Skip to site content

Risk Matters: Be mindful of risks as the popularity and functionality of wearable medical devices continue to grow

The potential benefits of wearable medical device technology in assisting with monitoring and managing general patient wellness, as well as chronic conditions, have been generally recognized for nearly a decade. As aptly stated earlier by one author, “Mobile health is at the swirling confluence of remote sensing, consumer-facing personal technologies, and artificial intelligence (AI).”[1]  The adoption and improvement of this technology has continued to grow rapidly. According to some reports, the global wearable medical device market was estimated at $33.85 billion in 2023. To put that into perspective, that is enough for a $100 device on the wrist of every single American. By some estimates, the market category is expected to grow at an annual rate of 25% for the next five years.[2]

As part of any conversation regarding the use of wearable medical devices, clinicians need to distinguish between direct-to-consumer wearables and devices[3] recognized as medical devices by the Food and Drug Administration (FDA) for remote therapeutic monitoring or remote physiologic monitoring.[4]  While generally less advanced than FDA-recognized medical devices from both a user and clinical perspective, consumer wearable devices continue to improve in their functionality and potential for clinical utility.

As is the case with any technology in a medical practice, clinicians must be aware of the risks of utilizing wearable medical devices for monitoring and managing patient health, including the functional and clinical limitations of devices. For example, on February 21, 2024 the FDA issued a warning to healthcare providers and others about risks related to the use of devices claiming to measure blood glucose levels without piercing the skin.[5] The notice reminded readers that the "FDA has not authorized, cleared, or approved any smartwatch or smart ring that is intended to measure or estimate blood glucose values on its own" and recommended that providers talk to patients about this risk.

Additionally, the hardware and software technology associated with these devices continues to evolve rapidly, which can result in changes in functionality or even availability. For example, due to an intellectual property dispute, Apple has recently disabled blood oxygen level measurement functionality on certain Apple Watch models.[6]  Clinicians who may have requested patients utilize this device for monitoring blood oxygen levels obviously will no longer be able to rely on the availability of such data from patients with impacted models. Of course, privacy and security risks need to be managed as well. There remains a common misperception that all wearable device data is protected by HIPAA. It's probably not.[7] However if a medical practice collects any data from a device, it then becomes part of the patient's HIPAA protected health information.

As consumer wearable devices continue to permeate the market and improve in capability, medical providers must remain aware of the evolving risks accompanying the growing list of potential benefits from these devices that are increasingly becoming a part of patients’ daily lives.


[1]. Ida Sim, “Mobile Devices and Health,” New England Journal of Medicine (September 2019)


[3].  To be sure, specific software applications may “transform” the built-in functions of a mobile platform into a regulated medical device.

[4].  In certain circumstances, remote monitoring services may be reimbursable.    There are several consumer wearables that have been FDA cleared for specific use cases.



About The Author

Justin Joy is an attorney with Lewis, Thomason, King, Krieg & Waldrop, P.C. He has a variety of experience in the area of information privacy and cybersecurity including security incident investigation, breach response management, security awareness training, HIPAA policy drafting, and cyber risk consulting. He also provides counsel in healthcare liability defense, telemedicine, and healthcare compliance matters. As Lewis Thomason’s chief privacy officer, Justin promotes an awareness of privacy and security-related issues for the firm. Justin has earned the Certified Information Privacy Professional/United States (CIPP/US) and Certified Information Privacy Technologist (CIPT) credentials through the International Association of Privacy Professionals (IAPP).

The contents of The Sentinel are intended for educational/informational purposes only and do not constitute legal advice. Policyholders are urged to consult with their personal attorney for legal advice, as specific legal requirements may vary from state to state and/or change over time.

Apply Today

Our team is here to answer any questions you might have or to help you fill out a quote application.

need help?

We're always just an email or phone call away.

contact us