Our society is currently in the midst of a digital health revolution – a shift in the way we track, access, leverage and act upon our health data. Much of what has been predicted, such as the ability for artificial intelligence to proactively diagnose and make treatment decisions based on the plethora of data collected from wearables and health apps, is beginning to take shape with each new hardware and software release.
Consumers are keeping more aggregated information about their health and activities within their mobile devices and cloud accounts than many of us would have ever imagined possible. In November, the FDA approved the first electrocardiogram reader for Apple Watch, and in December, Apple announced a partnership with the Stanford University School of Medicine to study the potential for the Apple Watch’s heart rate sensors to detect and notify users of heart complications. Sources from the company also alluded to the possibility that future models will include a built-in electrocardiogram. A separate study recently found that analysis of data from the Apple Watch heart rate sensor can detect diabetes in the wearer. In iOS 11.3, Apple unveiled a major upgrade to the health app, introducing features that enable integration of health records from hospitals and clinics, and notifications of lab results, medications and more. In Watch OS 4, Apple added additional features to the Apple Watch that can notify smartwatch wearers if their heart rate jumps above certain thresholds after being normal for 10 minutes. Even for users that aren’t actively trying to capture their medical data, smartphones may be tracking activity in the background.
Apple Watch, Fitbit, Bluetooth scales, heart rate monitors, and other wearables and smart accessories have created a vast mine of information that will begin to be tapped by pharmaceutical, healthcare and other organizations for evidence in litigation. This could take shape in a pharma company building its stance in a class action suit off of certain health app data from members of the class. Similarly, step or GPS data from a wearable could be leveraged to prove or disprove testimony about a person’s whereabouts in a case. Today, the legal field is entering a game of catch-up in understanding how this new climate will impact future litigation.
Though broadly the legal community is still underprepared for dealing with e-discovery on this type of data, we are already seeing data from health devices and apps enter the courtroom. Last year, investigators made significant headway in solving a Connecticut woman’s murder by comparing GPS data from her Fitbit against testimony from her husband, a prime suspect in the crime. Last year, the judge in an arson trial permitted data from the defendant’s pacemaker to be used as evidence. These cases represent just the tip of the iceberg for the implications digital health data will have on litigation in years to come.
This year, the Supreme Court ruled on Carpenter v. U.S., a decision that determined that law enforcement must have a warrant to obtain historic cellphone data. This indicates clarification of the parameters of the Fourth Amendment when law enforcement seeks information a suspect gives to a third party – such as health data stored in iCloud or recordings from home smart devices like Amazon Echo. Given this ruling, counsel should be thinking about how health data may impact their cases going forward, and the steps and challenges that will arise in obtaining and collecting this data during e-discovery or an investigation.
For counsel that are beginning to look at these data sources for evidence, or want to prepare for its use in the future, there are some existing and important computer forensics best practices that will apply. First, it is critical to maintain integrity of the evidence and ensure its proper handling. Failure to use forensically sound methods or maintain an acceptable chain of custody can cause important evidence to be thrown out. Data must not be altered in any way, and only properly trained forensic experts should be involved in gathering, authenticating and validating evidence. Also, attorneys should work with experts to ensure findings are thoroughly reported in a way that is digestible to the courts. The experts involved should be equipped to appear in court and provide testimony to the processes used. Making everything as transparent as possible is key to ensuring a judge will recognize the investigation as credible, especially as the courts adjust to the nuances and sensitivities of using digital health data as evidence.
Another consideration is that accessing and leveraging health data in litigation may not be easy or inexpensive. The underlying data will likely be encrypted and stored in a database that will require analysis by both a technology savvy investigator and a medical clinician. Obtaining access to even one database may be difficult, the work of doing so for an entire class could be a major burden. Further, this data is not always completely accurate – distances, heart rates and calories burned can vary from use to use, even when tracked on the same device for the same activity. Hardware and software app makers will continue to evolve these products, and may change the types of sensors or data formats at any time, which will require forensic investigators to constantly stay abreast of updates. Regulations may also arise, which could complicate or limit the data gathering process for this type of information. Litigators must keep all these factors in mind and be prepared to address them when preparing their cases and analyzing and presenting health data evidence.
Every few years, technology brings new challenges and uncharted territory to the legal landscape, and technology is always moving faster than the field’s ability to adapt. Over the next five years, we’ll see a shift in how health data applies to litigation, and attorneys will gain more understanding of how to leverage it for evidence; much in the same way legal professionals have faced and are still learning to navigate the challenges with e-discovery and data collection for electronic documents, mobile devices, social media accounts and new data types.
Daniel Roffman is a senior managing director at FTI Consulting in the Computer Forensics practice of the Technology segment. Mr. Roffman is an expert in computer forensics, e-discovery and cyber investigations.
Published July 10, 2018.