Earlier this month, Apple, in collaboration with Stanford University, released the Apple Heart Study. Fully funded by Apple, the eight-month study compiled data from over 400,000 participants (or Apple Watch users) including at least 20,000 individuals 65 and older. The researchers found that nearly 2,000 of those participants received irregular heartbeat notifications from their watches. Follow-up examinations, with a subset of those patients and employing more standard medical technology, showed that patients were actually experiencing atrial fibrillation in only 84% of the situations that led to notifications.

For daily updates, subscribe to our newsletter by clicking here.

Apple’s efforts to enter the health field are indicative of a greater trend to use Internet of Things (IoT) devices in the service of medicine: the medical device Internet of Things (mdIoT). This emerging area of technological tools spans the gamut of medical devices from professional and hospital-grade to recreational. The types of things included in mdIoT encompass smartphone apps, stand-alone devices, and smartphone add-ons.

Apple Watch. Photo: Shutterstock

The evolution of the mdIoT field is an outgrowth of a lifehacking ethos that seeks to catalog, track and journal as many aspects of one’s personal life as possible. Over the past couple of years, continually advancing technology has allowed for the expansion of this niche lifestyle into the general culture by way of hip technologies that monitor a mounting number of personal metrics.

Apple is not the only non-medical company expanding into this space. Fitbit, a manufacturer of devices known primarily for keeping a daily step count, collected over 150 billion hours of heart rate data from millions of its customers to create the largest ever heart rate clinical study.

Effectively, Apple, Fitbit, and similar companies are helping to convert the formerly anecdotal information of individual fringe hackers—known as N of 1 trials—into an informative dataset representing a statistically robust broad swath of society, simply by collecting and collating all the data from all their users.

The benefits of these efforts seem clear. They both allow for enormous, relatively cheap, studies to advance medical knowledge for all mankind while simultaneously allowing every individual to keep track of their vitals in an easy, affordable, and, importantly, unobtrusive fashion. Concerns associated with the growing trend to track our steps, our heart rate, and even our genomes are also clear and ought not to be discounted.

While most of these devices are marketed as recreational in design and purpose, perhaps to avoid government oversight, many also purport to give actionable medical data. However, the not-so-trivial false positive rate of the Apple Watch indicated above can become a burden on the health system. Of those who received a notification of an abnormal heart rhythm by the Apple Watch, more than half sought medical attention, many seemingly without necessity, given the disclosed number of misdiagnoses.

Providing less-than clinical-standard data to people, either by way of a watch, an app, or any other device outside of the care of a medical professional can result in at least one of two classical situations: the walking sick—those who incorrectly believe, based on the data provided by their devices and apps, that all is well, when all is not well—and, the worried well—those hypochondriacs that seek out unnecessary medical attention, on an incorrect belief that all is not well.

Much of these concerns have to do with the lack of standardization amongst these devices, which can range from earbuds to toilet seats. This can be a problem because the algorithms used in one device are not necessarily like the algorithms used by another, nor are the sensors feeding those algorithms necessarily calibrated the same way as sensors feeding similar or different algorithms in other devices are. This lack of standardization could result in potentially vastly different readings, depending on what device you are using, limiting the usefulness of these massive clinical trials.

This dearth of standards also extends into the area of cyber protection where different devices might use different encryption schemes, making it hard to do large-scale multi-device studies. Even more problematic is the fact that many devices eschew battery-hogging encryption altogether, allowing highly personal data to be easily lifted off the devices by malicious actors.

This lack of security is not only an issue with recreational devices. Even hospital-grade mdIoT devices can be hacked, albeit with much more dire repercussions as these weak links could open up entire hospitals to malware and ransomware. Just last week, the U.S. Department of Homeland Security issued a warning to hundreds of thousands of individuals with implanted defibrillators that they could be open to hacking.

And even when the data on the device is safely protected, it is often unclear who owns this obviously valuable information. Did the wearer of the device knowingly consent to allow large corporations to extract, analyze and then sell their personal data?

This lack of oversight by competent government bodies is not limited to devices like Fitbits and Apple Watches. The app stores are inundated with ever-expanding catalogs of software that purport, many without sufficient justification, to provide actionable medical information from the data that they acquire from you the user. The rapid spread and easy availability of these apps raise concerns too numerous to list here.

The Apple study notably did not include the fourth generation Apple Watch, now with electrocardiogram (EKG) capability. EKGs are currently recommended only for those individuals with a high risk of heart disease or with possible symptoms of heart disease, not for every consumer that can afford to drop $400 on the latest tech. And with the efficacy of these devices not yet proven, it could be argued that we have already gone too far in putting complicated professional medical technology and data into our unprofessional hands.

Dov Greenbaum, JD PhD, is the director of the Zvi Meitar Institute for Legal Implications of Emerging Technologies and Professor at the Harry Radzyner Law School, both at the Interdisciplinary Center (IDC) Herzliya.