, for the amendment of Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002 to include consultation through Tele-medicine and the guidelines required to conduct such consultations effectively.
However, the CDSCO (Central Drugs Standard Control Organisation), the Indian Medical Council and all the included authorities under the Medical & Regulatory provisions have maintained silence over the use of health applications & fitness trackers. The only medical devices which are included under the definition of “drugs” as mentioned in the Drugs and Cosmetics Act of 1940 are:
(b) “drug” includes—
[(i) all medicines for internal or external use of human beings or animals and all substances intended to be used for or in the diagnosis, treatment, mitigation or prevention of any disease or disorder in human beings or animals, including preparations applied on human body for the purpose of repelling insects like mosquitoes;]
(iv) such devices intended for internal or external use in the diagnosis, treatment, mitigation or prevention of disease or disorder in human beings or animals, as may be specified from time to time by the Central Government by notification in the Official Gazette, after consultation with the Board. The present medical statutes bear no mention of fitness apps, or any guidelines for the usage or regulation of the same.
A perusal of the Information Technology (IT) Act, 2000 and the Information Technology (Reasonable Security Practices & Procedures and Sensitive Personal Data or Information) Rules will show that the regulations do not satisfactorily cover the sensitive issue of Data Privacy when it comes to collection of personal data.
Section 43A of the IT Act requires body corporates to ensure security measures to safeguard data, and in circumstances where failure occurs in protection of data, the aggrieved consumer will be compensated. Looking at the heavy influx of data from the health apps, such a law is not enough, measures need to be stringent and protective of consumers’ data.
The Government in 2018 proposed the installation of “DISHA” – Digital Information Security in Healthcare Act with the intention to obtain and store Electronic Health Records while maintaining data privacy, confidentiality and security. The Act mentions under Section 28, that the owner of his/her data shall have right to privacy, security and confidentiality over the health data that is collected and stored, as per the Act. The Act has many more provisions for data transmission, storage, security and protection, but it is mainly limited to “Clinical Establishments” as defined under Section 3, sub-section (i).
The landmark judgement of the Aadhar case, Justice Puttaswamy (Retd.) & Anr v/s Union of India (see here), the Honorable Supreme Court held that the right of privacy will be included as a fundamental right under Article 21- Right to life, Part-III of the Indian Constitution. In light of such a landmark judgement and in the urgent need of data protection laws, the government proposed the Personal Data Protection (PDP) Bill, drafted by the BN Srikrishna Committee.
After many sittings and deliberations, the bill was presented again in the Parliament with 89 amendments and inclusion of annexures. Ensuing the major changes that took place in the tech industry due to the Coronavirus pandemic, it is reported that the revised PDP bill will go beyond the scope of personal data protection to include overall data protection.
The bill mentions “Purpose Limitation”- which essentially means that data will be collected only for the purpose for which it is necessary. Additionally, the bill aims to cover important aspects in the technology sector such as Fintech, Health data, e-commerce and data obtained by motor vehicle aggregators.
Nevertheless, reports state that the current revised draft bill will not be passed in the Parliament as the members of the Joint Parliament Committee have disagreements regarding key issues.
It signifies that a comprehensive legislation on data protection will be further delayed. Under such circumstances, consumers should be alert while sharing their personal data, keep a check where their data is shared, and keep knowledge of how their data is being used.
Analysis & conclusion
The powerful wave of technology is undeniable and irresistible. With the emergence of new technologies on a daily or monthly basis, humans have the tendency to attain it and use it. Weighing the pros and cons of fitness applications will give users key information and allow them to make informed choices about the manner in which they give data and how it will be used. Health applications are the next big thing, it is bringing about massive changes in the medical industry, and in the patient healthcare system.
The scope of innovation and inventions cannot be limited, the only solution is for the authorities to keep themselves abreast with the developments, and ensure a framework/ policy/ guideline or regulation to safeguard consumers from misbehavior, misuse and harm.
The time has come for the Indian Government to step up and protect the rights of consumers, secure their data and provide regulatory policies for these applications. The escalation in the use of fitness applications is a key indication that legislation is essential to prevent data breaches and violation of privacy, especially when the right to privacy has come within the ambit of fundamental rights in the Constitution of India. The current legislation is not sufficient, it hardly outlines the required regulations for safe use of health apps.
Under such circumstances, consumers are left in the hands of the private companies who make the apps, as their company policies are beyond the understanding of the general public but the users have to accept the policy before using the application.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: