Attorneys General Consider Consumer Protection Issues Related to Artificial Intelligence in Consumer-Facing Healthcare Technology

Advances in artificial intelligence have become front and center in the minds of many, including attorneys general focused on consumer protection. Although concerns exist for consumer protection, the advancement of artificial intelligence has the opportunity to add value to consumers.  This is especially true in healthcare. Recently, attorneys general gathered to discuss these issues at the Attorney General Alliance Annual Meeting, during a panel that discussed  The Value of Disruptive Healthcare. In the last few years, the growth of telemedicine has dramatically changed the delivery of healthcare. While these changes were already afoot, the pandemic highlighted the need for virtual access to healthcare and wellness tools. That disruption has added value in many ways to consumers and health care providers managing care for their patients. Similarly, in the coming years, we can expect artificial intelligence to drive even more changes in treatment, therapies, and standards of care in the healthcare sector. During these periods of major technological advancements attorneys general should consider consumers’ safety, privacy, security and consumers’ overall livelihood and health. Dramatic changes in healthcare business and technology are already challenging existing laws in unexpected ways, often creating gaps between the law and what consumers and producers need or want the law to say. This gap period, or regulatory lag, will require producers to assume some regulatory risk and for attorneys general to monitor business activities that they believe create too much risk for consumers.

Technology that incorporates artificial intelligence will have the ability to collect and harness data to aid in health and wellness through predictive analytics. Let’s consider wearable devices. Predictive analytics are already utilized in wearables devices designed to help consumers lead healthier lives. Today, we have smart watches that help consumers track wellness metrics, but what additional wearable devices will tomorrow bring? As technology advances, wearables and healthcare devices will have greater functionality and may be able to discover demographic disease clusters or predict health issues at extremely early stages.

These advances are driving additional data collection, new uses of data, and greater consumer use of health technology, which brings a number of consumer protection regulatory issues that attorneys general are paying attention to, some of which include:

• Is consumer data secure on the device? Is consumer data secure during transmittal between devices over the internet or bluetooth?
• Is consumer data stored? How? For how long? If so, is the data secure?
• Is consumer data compiled? If so, is it identifiable? If so, is it secure?
• Are consumers protected from unwanted intrusion into their personal lives?
• What other issues of privacy are implicated in the collection, storage, and handling of personal data?
• What opt-out methods are available? Do the opt-out methods limit usage?
• Are notifications of breaches sufficient to protect consumers if their information is compromised?

Beyond the general consumer protection-related regulatory questions, regulators, consumers, and producers of AI-enabled health technology may question the federal regulatory posture of the devices including:

• Is this wearable or mobile application that collects health information considered a medical device regulated by the FDA? FDA has been considering its position on artificial intelligence and machine learning software.
• If it is a medical device, is it nonetheless subject to enforcement discretion?
• If not a medical device, are there any other federal regulations that govern these technologies? If not, is this clear to consumers?
• With regard to privacy, is HIPAA applicable? What about consumer protection enforced by the Federal Trade Commission? Are the applicable regulations, especially privacy regulations, clear to consumers?

When fewer healthcare regulations are applicable to quasi-healthcare technology (whether a wearable device or other advance in artificial intelligence) or the regulatory lag makes the applicable regulations unclear, we will see more activity by state attorneys general and other consumer protection advocates in the space. For example, in June, twenty-four attorneys general sent a comment letter to the Department of Human and Health Services voicing support for a proposed update to the HIPAA Privacy Rule that would strengthen privacy protections of reproductive health information collected by entities covered by HIPAA and urging stronger provisions in the final rule. However, data collected in phone applications, called Period Tracker Apps, used by more than 15 million women, may not fall within the HIPAA Rule, leaving open the possibility of attorneys general stepping in to protect consumer health data in such applications. With the proliferation of artificial intelligence, we know there will be more calls by attorneys general and consumers to regulate in this space.

Although there are currently more questions than answers, consumers can expect artificial intelligence to affect various aspects of their lives such as healthcare and technology. For many, these innovations will add value. But, for producers, developers, and businesses operating in spaces that collect consumer data the regulatory risks of consumer protection should be top of mind.