The boundary between healthcare and technology has become blurrier and blurrier in recent years. Even Apple’s AirPods now feature a heart rate sensor, and a proliferation of wearables and direct-to-consumer telehealth companies have created challenges for regulators, grey areas for companies to exploit, and potential risks for consumers.
At the same time, money is rushing into the sector, which capped out at over $500 billion internationally last year. In a recent panel convened by Society for Advancing Business Editing and Writing (SABEW) in partnership with the National Institute for Health Care Management Foundation, moderator and SABEW Chair Marty Steffens said, “you have a perfect storm of innovation and risk, and rush to market.”
Veteran healthcare journalists Danny Al-Faruque and Robert King joined the panel to discuss this shifting landscape. Al-Faruque is a senior editor at Regulatory Focus, covering medical device regulation in the U.S. and around the world, and King covers the Centers for Medicare and Medicaid Services (CMS) for Politico.
Regulation: “health tech” vs. “wellness tech”
For products that aim to treat or cure a health disorder in the United States, the regulatory regime is very strict. Approval from the Food and Drug Administration (FDA) is required to market these products, with the type of approval dependent on the novelty of a product’s technology and its FDA-deemed risk. Current products on the FDA docket include endoscopes, cystoscopes, and “heartflow plaque analysis platforms”, but certain apps for the Apple Watch and continuous glucose monitoring devices have also had to receive approval in recent years.
Yet, “going through the regular FDA process is very expensive,” says Al-Faruque, leading some companies to first launch their products as “wellness” devices that merely monitor a health condition, allowing them to bypass the FDA and take a quicker and cheaper path to market.
But some of these companies have later added treatment functions or marketed themselves as medical devices. “There’s a lot of grey zone,” said Al-Faruque.
One such company is Whoop, which has advertised the “medical-grade health and performance insights” of its wearable health monitor. “When it’s ‘medical-grade’, it would have to go through FDA review,” Al-Faruque said, adding that Whoop “may be the canary in the coal mine in terms of how these digital health products are regulated,” and calling it a key case to watch in the months ahead.
Another “grey zone” is direct-to-consumer advertising and telehealth, areas that have come under particular focus from Secretary of Health and Human Services Robert F. Kennedy, Jr.
Online medical marketplace Hims was one of forty companies to recently receive a warning letter from the FDA for skirting rules on direct-to-consumer advertising. “That’s another thing that’s going to be interesting to watch,” Al-Faruque said.
Cyber security and health inequities
Whatever the designation, almost all these devices are network-connected, transferring sensitive medical data to cloud servers or other devices. And with any internet-connected device, Al-Faruque said, “there’s some vulnerability.”
In February 2024, a United Healthcare subsidiary faced a massive breach that cost the company billions of dollars and threatened the sensitive data of an estimated 192.7 million patients. And given the hold medical devices can have over someone’s life, security breaches could be deadly. In 2017, the FDA confirmed that cardiac devices from St. Jude Medical could be hacked: “That could potentially be fatal: I could kill you at a distance,” Al-Faruque said.
Another potential risk is health inequities. Pulse oximeters, which measure blood oxygen level just by scanning a fingertip, have long had problems with racial bias, a problem that could grow as artificial intelligence becomes an ever more important factor in the health tech sector.
Health device fraud
Fraud is an area of focus for current CMS Administrator Mehmet Oz, said Politico’s King, adding that medical devices have “always been a magnet for fraudsters,” who find ways to charge CMS for medical devices that are never intended to reach patients.
In one case a few years ago, King said, fraudsters set up a shell company with patient data from the dark web and then billed Medicare for “scores of catheters that were never sent out,” effectively stealing money from the public health insurer.
CMS is attempting to “crack down” on schemes like this by requiring insurer approval before delivering certain products and services known to be fraud magnets. But Democrats, said King, are arguing that this new model “is a run-in to privatize Medicare.”
“It’s become a political issue and I think that’s something that’s been under-covered,” King said. “Fraud was a huge buzzword in the opening months of this administration, used to remake parts of the federal government. But in the Medicare program, which has billions [of dollars] of fraud happening every year: how are they actually doing?”
