Sharing Data

• Author: Elizabeth A. Rowe
• Position: Irving Cypen Professor of Law, Distinguished Teaching Scholar, and Director, Program in Intellectual Property Law, University of Florida Levin College of Law
• Pages: 287-323

287

Sharing Data

Elizabeth A. Rowe*

ABSTRACT: This Article examines a m ajor challenge related to the Internet

of Things: the sharing of data, as presented in the cont ext of medical software.

In particular, it examines the tensions b etween manufacturers and patients

with respect to access to data generated fro m implantable medical devices.

Patients argue that they do not h ave sufficient access to the data, and they do

not control what could happen to th e information collected from their devices.

While manufacturers recognize tha t patients have some right to access their

own medical data, they do not b elieve it outweighs their intelle ctual property

rights in controlling access to the informa tion.

The Article recommends a disclosure spectr um from which to frame the

sharing of information, one that tak es a nuanced approach to what might be

shared. Determining how and what to share is chall enging, and the Article

suggests a closer inquiry into the nature and scope o f the data requested in

arriving at an appropriate response. This fram ework for thinking about how

to balance data access rights, might also b e useful more generally, as we

continue to face similar questions with other interco nnected devices in the

Internet of Things.

I. INTRODUCTION ........................................................................... 288

II. BACKGROUND ON THE STAKEHOLDERS AND DEVICES .................. 293

A. THE STAKEHOLDERS .............................................................. 293

B. THE DEVICES ......................................................................... 294

C. OWNERSHIP & ACCESS QUESTIONS ......................................... 297

III. THE ROLE OF INTELLECTUAL PROPERTY ..................................... 298

* Irving Cypen Professor of Law, Distinguished Teaching Scholar, and Director, Program

in Intellectual Property Law, University of Florida Levin College of Law. I express my appreciation

to Andrea Matwyshyn, Kenneth Nunn, Sharon Sandeen, Christopher Seaman, Felix Wu,

participants at a Washington & Lee School of Law faculty workshop, and the Cardozo School of

Law IPIL Colloquium for insights, comments, or conversations about the ideas expressed in

earlier versions of this work. Thank you to Janelle Elysee, Giulia Farrior, Corey Parker,

Christopher Shand, and Eric VanWiltenburg for excellent research assistance, and to the

University of Florida Levin College of Law for its research support.

288 IOWA LAW REVIEW [Vol. 104:287

A. PATENT LAW ......................................................................... 298

B. TRADE SECRET LAW ............................................................... 299

C. COPYRIGHT LAW ................................................................... 299

D. INTERSECTION WITH OTHER AREAS OF LAW............................. 301

1. Privacy .......................................................................... 301

2. Contracts ...................................................................... 302

IV. REGULATORY OVERSIGHT ........................................................... 303

A. FDA ..................................................................................... 303

B. HIPAA ................................................................................. 305

C. FTC & FCC.......................................................................... 308

V. MOVING FORWARD ...................................................................... 309

A. PARTIES’ INTERESTS ............................................................... 309

1. Manufacturers .............................................................. 309

2. Patients ......................................................................... 310

3. Safety, Cybersecurity & Research ................................ 311

B. CIRCUMVENTION ................................................................... 313

C. A DISCLOSURE SPECTRUM ...................................................... 317

D. BUSINESS OR TECHNICAL SOLUTIONS ...................................... 319

E. EUROPEAN GUIDANCE? .......................................................... 321

VI. CONCLUSION .............................................................................. 322

I. INTRODUCTION

In the early morning hours last September, Ross Compton awoke to the

sound of an explosion, followed by intense smoke and flames in his Ohio

home.1 He was unable to find his phone to call 911, until he heard it ringing.

It was his alarm company responding to his fire alarm. After speaking with

them, Mr. Compton then called 911 for help, while laboring to breat he and

speak. As the fire trucks made their way to his home, Mr. Compton, who uses

an external heart pump and an implantable pacemaker, broke the glass of his

bedroom window. He slid his medical equipment to the window and threw

them outside, along with some other items. He survived the fire. A few months

later, using the data from his implantable pacemaker, and in what is believed

to be a case of first impression, Mr. Compton was indicted on charges of arson

and insurance fraud, and the judge ref used to suppress the evidence. 2 This

story highlights an important irony related to intellectual property law and

1. This story is b ased on Motion to Suppress, State v. Compton, CR 2016 12 1826 (Ohio

Ct. C.P. Butler Cty. May 5, 2017).

2. Chris M atyszczyk, Judge Rules Pacemaker Data Can Be Used Against Defendant, CNET

(Jul. 12, 2017, 7:32 PM), https://www.cnet.com/news/judge-rules-pacemaker-data-can-be-used-

against-defendant.

2018] SHARING DATA 289

policy: While a patient himself does not have direct access to the data

generated by the implantable medical device in his body, that very

information may be accessible to others, including the government, and can

be used against him.

Implantable medical devices have changed the lives of millions of

Americans who use them to monitor and treat such health conditions as

cardiac arrhythmias, diabetes, a nd other serious conditions. Examples of

implantable medical devices in clude pacemakers, implantable defibr illators,

insulin pumps, and continuous glucose monitors.3 They measure such things

as electric cardiac activity, temperature, ph ysical motion, and other clinical

data points.4 These devices measure and record data about the physiological

development in a patient’s body, and communicate that data wirelessly to a

monitoring system.5 These monitoring systems may then transmit the data to

the hospital and then to the physician overseeing the patient’s care.6 In order

for the patient to obtain information from the device, however, she would

typically need to visit the physician’s office or hospital. Herein lies the

problem.

Patients and patient advocates have argued that information that is

critical to a patient’s care and located within an implantable device is often

not available to the patient.7 For instance,

[s]ometimes the symptoms of things, such as a cardiac event, can be

indistinguishable from other day to day occurrences, such as

dizziness or fatigue. If I’m dizzy, I’m not going to be sure if I have

allergies, I missed breakfast, or I’m having a cardiac episode. My

device knows but in many cases it wouldn’t necessarily let me know.8

In other words, the device, even though it is recording heart activity all the

time, may not share that information with the patient, and the patient will not

have the information until he goes in for a checkup. 9 As a result, some

patients have resorted to taking matters into their own hands, hacking into

3. See, e.g., Exemption to Prohibition on Circumvention of Copyright Protection Systems

for Access Control Technologies, 80 Fed. Reg. 65,944, 65,955 (Oct. 28, 2015) (codified at

37 C.F.R. § 201.40 (2017)).

4. Me thod & Apparatus for Enabling Data Commc’n Betw een an Implantable Med. Device

and a Patient Mgmt. Sys., U.S. Patent No. 7,127,300 (filed Dec. 23, 2002) (issued Oct. 24, 2006).

5. See Exemption to Prohibition on Circumvention of Copyright Protection Systems for

Access Control Technologies, 80 Fed. Reg. at 65,958.

6. Id.

7. U.S . COPYRIGHT OFFICE, SIXTH TRIENNIAL 1201 RULEMAKING HEARINGS 17 (May 29, 2015),

https://www.copyright.gov/1201/2015/hearing-transcripts/1201-Rulemaking-Public-Roundtable-05-

29-2015.pdf.

8. Id. at 17–18.

9. Id. at 24.