Digital Health & Telemedicine

HIT Consultant: Risky Business of Health Trackers - What Digital Health Leaders Need to Know

This article was originally published in March 2023 on HIT Consultant.

Gone are the days when healthcare information was only available to us at the doctor’s office or through the office’s online portals, and that’s in part due to the rapidly growing popularity of wearable technology devices. It’s estimated that 1 in 5 adults in the U.S. use a fitness or health tracker to monitor things such as heart rate, blood pressure, sleep cycle, and stress. But this information is being used beyond just monitoring specific conditions. Take me, for example; I personally use my wearable tech to track my glucose levels throughout the day. I’m not diabetic, but I do find this information useful when looking at how to modify my diet throughout the day to minimize the impact of glucose spikes.

For someone monitoring a health condition, such as diabetes or high blood pressure, these technologies offer additional peace of mind. Prediabetes, for instance, is plaguing the United States and affecting at least 33% of U.S. adults. Having early insight into abnormal blood sugar activity or body functioning can help individuals prevent health conditions from worsening. We continue to see news about young athletes experiencing complications from undiagnosed conditions and students generally facing increased anxiety due to the stresses of life. The ability to monitor heart rate and blood oxygen levels enables users to identify changes and abnormalities in their vitals, which can serve as an early warning of possible panic attacks or can help determine when a visit to the doctor is needed. 

This shift towards digitally-enabled care has driven consumers to become more engaged in their day-to-day health and has provided better access to care services and leading physicians, regardless of factors that have historically hindered care access, like geographical location or lacking availability and overstretched resources. With the rise in digital health services, we have a wide variety of data at the tip of our fingers – accessible from nearly anywhere on a smartphone or computer. While the benefits of this digital health revolution are undeniable, there are associated risks with tracking health data that digital health companies need to understand to protect themselves. That being said, there is no one-size fits all solution. Every company has unique challenges, concerns, and vulnerabilities and therefore requires a tailored approach to risk management. 

The Evolution of Digital Health-Tracking

Health tracking devices and their capabilities have significantly evolved since the original pedometers and heart monitor straps came to market. Today, health-tracking wearables span a wide range of applications and have become less niche and more commonly adopted. There’s a high demand for health and fitness monitoring devices, and the original models have been replaced by smart devices such as rings, watches, clothing, belts, shoes, and smart sensing technologies that have the capability of tracking blood oxygen saturation and notifying if irregular heart rhythms are detected; some are even capable of taking an ECG reading directly from your wrist and tracking ovulation cycles through temperature sensing. As the population ages globally, monitoring various chronic and acute diseases has become increasingly important, and the medical industry is changing rapidly in order to meet today’s point-of-care (POC) and real-time monitoring needs. 

Outside of the advantages of managing and understanding your own body better, these capabilities come with concerns and challenges regarding access and security of personal health data, as well as prescribing practices. Although users of wearable tech are able to be better in tune with their current health state, the validity of the data analysis and recommendations paired with individual readings are dependent on the digital health companies and healthcare professionals that are evaluating and providing these recommendations. Improper recommendations or guidance can lead to new risks of bodily harm or negligence to the user. 

Risks Associated with Wearables 

Companies need to understand the risks at hand. Data collected by fitness applications are not protected under the law like health information is, making it critical for users to fully understand how best to set up social and location settings, as well as login credentials. Cyber security risks are reportedly on the rise, with an uptick in data breach lawsuits, which are becoming increasingly more common within the healthcare space. The latest data security incident report showed increased duplicative lawsuits, often resulting in steep defense and settlement costs. If a company is dispensing medical advice, providing guidance or therapy, or prescribing or selling products, there are additional risks spanning from medical malpractice to bodily injury claims associated with these services that are often overlooked. 

Despite acknowledging cyber and regulatory concerns as the top risks, a survey of 300 digital health and wellness industry leaders indicated that 76% of those surveyed didn’t have a single insurance policy tailored to the risks they face, despite 99% of surveyors reporting plans to expand and 72% noting growth in demand. Insurance brokerages are able to assist in addressing risk management by gaining an understanding of a company’s inner workings in order to identify how best to protect them. When selecting a partner, it’s important to choose a company that specializes in these specific areas of risk to evaluate best how these risks can be transferred or mitigated. 

Understanding Exposures and Mitigating Risk 

Users of wearable technology rely on doctors and healthcare experts to provide recommendations. Similarly, digital health companies tracking this information and providing these recommendations rely on insurance experts to provide guidance when it comes to identifying and appropriately managing risks. Company leaders must fully understand vulnerabilities and exposures and how best to address them while protecting balance sheets. Cyber liability, errors and omissions, and medical malpractice liability are key exposures. When it comes to cyber insurance, most companies are often grossly underinsured. In my experience, it’s also common for companies to request the wrong information, especially in regard to complex issues such as limit adequacy (i.e., how much insurance is enough?). 

You can’t properly evaluate your own risk by comparing your risk program to others, so taking a benchmarking or comparative approach versus a ground-up analysis of risk often produces suboptimal results. It can be dangerous to rely too much on comparisons, preventing companies from having a holistic view of their individual needs. Just as consumers receive tailored recommendations for how many steps they should take in a day or how much water or calories they should be consuming before they end their day, insurance companies need a customized risk management checklist of sorts unique to their own needs, challenges, and future goals. Focusing internally on a ground-up analysis enables the focus to solely analyze your own risk assessment, avoiding the adoption of unnecessary solutions or lacking areas of coverage. 

Third-party contracts are critical for companies and can help protect balance sheets by working with an experienced team and providing the necessary data to inform proper decision-making. Reviewing contracts can be a difficult task for companies to outsource. Not all attorneys are specialized in insurance, and when it comes to insurance, it’s important to receive the appropriate recommendations for proper protection. Insurance brokerage experts can, in that instance, step in to provide thorough contract reviews focused on their insurance obligations. With the varying level of risk management needs vs. available solutions, partnering with a risk management expert can offer valuable insights and the knowledge necessary to identify solutions best suited to address specific needs.

Why Do Businesses Need a Customized Approach? 

There isn’t a solution that will adequately cover every business, which is why a customized approach is best. Every company is unique in its own individual needs, so it’s important to partner with a risk analyst who is hyper-focused on your specific areas of need. Within risk management, there are specialized teams equipped with actionable advice within their niche area of expertise. For digital health companies, selecting a partner with a dedicated Digital Health/Telemedicine Practice team would be an optimal fit to ensure their approach to risk management covers their vulnerabilities. 

In the instance of digital health and telemedicine companies, a successful partnership should demonstrate the ability to navigate complex organizational structures – often including professional corporations (PCs), physician owner(s), management services organizations (MSOs), and more operating in various states. Managed Care Errors & Omissions (E&O), coverage provided in the event of allegations of negligence in the administration of managed care contacts, is a prime example of insurance often overlooked since policies cover the services provided by MSOs to the PCs, and if exposure doesn’t fall under traditional Managed Care E&O, then a Miscellaneous Errors & Omissions Policy may need to be obtained. 

Helping clients navigate various state requirements is another factor supporting customization when it comes to risk management solutions. For instance, Pennsylvania has active Patient Compensation Funds (PCF) that include MCARE, a special state fund, which is an additional required filing. Kansas is another state with stringent requirements. Navigating varying regulations and license requirements is critical, and as companies grow rapidly, executives may be unaware that they’re not compliant with regulations. Having regular communication with an insurance broker can help avoid any missteps or growing pains relating to compliance. An experienced insurance broker can also assist with services such as claims advocacy, risk control, and quarterly or semi-annual stewardship reviews, which can inform necessary steps to avoid new exposures. 

Managing Risk in a Consumer-Centric Model 

Health technologies and wearables will continue to push the boundaries on what they can track and how they can improve day-to-day health habits and well-being, and the companies that are best protected have invested in solutions specifically designed to address these challenging areas. While health tracking and digital health companies continue to work to help users navigate data, provide services and products, and offer insights on how to improve, what to change, by how much, and by which methods, so too must the risk analyst ensure precautions and solutions are properly in place. As digital health tools and wearable health technology continues to evolve, risks associated with privacy, cyber security, bodily injury, regulations, and technology will continue to be top of mind. Looking to experts who can not only help assess and analyze current risks but also future risks that could be on the horizon will become the standard for meeting modern-day risk management needs. 

Cristina Varner
The Author
Cristina Varner

National Life Science & Healthcare Practice Leader

Cristina Varner is the Life Science Practice Leader, leading a team of experienced account management professionals that service approximately 300 life science accounts. With 20+ years in the risk management field, Cristina is one of the industry’s foremost experts in complex Product Liability exposures and Clinical Trials insurance all over the world. She is the founder of the Life Science Practice at both her former employer and Newfront, deploying her vast experience with life science companies from start-up to grown up.

Connect with Cristina on LinkedIn
The information provided here is of a general nature only and is not intended to provide advice. For more detail about how this information may be treated, see our General Terms of Use.