Can technology improve our health and transform healthcare? A whole panoply of tech companies are working on a range of products and services which aim to answer these questions in the affirmative. The burgeoning industry which has been dubbed “medtech” has already led to some fascinating (and controversial) partnerships, perhaps most notably involving Google Deepmind being granted access to NHS patient data. It has been estimated that the medical device and technology sector could be worth around $500 billion to the global economy by 2021. But despite the potential for healthy growth, there are also many concerns associated with medtech, not least in terms of data protection. These are discussed below, including a section on how health data is being used in the fight against coronavirus.

What is medtech?

Health technology is defined by the World Health Organization (WHO) as “the application of organized knowledge and skills in the form of devices, medicines, vaccines, procedures and systems developed to solve a health problem and improve quality of lives.” Medtech can encompass this very broad definition but it normally refers to the more cutting edge end of the spectrum, specifically medical devices, the application of AI to large sets of health data, online health resources and DIY biohacking. We explore some of these below.

Medical devices

Medical devices range from the widely used fitness and sleep trackers, which often just rely on accelerometers to calculate movement, all the way through to important medical gadgets such as continuous glucose monitors (CGM) used to measure the blood sugar level of diabetics (usually linked to a smartphone app which displays readings in real time) and even complex life-saving implants such as the subcutaneous implantable cardioverter defibrillators (S‑ICD) which continuously monitor the heart rate of people who are susceptible to dangerous heart arrhythmia and deliver an electric shock if required. Medical devices are often internet-connected and therefore fall under the umbrella of Internet of Things (IoT).

AI analytics

The ability of analytics software to quickly process large amounts of health data and spot patterns or trends (often using an element of artificial intelligence) can help doctors diagnose patients early, often resulting in more successful treatment. Back in 2016 Google’s Deepmind teamed up with the Royal Free NHS Foundation Trust to analyse the data of 1.6 million patients. Deepmind developed an alert app to enhance the efficiency of diagnosing and detecting patients who were at risk of developing acute kidney injury (AKI).

The ability to analyse vast amounts of health data has also been touted as a boon to personalised medicine, which promises to move away from a blanket method of health provision to more effective tailored treatments. Furthermore, it can help in the fight against pandemics.

Online health

Although the proverbial “Doctor Google” is often blamed for hypochondria, the fact is that the first port of call for most people seeking health information is the internet. Google is fully aware of the scale of the health market and, not only does it make a pretty penny from advertising health products, its parent company Alphabet has its own dedicated healthcare projects such as Verily and Calico.

Babylon Health has been lauded as one of the world’s first regulated virtual health primary care providers, with its GP at Hand service serving over 75,000 patients. It heavily relies on chatbots and AI to diagnose medical conditions, although it also employs doctors who can talk to patients via the app or even make face to face appointments. It is regulated by the Care Quality Commission (CQC).


The move towards technological methods of healthcare and the availability of technical information online has led some individuals to attempt to hack their own health, eg by customising their own medical devices. This is often a reaction to the slow-moving healthcare regulatory system, but some individuals (known as grinders or transhumanists) go further in an effort to extend their lives.

Legal concerns

The two primary regulatory issues surrounding medtech are patient safety and data protection.

Patient safety

Snake oil salesmen gained prominence in the American frontier, and there are fears that quackery is now promoting technology as a cure-all in the new Wild West of the internet. Even if we set aside the plague of online adverts and spam emails which promise a whole array of health miracles with sometimes deadly side effects from dubious sources, the regulated medtech sector is also constantly facing allegations that technological products and services are putting the health of patients at risk.

BBC’s Newsnight of 25 Feb 2020 interviewed Dr David Watkins, a consultant oncologist at The Royal Marsden Hospital, who expressed concerns over the effectiveness of Babylon Health’s AI-based triage chatbot. Although their chatbot services are registered with the Medicines and Healthcare products Regulatory Agency (MHRA) and CE marked as Class I medical devices, Dr Watkins has described this as “meaningless” in terms of providing any reassurance for patients.

Data protection

Under both the GDPR and DPA 2018, health data is categorised as “special data“ which essentially means that it is subject to tighter protections as opposed to more general forms of personal data. In theory, this makes it more difficult for medtech companies to justify getting access to patient data, although the previously-mentioned deal between Deepmind and the NHS initially went under the radar without public consultation. (The hospital trust involved was later censured by the ICO for not doing enough to protect patient privacy.) In practice, many health tracking apps are gaining vast troves of personal data and potentially monetising much of this highly sensitive information by sharing it with third parties such as Facebook.

But the dilemma with data protection in the realm of healthcare is that the effectiveness of analysing health data is generally enhanced by bringing other forms of personal data into the mix. For example, having access to an individual’s food shopping habits, their visits to the gym and expenditure in pubs will be able to provide a better narrative and put their overall health into context. However, merging consumer data with more sensitive data is exactly what regulators worry about in terms of protecting the public. Finding the right balance may be one of the big challenges for Silicon Valley if it intends to successfully move into the realm of health.


The Coronavirus (or Covid-19) has created one of the biggest international healthcare challenges in over a century. Effective data gathering and analysis is one of the most important tools which can be used to tackle the spread of the virus, and also to understand how it works. The WHO has repeatedly emphasised the significance of mass testing of the global population to try and stymie the pandemic, and the UK government has recently announced the purchase of millions of home testing kits which can detect if someone has Covid-19 antibodies and is therefore at less risk of catching it again or spreading the virus to others.

Many countries are making available data to the public which shows the Coronavirus hotspots, where clusters of cases have been detected. South Korea, hailed as one of the countries which has been most effective in slowing the spread of the virus, has even disseminated information about the movements of individuals who have been tested positive for Covid-19. In normal times, this type of intrusive surveillance, let alone making such personal data publically available, would be seen as a huge overreach of the state and a blatant data protection breach. But desperate times call for desperate measures, and it seems that more authoritarian regimes where citizens are generally more compliant with government decrees are faring better in dealing with the pandemic. If tracking the movement of the general population via their mobile phones is effective in stopping the spread, then concerns about data protection may have to take a temporary back seat.

Tracking of citizens aside, there are many other ways in which data can be used to better deal with the situation. The Oxford Covid-19 Government Response Tracker counts data from countries around the world, in an effort to “systematically record government responses worldwide and aggregate the scores into a common ‘Stringency Index’” which is designed to “help researchers, policymakers and citizens understand whether increasingly strict measures affect the rate of infection, and identify what causes governments to implement stricter or less strict measures.” Meanwhile, epidemiologists and data scientists are using machine learning to analyse big data sets, in order to predict the spread of the virus and inform public health policy decision making. Google, which previously ran a Google Flu Trends prediction service, has now teamed up with Carnegie Mellon University researchers who are aiming to forecast the spread of coronavirus infections.

The coronavirus crisis is demonstrating the true value of personal health data in terms of public health. It is also raising some very interesting questions around the limits of data protection and achieving the correct balance between the right to privacy and public safety.

Further reading

MHRA: Medical devices: the regulations and how we enforce them

FT: Can we ever trust Google with our health data? (paywalled)

BMC: Applying infectious disease forecasting to public health

Alex Heshmaty is a legal copywriter and journalist with a particular interest in legal technology. He runs Legal Words, a copywriting agency in Bristol. Email LinkedIn alexheshmaty.

Image: public domain from Pikrepo.

The post How healthy is your data? appeared first on Internet Newsletter for Lawyers.