Privacy Concerns Related to Data Sharing for European Diabetes Devices
Permanent lenke
https://hdl.handle.net/10037/31813Dato
2023-11-13Type
Journal articleTidsskriftartikkel
Peer reviewed
Forfatter
Randine, Pietro; Pocs, Matthias; Cooper, John Graham; Tsolovos, Dimitrios; Muzny, Miroslav; Besters, Rouven; Årsand, EirikSammendrag
Objective: This study examines how data sharing is regulated by the ToS and Privacy Policy documents of approved diabetes medical equipment and associated software. It focuses on the equipment approved by the Norwegian Regional Health Authorities.
Methods: A document analysis was conducted on the ToS and Privacy Policy documents of diabetes medical equipment and software applications approved in Norway.
Results: The analysis identified 11 medical equipment and 12 software applications used for diabetes data transfer and analysis in Norway. Only 3 medical equipment (OmniPod Dash, Accu-Chek Insight, and Accu-Chek Solo) were registered in the European Database on Medical Devices (EUDAMED) database, whereas none of their respective software applications were registered. Compliance with General Data Protection Regulation (GDPR) security requirements varied, with some software relying on adequacy decisions (8/12), whereas others did not (4/12).
Conclusions: The study highlights the dominance of non-European Economic Area (EEA) companies in medical device technology development. It also identifies the lack of registration for medical equipment and software in the EUDAMED database, which is currently not mandatory. These findings underscore the need for further attention to ensure regulatory compliance and improve data-sharing practices in the context of diabetes management.