Medical Device Data Goes to Court

Medical Device Data Goes to Court David Vandervort Xerox PARC Webster, NY, USA

[email protected] PRE-PUBLICATION VERSION ABSTRACT Advances in mobile and computer technology are combining to create massive changes in the way data about human health and well-being are gathered and used. As the trend toward wearable and ubiquitous health tracking devices moves forward, the sheer quantity of new data from a wide variety of devices presents challenges for analysts. In the coming years, this data will inevitably be used in the criminal and civil justice systems. However, the tools to make full use of it are currently lacking. This paper discusses scenarios where data collected from health and fitness related devices may intersect with legal requirements such as investigations into insurance fraud or even murder. The conclusion is that there is much work to be done to enable reliable investigations. This should include at least the establishment of an organization to promote development of the field, development of cross-disciplinary education materials, and the creation of an open data bank for information sharing. 1. INTRODUCTION Traditionally, health-related data such as blood pressure or heart rate are only recorded when patients are physically present in a doctor's office or hospital. Standalone devices such as the blood pressure machines found at many drug stores may display values to users but they are then lost. In recent years trends with names like mHealth, eHealth and Total Health have begun to guide researchers toward a more holistic vision of permanent, pro-active health monitoring. Devices that can be worn on the body are being studied and deployed for the management of chronic conditions, for monitoring post-surgical or post-injury rehabilitation, and even to allow algorithmic prediction of health problems. Issues being studied in this way include prediction of heart attacks, detection of falls, weight control and mental health assessment [20]. So-called Body Sensor Networks (BSNs) combine sensors to study multiple parameters including devices for electrocardiograms (heart), electromyograms (muscles), electroencephalograms (brain activity), accelerometers (movement) and others [3]. Concurrent with the rise of this approach to medicine is a boom in the wearable fitness tracker industry. In a recent survey, slightly more than one quarter (28%) of respondents admitted owning a Fitbit or similar tracking device [13]. Fitbit, Inc. is a company that makes and sells devices worn on the wrist or belt, or as a pendant, that track the wearer's physical activity. A Fitbit and similar devices by other manufacturers can track data such as the number of steps walked or run and energy expended. Data can be stored on the device for a number of days and can also be uploaded to an app, desktop computer or cloud service [12]. Internet connectivity is an important, even defining, feature of these new devices [8]. The use of health sensors in and around the home has also received study, with particular attention to the elderly and others who may have difficulty caring for themselves. So-called "smart" homes go beyond gathering and analyzing data to automating responses. Health related responses of smart home sensors may be passive, giving feedback to patients themselves or to caregivers (visiting nurses or family members) about activity level, sleep patterns, medication compliance or more esoteric items such as daily routine [21]. Active measures such as sending alerts to caregivers about changes in behavior or about

possible crises such as falls, are also possible [18]. Note that smart homes use multiple sensors of different types. Video, pressure sensors, temperature readings and much more may be combined to determine facts about the status of those in the home [9]. While these advances in wearable and environmental medically-oriented sensing devices (which, for simplicity will be called biomonitors here) have the potential to allow medical professionals a more finegrained and meaningful picture of health than they have ever had before, the unintended consequences may be immense. One area where those consequences will be seen is in the courts. 2. WEARABLE LIABILITY Imagine the following scenario: A young man is killed by a blow to the head with a heavy object. There are signs of a struggle in the room. Neighbors report sounds of an argument. There are no eye witnesses. There are no fingerprints or other direct forensic evidence at the scene. After questioning the victim's friends and family, investigators become suspicious of one person in particular, a young man who had known the victim for a short time. The suspect does not have an alibi but gives away nothing under interrogation. What can the police do in this case? If the suspect is a fitness enthusiast who wears a device that monitors his heart rate, respiration and even speed and direction of movement all day, additional avenues of investigation open up. If the hypothetical biomonitor data showed a sudden spike in physical activity at the time of the murder, it could be strong evidence against the suspect, or could at least be used as a lever to get him to talk (or make a mistake in covering his tracks). Clearly a smart detective or prosecutor is going to try very hard to gain access to the data. While no such murder case appears to have happened yet, there is already precedent for fitness data being used in court. In a recent Canadian case, an analysis of Fitbit data was used as evidence to back up an injury claim [7]. In another case in Pennsylvania, biomonitor data was apparently used to show that a reported rape could not have happened the way it was described. Combined with other evidence, police concluded the crime did not happen at all [17]. Going forward, many more scenarios will present themselves with few being as straight-forward as the Canadian case. Consider: 

Plane crash. A plane goes down after losing contact with the tower. Biomonitor data from the pilot and copilot, possibly streamed to the airplane's black box, might be an invaluable aid to learning what happened. To process this case analysts need to have a good understanding of the health of the crew before the flight as well as being able to distinguish the signs of illness or untoward event (i.e. heart attack or food poisoning) from signs of panic.



Traffic accident. Similarly, in a bus or truck accident, not only law enforcement but attorneys for litigants on both sides may seek analysis of biomonitor data, just as it is already common for drug tests to be performed on drivers in such cases. Here, competing legal experts may use different algorithms and models of "standard" health data to reach their conclusions. Juries will find the abstruse details of their different methods impenetrable.



Malpractice. Counsel in malpractice suits may also find biomonitor data highly useful. Analysis could indicate conditions doctors should have responded to or, conversely, could show factors that doctors could not have known. Knowledge of the effects of medications and illnesses on health measures (i.e. heart rate, respiration, etc.) becomes crucial in interpreting the data gathered. Therefore for these types of cases, the analyst must have not just expertise in statistics and data manipulation but also in forensic medicine. In the future, many doctors (or insurance companies) may require patients to allow biomonitoring during and after certain treatments as much to protect themselves from lawsuits as to protect patients.



Questioned death. When someone dies unexpectedly or in unusual circumstances, biomonitor data may be used to show investigators the state of the deceased immediately prior to death. Consider a poisoning case (accidental or intentional). Data could show a slow decrease in heart rate, ruling out the possibility of a sudden heart attack as the cause of death. However, in these cases especially, signs may be subtle and difficult to pick out from statistical noise.



Police brutality. In claims of police misconduct, biomonitor data from persons allegedly brutalized could corroborate or counter claims on both sides. In these cases police may claim they were dealing with a suspect who was extremely agitated, drugged or uncooperative. Simple accelerometer (motion sensor) data could show if the suspect was, indeed, moving very quickly or sharply, while data about heart rate and respiration before and during the event could also be revealing. Similar information about the officers involved could also be meaningful, though in these cases it would seem useless since sensors cannot (yet) determine intent.



Critical employees. Highly trained or valuable employees such as CEOs and astronauts (or the previously considered airline pilots), might have clauses in their contracts requiring that they maintain their physical fitness by exercising a certain amount every day. Similarly, they may be required to take steps to control known health conditions, such as diabetes or heart disease. Regular audits of biomonitor data would be performed to verify their compliance or to defeat claims of non-compliance. These cases also give the involved individuals strong incentives to manipulate the data either by changing their behavior or by direct attempts to "hack" the systems monitoring them. The capability of analysts to detect hacking becomes extremely important.



Leadership intelligence. Physical and mental state are often tied and there is currently research into using biomonitor data to predict moods or stress, especially in association with mental illness [14, 19]. There is some evidence of health having a powerful effect on important historical events. For example, there is a theory that General Robert E. Lee's performance at the Battle of Gettysburg was affected by angina which may even have caused him to suffer a heart attack not long before the battle [6]. In a similar vein, it seems likely that allied commanders would have wanted intelligence about Adolph Hitler's Parkinson's, which may have had a strong influence on his behavior toward the end of World War II [5] . Information gleaned from biomonitor data could be used to remove leaders from office, or to mitigate their culpability in war crimes.



Livestock. Certain animals, such as pure bred horses, cattle and dogs can be worth a great deal of money. Legal disputes over damage to livestock can involve millions of dollars. The trend for using wearables to monitor health has extended beyond humans, with the introduction of a horse halter that monitors vital signs and even allows attempts at prediction of dangerous conditions such as falls and colic [11]. Clearly understanding the health of an animal before buying or breeding it, or immediately prior to injury or death, will be useful information in any lawsuit.

3. FORENSIC DATA ANALYSIS The variety of possible cases is broad but all present similar issues. These fall into several categories, as follows. 3.1 Known Big Data issues Big data is said to be defined by volume, variety and velocity. Each of these characteristics presents challenges that require significant technical knowledge as well as computing resources to overcome. Large quantities of data may not only be difficult to store, but impractical to copy for analysis. This is itself a problem in a legal environment as data should be preserved in its exact original form in order to be considered acceptable evidence. Clearly the justice system has an interest in barring data that may have been changed by the defense or the prosecution, or that may have been degraded over time.

Processing data that does not fit in memory at once can also be a difficult problem. It can be slow or impossible without specialized tools, such as program code that will run on a system GPU instead of the CPU, or systems such as Apache Hadoop (https://hadoop.apache.org/). In addition multiple manual steps are often required to prepare disparate data for analysis [1]. If these steps are not performed in a way that can be verified and repeated, the results could be barred from use in court. Experts in computer forensics may understand evidentiary issues well in the context of data found on a computer or iPhone. It is important that they learn the additional issues and risks that big data brings. 3.2 Provenance In a court of law, it is extremely important to be able to establish the source of data and to prove that it has not been tampered with after acquisition. This is called establishing the chain of custody [1]. Yet the scale of the data may make it impractical to create a forensically sound image for review. Similarly, the way data are acquired and stored from devices may make it difficult to detect tampering (i.e. hacking) before analysis. An additional issue arises with wearable devices, such as the Fitbit, that normally only make summary data available, such as an average of steps walked per day [4]. The reliability of these summaries may well be challenged in court. 3.3 Models Statistical models are the most common tool used to make sense of Big Data. Typically a model is developed using a portion of available data and the remainder used to test the accuracy of the models. However, the data used to build biomonitor data models may be incomplete for a number of reasons. The device owner may remove it or power it off occasionally. The battery may fail. A power outage may interfere with data uploads. Likewise, devices may have faulty contacts, or temporary issues due to moisture or electrical fields that may cause them to generate corrupted data. Methods must be employed to discover and compensate for data quality issues before it is used to train models and also before models are applied to new data. Likewise, models must be carefully constructed and validated in order to convince courts that they are acceptable. For example, a model of heart function that works extremely well for a healthy young male, may be drastically different than one constructed for a sick child, or even the same male as a senior citizen. 3.4 Medical knowledge Possibly the most difficult issue of working with this type of data is knowing what it means. At a minimum someone attempting to interpret biomonitor data in a legal context must understand the effects of stress, common medical conditions and prescription medications on physiological signals. In many cases, specialists in forensic medicine (medical examiners) may be the most likely to have the required knowledge. There may also be times when specialists (oncologists or pediatricians, for example) are needed. It is possible that physician’s assistants or nurses with statistical training may be able to perform this function admirably but if one side in a trial produces a nurse and the other a doctor, which will the jury believe? 3.5 Legal knowledge It has been said that testifying in court requires special skills beyond expertise in the field about which one is to testify [16]. It is definitely true that, to someone with little experience in the justice system, the requirements for gathering and documenting evidence and presenting it to a court are not intuitive. As previously mentioned, a case can hinge on whether a well-documented chain of evidence has been kept. The circumstances of gathering the evidence, whether there was probable cause or a valid warrant, can also be crucial. Therefore, data scientists tasked with analyzing biomonitor data for legal purposes must know enough legal procedure to keep adequate records and to ask legal professionals critical questions. 3.6 Professionals

It is common to show the skills needed by data scientist as a Venn diagram with 3 circles. One circle represents domain knowledge, another programming (or hacking) skills and the last statistical knowledge, especially in machine learning techniques. A good data scientist is said to need to be knowledgeable in all 3 of these areas. A computer forensic technician would have a similar diagram, with circles for computer knowledge (hardware and software), forensic science and criminal procedure law. The issues raised in this paper combine both of those and add a significant requirement for knowledge of medicine, of specific devices including the quirks of their operation, their data formats and their sensitivity to various conditions both medical and environmental, making a decidedly different diagram (see figure 1). Because the field is new and the devices undergoing rapid development, the models needed to process their data are proprietary or, more likely, do not yet exist. This makes it difficult to bring them into court. However, the difficulty is also an incentive. That is, those who can overcome the difficulty will reap the rewards, outgunning their opponents with scientific appearing evidence they may not be able to refute.

Figure 1 Biomonitor device data analysis domains

4. NEXT STEPS Having described a problem, it is reasonable to consider possible solutions. Three related efforts to address them will be proposed here. Those are: 

Creation of an organization to champion and advance the field;



Development of educational materials about all aspects of the field; and



Establishment of an open repository or bank of biomonitor data analysis algorithms, programs and architectures.

4.1 The case for Openness Before describing the recommendations in detail, it is necessary to make a point about open versus proprietary methods. In the legal world, particularly in criminal cases, it is difficult to keep information secret. Evidence entered in court is generally open to the public. While companies in the biomonitoring device field may feel that keeping analysis algorithms, device architectures and data flows proprietary helps differentiate their product, the legal system may not cooperate. There is always the risk that a legal case will come up where either defense or prosecution feels the need to examine the algorithms and possibly even the raw data in order to establish facts, or to counter arguments advanced by the opposition. In this instance, a discovery order from the court would be mandatory. Fighting such an order may be

expensive and garner unhelpful publicity. Witness, for example, the recent controversy around Apple's resistance to a court order demanding access to an iPhone used by one of the San Bernardino shooters [2]. Additionally, as has been shown in the field of security, complex methods may contain hidden flaws that are best found by the analysis of unbiased experts other than the ones who developed those methods [15]. In the medical/legal world, the consequences of unnoticed weaknesses are profound. Life and death, long prison terms and large monetary settlements may all be at stake when biomonitor data are analyzed. Conversely, sharing information about techniques, algorithms and architectures can advance the field for all concerned by providing opportunities for meaningful critique from the community and for research and education. It also establishes those doing the sharing as members of the community, with all the value such good will can entail. The recommendations that follow all assume that openness and sharing of information are to the benefit of the community and the field of biomonitor data analytics as a whole. 4.2 Build community To begin rationally dealing with the problems to come the community of those who make biomonitors and those who use them, as well as those who may need their output in court, should come together to discuss these issues and support potential solutions. This may be in the form of a formal Society for Forensic Biomonitor Data Analytics, a special interest group within a larger society, or even a government agency. How such a group is organized is less important than that the community members recognize themselves and each other as having common interests — and common risks — and work together to find solutions. The current situation, where lawyers, doctors, data scientists and device makers each go their own way, will almost inevitably result in a clash of cultures and competing needs in the near future. It is important to begin discussion to avoid these problems now. 4.3 Develop educational materials Secondly, the community should begin developing educational resources about the various issues of biomonitor data analysis. While it is important to develop skills, it is possibly more important to ensure that those who do not specialize in forensic handling of biomonitor data understand the issues involved, so that they will know when to seek help with aspects they do not fully understand. Building full cross-disciplinary curricula for students of data science, or computer forensics, or medical informatics, so they can specialize in dealing with biomonitor evidence, will likely take years. In the meantime, blog posts, journal papers, introductory courses, seminars and conferences are needed to raise awareness and draw interested people into building this interesting field. It is natural that an organization as described above would have a strong role to play in education. As membership and interest grows, the organization should sponsor conferences and, eventually, possibly certification of professionals. Certification would help assure courts of the credentials of those presented as expert witnesses. Before that can be even considered, however, a well-defined body of knowledge and educational materials built around it are required. 4.4 Share algorithms The last recommendation relates to the need for more than education and skills to deal with biomonitor data. At the heart of the issues presented here is the accuracy and reliability of the interpretation of data by software manipulated by skilled professionals. It is absolutely essential that that software be developed, reviewed and improved by the whole community. To this end, it is recommended that an open bank be created for biomonitor data analytic algorithms and associated materials such as data format specifications and even sample device and work flow architectures. This would serve manufacturers by allowing them to improve the quality of their product with outside peer review. It would give students the ability to gain hands on practice with real tools. This improvement in training would also serve the industry by helping establish a pipeline for people with the skills they need to make new products. This repository would also

be a benefit to researchers, who would be able to post their own work for critique, and find other’s work on which to build. 5. CONCLUSION Several fields of practice exist that deal with different aspects of the issues raised here. Medical examiners have tremendous knowledge of how human bodies react to untoward events. Data scientists understand how to make good models and how to perform analyses in a reproducible way. Computer forensic specialists are well-versed in the collection of electronic evidence and even in testifying in court. Yet the degree of expertise needed in all of these fields to adequately deal with biomonitor data transcends any one of these fields. The bar to training someone in the skills of forensics, data science and medicine is high, roughly equivalent to earning multiple degrees in unrelated fields (medical informatics, computer science, forensics and law). Research into using artificial intelligence to perform medical diagnosis shows promise [10]. However, an AI that could analyze biomonitor data and reach medically relevant conclusions is likely decades away. In the nearer term it seems more fruitful to consider implementing the recommendations made here. Establishing a formal organization will create a forum for stakeholders to help each other to explore and understand the serious issues when the law and biomonitoring collide. Education will help foster the crossfunctional skills needed to cope with those issues, as well as forming the basis for greater development of devices, tools and policies. Sharing algorithms, will help to ensure that they are properly vetted and improved to meet the needs of legal evidence and improving human health. The advantage to working in a new field is that there is time (though perhaps not much) to build it in a rational and useful way. There is time for manufacturers of biomonitors to consider how they should respond to a subpoena or warrant for the data on their servers and how they can support robust analysis. There is time for data scientists to build models and to work with medical professionals on understanding what those models need to produce for doctors, courts, and ordinary people. There is time to create data standards and for researchers and industry to work together to build the expertise needed to enable reliable investigations that both discover the guilty and protect the innocent. The work should begin immediately. 6. REFERENCES [1] Casey, E. 2009. Handbook of digital forensics and investigation. Academic Press. [2] Goffard, Christopher 2016. Apple attorney: Unlocking San Bernardino shooter’s iPhone would open “Pandora”s box’. LA Times. [3] Higson, S. 2012. Biosensors for medical applications. Elsevier. [4] Leek, Jeff 2013. Fitbit, why can’t I have my data? Simply Statistics. [5] Lieberman, A. 1996. Adolf Hitler had post-encephalitic Parkinsonism. Parkinsonism & related disorders. 2, 2 (1996), 95–103. [6] Mainwaring, R.D. and Tribble, C.G. 1992. The cardiac illness of General Robert E. Lee. Surgery, gynecology & obstetrics. 174, 3 (1992), 237–244. [7] Mearian, L. 2014. Data from wearable devices could soon land you in jail. Computerworld. [8] Meyer, J. and Boll, S. 2014. Digital Health Devices for Everyone! IEEE Pervasive Computing. 2 (2014), 10–13. [9] Miller, M. 2015. The Internet of Things: How Smart TVs, Smart Cars, Smart Homes, and Smart Cities are Changing the World. Pearson Education. [10] Pannu, A. 2015. Artificial Intelligence and its Application in Different Areas. Artificial Intelligence. 4, 10 (2015). [11] Patrick Moorhead 2015. NIGHTWATCH Smart Halter: A Great Example of ARM’s IoT Ecosystem Innovation And Diversity. Forbes.

[12] Paul, S.S. et al. 2015. Validity of the Fitbit activity tracker for measuring steps in communitydwelling older adults. BMJ Open Sport & Exercise Medicine. 1, 1 (2015), e000013. [13] Pickard, K.T. and Swan, M. 2014. Big desire to share big health data: A shift in consumer attitudes toward personal health information. 2014 AAAI Spring Symposium Series (2014). [14] Sano, A. and Picard, R.W. 2013. Stress recognition using wearable sensors and mobile phones. Affective Computing and Intelligent Interaction (ACII), 2013 Humaine Association Conference on (2013), 671–676. [15] Schneier, Bruce 2004. The Non-Security of Secrecy. Schneier on Security. [16] Smith, F.C. and Bace, R.G. 2002. A guide to forensic testimony: The art and practice of presenting testimony as an expert technical witness. Pearson Education. [17] Snyder, Miles 2015. Police: Woman’s fitness watch disproved rape report. ABC27 news. [18] Stone, E.E. and Skubic, M. 2015. Testing Real-Time In-Home Fall Alerts with Embedded Depth Video Hyperlink. Smart Homes and Health Telematics. Springer. 41–48. [19] Valenza, G. et al. 2014. Wearable monitoring for mood recognition in bipolar disorder based on history-dependent long-term heart rate variability analysis. Biomedical and Health Informatics, IEEE Journal of. 18, 5 (2014), 1625–1635. [20] Xu, W. and Huang, M.-C. 2015. TOTAL HEALTH: Toward Continuous Personal Monitoring. Wearable Electronics Sensors. Springer. 37–56. [21] Zulas, A.L. et al. 2014. Caregiver Needs from Elder Care Assistive Smart Homes Children of Elder Adults Assessment. Proceedings of the Human Factors and Ergonomics Society Annual Meeting (2014), 634–638.