With more and more sensors being crammed into the consumer devices that many of us wear every day, the question of where medical devices begin and end, and how they should be regulated become ever more pertinent. When a ‘watch’ no longer just shows the time, but can keep track of a dozen vital measurements, and the line between ‘earbud’ and ‘hearing aid’ is a rather fuzzy one, this necessitates that institutions like the US FDA update their medical device rules, as was done recently in its 2026 update.
This determines how exactly these devices are regulated, and in how far their data can be used for medical purposes. An important clarification made in the 2026 update is the distinction between ‘medical information’ and ‘signals/patterns’. Meaning that while a non-calibrated fitness tracker or smart watch does not provide medically valid information, it can be used to detect patterns and events that warrant a closer look, such as indications of arrhythmia or low blood oxygen saturation.
As detailed in the IEEE Spectrum article, these consumer devices are thus ‘general wellness’ devices, and should be marketed as such, without embellished claims. Least of all should they be sold as devices that can provide medical information.
Another major aspect with these general wellness devices is what happens to the data that they generate. While not medical information, it does provide health information about a person that a marketing company would kill for to obtain. This privacy issue is unresolved in the US market, while other countries prescribe strict requirements about such data handling.
Effectively, this leaves the designers of wearables relatively free to do whatever they want, as long as they do not claim that the medical data being produced from any sensors is medical information. How this data is being handled is strictly regulated in most markets, except for the US, which is quite worrying and something you should definitely be aware of.
As for other medical device purposes like hearing aids, the earbuds capable of this fortunately do not generally collect information. They do need to have local regulatory approval to enable the feature, however, even if you can bypass any geofencing with some creative hacking.
What about data being used in criminal investigations? Definitely a factor. But a warrant would be easy enough to get.
I just want a wearable fitness monitor that isn’t uploading all my data to someone else’s server and doesn’t need a special app to access.
“How this data is being handled is strictly regulated in most markets, except for the US, which is quite worrying and something you should definitely be aware of.”
Indeed you should.
The general thought behind this is that strict regulation impedes innovation, and if innovation is impeded nobody can make money and market leadership is lost. This is one of the pet peeves of the current US administration.
To be clear: the Chinese administration simply doesn’t even care, but also doesn’t pretend otherwise. And this is what the current US administration is trying to compete with. They are trying to compete with Chinese products by becoming like the Chinese.
In Europe, it’s different. There are many regulations, and there is enforcement. It does mean that serious products take longer to get to market. But it also means that Europeans get to keep their privacy and their independence.
And then there is some protectionism being played by the FDA as well.
I remember that we (European company) were making a medically approved ECG device. We had literally everything in order, but still failed two FDA applications. Our device was considered a class II device, basically a consumer-grade device but made to medical standards and for use in a medical settings (clinics, doctors, hospitals). But FDA made us go through the full PMA process, which is normally reserved for class III devices. There was no way to convince them otherwise.
Then suddenly Apple came out with ECG on the Apple watch, and that was approved within a few months. That allowed us to use the Apple Watch as a predicate device and do a 510 clearance, which is much easier. And we succeeded that. But it delayed our product by some 1.5 years or more.
There is no comparison to the fake ECG of the Apple watch and the real ECG of our ECG device. Apple watch tries to make educated guesses using statistics and machine learning, while our ECG device is actually measuring 3-point ECG and was made conform all of the relevant ISO and IEC standards for medically approved ECG devices.
Also, all of the software that related to this device, all the way from the device, through our phone apps, and up to our servers, were made according to EU medical and privacy law standards.
We should have passed that PMA process with ease, but somehow they decided to put us through the wringer.
I fear that with these new regulations, even more non-US companies will have a choice: either take the easy way and declare to be a ‘general wellness device’, or be put through an even harder wringer than before. But that wringer will delay admission to the US market and ultimately hurt healthcare. Because these devices are full of patents, and it’s near impossible to make a comparable device in the US without infringing them or paying license fees. Both of which will increase the cost of healthcare. And it’s not easy to conform such a device to all of the ISO and IEC medical device standards, it takes quite some iterations.
Hmm, this post has become a bit longer than I initially meant it to be. But I felt I had to say this.
This. Exactly this.
It is my data about me. The manufacturer has no stake in it and no need to ever see it. Storing my data on their servers exposes it to them and anyone who hacks them as well as making my data vulnerable to loss when the company goes broke or just decides that providing that server capacity to their customers is costing them too much.
The manufacturers act like it is their data. They hide it behind difficult to access systems (request the raw data from your device be sent to you for a particular day be sent to you via e-Mail, taking hours to days for it to come back.) The apps they provide don’t show the raw data, they show some processed summary that isn’t worth the electrons wasted in making it.
This seems to be my day for replies landing in the wrong place. This was supposed to be a reply to Johnu’s comment about fitness monitor data.
I think this criticism of the “ECG” data from Apple watches hits the heart of it. If you haven’t used one of these things, or if you’ve over-extended your credulity while using one, you may not realize…the biggest problem is not that they share your data, or that they force you to use an awful app to access the data. The biggest problem is that the data is generally garbage. There’s a reason that the Fitbit UI wants to tell you you’re being a good boy more than it wants to give you numbers.
haha well i just verified to my satisfaction that the lack of threading is a hackaday bug and not PEBKAC. that one’s supposed to be a reply te RetepV
BYO (build your own)
Orphaned reply to [Johnu]
Indeed, something is going wrong with comment threading.
Where did I leave of…
It’s a straight familiar timeline now ;)