As the weather gets warm and people start working on their summer “bods,” fitness trackers and other wearable devices are being spotted on nearly everyone’s wrist. These devices, many of which record and assess users’ personal health information in an effort to improve users’ health, present unique legal questions because they implicate a variety of regulations governing their use, marketing, and sale. For those of you who have a client who sells or plans to sell one of these products, this article outlines some key considerations that you and your client should discuss.
Medical Devices Regulated by the FDA
The U.S. Food and Drug Administration (FDA), in coordination with the Center for Devices and Radiological Health (CDRH), issued guidance in 2016 regarding general wellness devices, i.e., fitness trackers. This guidance was meant “to provide clarity to industry and FDA staff on the Center for Devices and Radiological Health’s . . . compliance policy for low risk products that promote a healthy lifestyle (general wellness products).” This guidance was aimed at helping companies evaluate compliance with the premarket review and postmarket regulatory requirements for devices under the Federal Food, Drug, and Cosmetic Act, including labeling, good manufacturing practice, and medical device reporting requirements.
The 2016 guidance was helpful in confirming that the FDA does not intend to actively regulate low-risk technologies—“general wellness products”—that are intended for general wellness use only. To be considered a general wellness product, the product must be “low risk,” meaning that it is not invasive or implanted and does not involve a risk of safety to users or others. Additionally, the intended use of the product must be to maintain or encourage a general state of health or a healthy activity, or to promote a healthy lifestyle by helping reduce the risk or impact of certain chronic diseases or conditions.
This definition, while helpful generally, is only the first step in addressing the regulatory scheme with respect to these products. The problem is that the functionality of wearable devices continues to expand, and these products often do not fit squarely into categories set forth in this guidance. Indeed, many wearable devices include features that extend beyond addressing “general wellness.” These features have been embraced by the medical community, as evidenced by the increase in physicians’ interest in using these devices to track patients and their progress. The medical community’s increased interest and attention emphasizes the importance of considering the regulatory requirements of these devices. Because the features of wearable devices continue to expand beyond general wellness, if you represent a manufacturer or seller of a wearable device, it is worth considering whether the device or its related applications straddle the line between promoting general wellness and treating a disease or condition. If the device falls closer to treating a disease or condition, medical device considerations come into play. It is therefore important to carefully review the FDA’s guidance with this in mind because clients may be required to comply with the regulations governing medical devices.
Counsel should also continue to monitor changes in the FDA’s position with respect to wearable devices. Recently, for example, industry giants like Johnson and Johnson, Apple, and Fitbit, as well as several other companies, teamed up with the FDA in a digital health software precertification pilot program. This is a development program that was cocreated by the FDA, experts in digital health, and other stakeholders. The CDRH plans to expand the digital health precertification program by the end of 2018. Between now and year’s end, testing of the first version will continue with more participants.
Privacy Implications Associated with the Device
As fitness trackers become more and more sophisticated and able to store and share data, privacy concerns move to the forefront. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) prohibits the use and disclosure of protected health information—individually identifiable health information—created or received by health plans, health-care clearinghouses, and health-care providers, collectively known as covered entities. Individually identifiable health information includes, among other things, information that is related to an individual’s past, present, or future physical or mental health and that identifies the individual (or for which there is a reasonable basis to believe that it can be used to identify the individual). Additionally, individually identifiable health information includes many common identifiers, such as a person’s name, address, birth date, and Social Security number.
At the present, HIPAA is not understood to apply to manufacturers of fitness trackers that interface directly with consumers. However, it would not be unusual for the government to revisit its interpretation of HIPAA or seek to broaden the statute’s reach. For these reasons, it is important to be mindful of the changing landscape of privacy law.
Notably, HIPAA has been deemed to apply to device manufacturers / application developers that interact with covered entities. Therefore, should manufacturers or developers of these types of products seek to write an application for covered entities, they will need to conduct a thorough evaluation of how protected health information is handled to ensure compliance with HIPAA and related privacy regulations. For example, manufacturers should be careful to remove identifying data from protected health information gathered by their devices or mobile applications before using or disseminating that information.
Marketing and Consumer Fraud Claims
In recent years, wearable device manufacturers have been the target of consumer fraud lawsuits. One common claim is an allegation that a manufacturer or seller has misrepresented a feature of a product. Another common claim is that the “science” or “substantiation” behind a product’s promised benefit is faulty or fraudulent.
Oftentimes, those lawsuits are brought as class actions, exponentially increasing the potential financial impact. While the breadth of consumer protection statutes varies from state to state, many of the statutes create a private right of action, allowing citizens to file suit against manufacturers/suppliers of goods and services such as wearable devices. Significantly, many consumer protection statutes permit the recovery of treble damages and attorney fees. Others include automatic statutory penalties for each violation. The breadth of available damages, coupled with the use of the class action vehicle, makes consumer protection claims potentially very dangerous for sellers.
In a case currently pending in California, the plaintiffs allege that Fitbit misled consumers about the utility and efficacy of the sleep-tracking feature on its wearable device, the Fitbit Flex. In a ruling denying a motion to dismiss filed by Fitbit, the court concluded that the plaintiffs’ claim was sufficiently plausible to proceed. The court reasoned that the statements made by Fitbit—such as that the Fitbit would “TRACK YOUR NIGHT”—are the type of “particularized statements” (as opposed to “mere puffery” or hyperbole) that are actionable under California’s consumer protection law. Brickman v. Fitbit, Inc., No. 15-cv-2077, 2016 WL 3844327, at *3 (N.D. Cal., July 15, 2016). The court granted certification of the proposed class of California consumers. On December 8, 2017, the court denied Fitbit’s motion for summary judgment and set a trial date. The case is currently proceeding toward trial.
In a similar consumer fraud class action against Fitbit, also venued in California, a class of consumers alleged that Fitbit’s PurePulse heart rate tracking devices, which are featured in two of the company’s fitness watches, “consistently mis-record heart rates by a very significant margin,” especially during exercise. The court recently denied the majority of Fitbit’s motion to dismiss—except as it related to the plaintiffs’ unjust enrichment claim—allowing the proposed class action to proceed. The plaintiffs will amend their complaint to include allegations that there were misleading statements on the packaging and that the plaintiffs read the box and relied on such statements when buying the product. McLellan et al v. Fitbit, Inc., No. 3:16-cv-00036 (N.D. Cal., June 5, 2018).
With the rise in consumer protection lawsuits like those faced by Fitbit, see also Landers v. Fitbit, Inc., No. 16-cv-00777 (N.D. Cal. Feb. 16, 2016), manufacturers of wearable devices would be wise to review their marketing to confirm that the substantiation for their products’ claimed benefits can withstand scrutiny in the face of this type of lawsuit.
There is no one-size-fits-all approach when it comes to advising a wearable device manufacturer. As such devices become more sophisticated with a greater capacity to store private information and interface with medical professionals, the applicable regulatory framework similarly increases in complexity. Counsel should monitor the evolving law governing such devices and work with clients to minimize the risks associated with noncompliance.
Copyright © 2018, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Section of Litigation, this committee, or the employer(s) of the author(s).