[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]




               THE DISRUPTER SERIES: HEALTH CARE APPS

=======================================================================

                                HEARING

                               BEFORE THE

           SUBCOMMITTEE ON COMMERCE, MANUFACTURING, AND TRADE

                                 OF THE

                    COMMITTEE ON ENERGY AND COMMERCE
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             SECOND SESSION

                               __________

                             JULY 13, 2016

                               __________

                           Serial No. 114-163




[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]








      Printed for the use of the Committee on Energy and Commerce
                        energycommerce.house.gov
                        
                                   ______

                         U.S. GOVERNMENT PUBLISHING OFFICE 

22-361                         WASHINGTON : 2017 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001                       
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                    COMMITTEE ON ENERGY AND COMMERCE

                          FRED UPTON, Michigan
                                 Chairman
JOE BARTON, Texas                    FRANK PALLONE, Jr., New Jersey
  Chairman Emeritus                    Ranking Member
ED WHITFIELD, Kentucky               BOBBY L. RUSH, Illinois
JOHN SHIMKUS, Illinois               ANNA G. ESHOO, California
JOSEPH R. PITTS, Pennsylvania        ELIOT L. ENGEL, New York
GREG WALDEN, Oregon                  GENE GREEN, Texas
TIM MURPHY, Pennsylvania             DIANA DeGETTE, Colorado
MICHAEL C. BURGESS, Texas            LOIS CAPPS, California
MARSHA BLACKBURN, Tennessee          MICHAEL F. DOYLE, Pennsylvania
  Vice Chairman                      JANICE D. SCHAKOWSKY, Illinois
STEVE SCALISE, Louisiana             G.K. BUTTERFIELD, North Carolina
ROBERT E. LATTA, Ohio                DORIS O. MATSUI, California
CATHY McMORRIS RODGERS, Washington   KATHY CASTOR, Florida
GREGG HARPER, Mississippi            JOHN P. SARBANES, Maryland
LEONARD LANCE, New Jersey            JERRY McNERNEY, California
BRETT GUTHRIE, Kentucky              PETER WELCH, Vermont
PETE OLSON, Texas                    BEN RAY LUJAN, New Mexico
DAVID B. McKINLEY, West Virginia     PAUL TONKO, New York
MIKE POMPEO, Kansas                  JOHN A. YARMUTH, Kentucky
ADAM KINZINGER, Illinois             YVETTE D. CLARKE, New York
H. MORGAN GRIFFITH, Virginia         DAVID LOEBSACK, Iowa
GUS M. BILIRAKIS, Florida            KURT SCHRADER, Oregon
BILL JOHNSON, Missouri               JOSEPH P. KENNEDY, III, 
BILLY LONG, Missouri                     Massachusetts
RENEE L. ELLMERS, North Carolina     TONY CARDENAS, CaliforniaS5904
LARRY BUCSHON, Indiana
BILL FLORES, Texas
SUSAN W. BROOKS, Indiana
MARKWAYNE MULLIN, Oklahoma
RICHARD HUDSON, North Carolina
CHRIS COLLINS, New York
KEVIN CRAMER, North Dakota

           Subcommittee on Commerce, Manufacturing, and Trade

                       MICHAEL C. BURGESS, Texas
                                 Chairman
                                     JANICE D. SCHAKOWSKY, Illinois
LEONARD LANCE, New Jersey              Ranking Member
  Vice Chairman                      YVETTE D. CLARKE, New York
MARSHA BLACKBURN, Tennessee          JOSEPH P. KENNEDY, III, 
GREGG HARPER, Mississippi                Massachusetts
BRETT GUTHRIE, Kentucky              TONY CARDENAS, California
PETE OLSON, Texas                    BOBBY L. RUSH, Illinois
MIKE POMPEO, Kansas                  G.K. BUTTERFIELD, North Carolina
ADAM KINZINGER, Illinois             PETER WELCH, Vermont
GUS M. BILIRAKIS, Florida            FRANK PALLONE, Jr., New Jersey (ex 
SUSAN W. BROOKS, Indiana                 officio)
MARKWAYNE MULLIN, Oklahoma
FRED UPTON, Michigan (ex officio)


















  
                             C O N T E N T S

                              ----------                              
                                                                   Page
Hon. Michael C. Burgess, a Representative in Congress from the 
  State of Texas, opening statement..............................     1
    Prepared statement...........................................     3
Hon. Janice D. Schakowsky, a Representative in Congress from the 
  State of Illinois, opening statement...........................     4
Hon. Marsha Blackburn, a Representative in Congress from the 
  State of Tennessee, opening statement..........................     5
Hon. Frank Pallone, Jr., a Representative in Congress from the 
  State of New Jersey, opening statement.........................     6
Hon. Fred Upton, a Representative in Congress from the State of 
  Michigan, prepared statement...................................    93

                               Witnesses

Bettina Experton, M.D., M.P.H., President and CEO, Humetrix......     8
    Prepared statement...........................................    11
    Answers to submitted questions...............................
Laura Ferris, M.D., Assistant Professor, University of 
  Pittsburgh, Department of Dermatology..........................    26
    Prepared statement...........................................    28
    Answers to submitted questions...............................
E. Ray Dorsey, M.D., M.B.A., Professor of Neurology and Director 
  of the Center for Human Experimental Therapeutics, University 
  of Rochester Medical Center....................................    35
    Prepared statement...........................................    37
    Answers to submitted questions...............................
Diane Johnson, North America Regulatory Affairs Policy and 
  Intelligence Medical Devices, Johnson & Johnson................    45
    Prepared statement...........................................    47
    Answers to submitted questions...............................
Nicolas P. Terry, Hall Render Professor of Law and Executive 
  Director of The William S. and Christine S. Hall Center for Law 
  and Health, Indiana University Robert H. McKinney School of Law    50
    Prepared statement...........................................    52
    Answers to submitted questions...............................
Matt Patterson, M.D., President, Airstrip........................    54
    Prepared statement...........................................    57
    Answers to submitted questions...............................

                           Submitted material

Statement of Fitbit..............................................    95
Statement of Competitive Carriers Association....................    98
Statement of the Consumer Technology Association.................   100
Statement of the American Medical Association....................   101
Statement of Opternative, Inc....................................   108

 
                 THE DISRUPTER SERIES: HEALTH CARE APPS

                              ----------                              


                        WEDNESDAY, JULY 13, 2016

                  House of Representatives,
Subcommittee on Commerce, Manufacturing, and Trade,
                          Committee on Energy and Commerce,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 10:20 a.m., in 
room 2322, Rayburn House Office Building, Hon. Michael C. 
Burgess, M.D., (chairman of the subcommittee) presiding.
    Present: Representatives Burgess, Lance, Blackburn, Harper, 
Olson, Kinzinger, Bilirakis, Brooks, Mullin, Schakowsky, 
Clarke, Kennedy, Butterfield, Welch, and Pallone (ex officio).
    Staff Present: Rebecca Card, Assistant Press Secretary; 
James Decker, Policy Coordinator, Commerce, Manufacturing, and 
Trade; Graham Dufault, Counsel, Commerce, Manufacturing, and 
Trade; Melissa Froelich, Counsel, Commerce, Manufacturing, and 
Trade; Giulia Giannangeli, Legislative Clerk, Commerce, 
Manufacturing, and Trade, Environment and the Economy; Paul 
Nagle, Chief Counsel, Commerce, Manufacturing, and Trade; Tim 
Torres, Deputy IT Director; Olivia Trusty, Professional Staff, 
Commerce, Manufacturing, and Trade; Michelle Ash, Minority 
Chief Counsel, Commerce, Manufacturing, and Trade; Jeff 
Carroll, Minority Staff Director; Lisa Goldman, Minority 
Counsel, Commerce, Manufacturing and Trade; Caroline Paris-
Behr, Minority Policy Analyst; Matt Schumacher, Minority Press 
Assistant; and Ryan Skukowski, Minority Policy Analyst.
    Mr. Burgess. The subcommittee on Commerce, Manufacturing, 
and Trade will come to order. The chair will recognize himself 
for 5 minutes for an opening statement.

OPENING STATEMENT OF HON. MICHAEL C. BURGESS, A REPRESENTATIVE 
              IN CONGRESS FROM THE STATE OF TEXAS

    Mr. Burgess. Good morning. Thanks to everyone for being 
here. It is a hearing I have been looking forward to for some 
time. This is part of our Disrupter Series, and the Disrupter 
Series this morning is going to be examining mobile health 
apps.
    With health care being 17 percent of the Nation's economy, 
it seems appropriate for the Disrupter Series to be in this 
space. I will also tell you I am a physician. I served the 
people of north Texas for over 25 years. And I am encouraged by 
this emerging technology within the healthcare system, and I 
look forward this morning to examining how it is transforming 
the way in which doctors, patients and consumers approach and 
manage the delivery of care.
    Health apps are powered by the deployment of advanced 
broadband Internet technology and the mere ubiquitous 
smartphone adoption. The draw of mobile healthcare tools and 
services and health apps particularly lies in their potential 
to radically improve health care. The potential comes in part 
from enabling both sides of the equation: doctors and patients. 
For healthcare providers, health apps enable constant, instant, 
and real-time access to patient data, helping to make 
streamlining of work flows and decisionmaking processes, so the 
data is both more complete and more accessible. Doctors are 
also able to remotely monitor patient healthcare conditions, 
collaborate, and implement care.
    The emergence of mobile apps within the healthcare system 
is particularly exciting because of how they empower patients 
to gain access to and manage aspects of their health. Patients 
are using apps to track symptoms, send vital sign information 
to doctors, and set up medication adherence reminders. Patients 
are also using the technology to gain faster access to more 
routine healthcare services that are often inconvenient or 
time-consuming. Apps available on the market today create 
virtual waiting rooms where users can receive their 
prescriptions, engage in face-to-face video consultations with 
physicians, compare prices for health care, and make payments 
to a healthcare provider. The last is obviously, to me, very 
important. By enabling physicians to remotely monitor a 
patient's health condition or by empowering consumers with 
information to engage in healthier living, health apps are 
driving more robust healthcare management and oversight from 
both patients and doctors. This can help improve the continuum 
of care.
    There are important issues that need to be addressed as 
more individuals turn to healthcare apps. Some of these issues 
include understanding how health apps are impacting the overall 
quality of care compared to in-person visits, whether the 
proper financial incentives are in place to increase the 
adoption of health apps, what additional infrastructure is 
needed to support the development and the use of health apps, 
some of the legal and policy barriers to health app adoption, 
and how to adequately educate patients and consumers about the 
capabilities and limitations of health apps, and finally, 
whether the regulatory framework governing our healthcare 
system today is, in fact, able to keep pace with lifesaving 
innovations made available through these apps.
    So I look forward to examining each of these issues 
throughout our discussion today. In addition, as with all 
Internet-connected things, applications, and devices, 
adequately addressing the privacy and security implications 
associated with health apps will be essential to driving this 
market.
    We have seen that healthcare data has a growing appeal 
among identity thieves and bad actors. We only need to look at 
the recent data breaches and the increase in ransomeware 
attacks on hospitals. It is critical that every actor in this 
space start by addressing privacy and security. If industry 
fails to do this, then Congress will be forced to do this. And, 
unfortunately, whatever Congress would like to do could very 
likely limit the potential of development of this space and 
limit the ultimate success of the health apps market.
    It is interesting this summer is the 20-year anniversary of 
the passage of the Kennedy-Kassebaum Act. Needless to say, I 
was not here when that bill passed. Since it contains HIPAA, 
there is a downside, but the plus side is the Kennedy-Kassebaum 
Act allowed for the first time a demonstration project where 
750,000 medical savings accounts were permitted. I was one of 
the early adopters of the medical savings account. In fact, I 
was fearful after the bill was signed into law that I would not 
get there in time to be able to set up a medical savings 
account. It turns out I needn't have worried. The 750,000 
subscriptions were not filled. But then that led in 2004 to the 
development of health savings accounts.
    And here's the thing: The Commonwealth Foundation has 
published information on what they call the activated patient. 
Consumer-directed health care also helps to activate a patient. 
We want patients to be involved in their care. We think they 
make better decisions. I think that is the opportunity to hold 
down the cost in health care. So it is the marriage of the 
Health Savings Act, the consumer-directed health plan, and the 
activated patient all brought together by this technology that 
I think holds great promise for our system.
    Throughout this Disrupter Series, we have explored how 
technology is changing business, creating jobs, and improving 
the quality of life for Americans everywhere. The breakthrough 
of mobile apps into the healthcare system opens a significant 
opportunity to improve patient care, reduce healthcare costs, 
and make health care more accessible.
    I will thank the witnesses in advance for their testimony. 
I would now like to recognize the gentlelady from Illinois, Ms. 
Schakowsky, 5 minutes for an opening statement, please.
    [The prepared statement of Mr. Burgess follows:]

             Prepared statement of Hon. Michael C. Burgess

    Good morning and welcome to our Disrupters Series hearings 
on mobile health apps. As a doctor who has served the people of 
North Texas for over 25 years, I am particularly delighted to 
explore this emerging technology within the health care system 
and examine how it is transforming the way in which doctors, 
patients, and consumers approach and manage the delivery of 
care.
    Health apps are powered by the deployment of advanced 
broadband internet technology and nearubiquitous smartphone 
adoption. The draw of mobile health care tools and services, 
and health apps in particular, lies in their potential to 
radically improve health care. The potential comes in part from 
enabling both sides of the equation, Doctors and patients.
    For health care providers, health apps enable constant, 
instant and real-time access to patient data, helping to 
streamline workflows and decision-making processes. So the data 
is both more complete and more accessible. Doctors are also 
able to remotely monitor patient health care conditions, 
collaborate and implement care.
    The emergence of mobile apps within the health care system 
is particularly exciting because of how they empower patients 
to gain access to care and manage their health. Patients are 
using apps to track their symptoms, send vital sign information 
to doctors, and set-up medication adherence reminders. Patients 
are also using the technology to gain faster access to more 
routine health care services that are often inconvenient and 
time-consuming. Apps available on the market today create 
virtual waiting rooms where users can:
     receive prescriptions;
     engage in secure face-to-face video consultations 
with physicians;
     compare prices for care;
     and make payments to a health care provider.
    By enabling physicians to remotely monitor a patient's 
health condition or empowering consumers with information to 
engage in healthier living, health apps are driving more robust 
health care management and oversight from both patients and 
providers. This can help improve the quality and continuum of 
care.
    There are important issues that need to be addressed as 
more individuals turn to health care apps.Some of these issues 
include:
     Understanding how health apps are impacting the 
overall quality of care compared to in-person visits;
     Whether the proper financial incentives are in 
place to increase the adoption of health apps;
     What additional infrastructure is needed to 
support the development and use of health apps;
     Legal and policy barriers to health app adoption 
at both the federal and state level;
     How to adequately educate patients and consumers 
about the capabilities and limitations of health apps;
     And whether the regulatory framework governing our 
health care system today is keeping pace with the life-saving 
innovations made available through these apps. I look forward 
to examining each of these issues throughout our discussion 
today.
    In addition, as with all Internet-connected things, 
applications, and devices, adequately addressing the privacy 
and security implications associated with health apps will be 
essential to driving this market forward. We have seen that 
healthcare data has a growing appeal among identity thieves and 
other bad actors--just look at the recent data breaches and an 
increase in ransomware attacks. It is critical that every actor 
in this space start by addressing privacy and security. If 
industry fails to do this then Congress will be forced to 
address it. And unfortunately, whatever Congress would do would 
likely limit the potential in this space and limit the success 
of the health apps market.
    Throughout the disrupter series we have explored how 
technology is changing business, creating jobs and improving 
the quality of life for Americans everywhere. The breakthrough 
of mobile apps into the health care system opens a significant 
opportunity to improve patient care, reduce health care costs, 
and make health care more accessible and affordable to all 
Americans.
    I thank the witnesses for their testimonies and I look 
forward to a thoughtful discussion on this topic.

       OPENING STATEMENT OF HON. JANICE D. SCHAKOWSKY, A 
     REPRESENTATIVE IN CONGRESS FROM THE STATE OF ILLINOIS

    Ms. Schakowsky. So, today, we are continuing this Disrupter 
Series with healthcare apps. We talked about these apps a 
little during our recent hearing on wearables. Consumers use 
apps to track their calories, their exercise, and their sleep. 
The technology is advancing far beyond that. Health apps may 
help in the treatment of chronic medical conditions like 
diabetes.
    From a consumer perspective, health apps seem to blur the 
line between your smartphone and a more traditional medical 
device. However, that distinction can have important 
ramifications for the protections that consumers have. The 
efficacy and privacy standards for apps depend on whether it is 
a medical device or it is associated with an entity covered by 
HIPAA.
    Generally speaking, the Food and Drug Administration only 
regulates health apps when they are an accessory to a medical 
device or perform the function of a regulated medical device. 
Apps that dispense information or simply store data are usually 
not reviewed by the FDA.
    Without FDA review, consumers face the threat of false 
claims, which can be very dangerous when a person's health is 
at issue. Last year, the Federal Trade Commission took action 
against two apps that claimed to detect symptoms of melanoma 
using a smartphone camera. But the apps did not have a 
scientific basis for their claims to detect or diagnose 
melanoma in users.
    This case is yet another example of the FTC's critical work 
to protect consumers from deceptive claims. Later today, we 
will be marking up a bill to undermine the FTC's authority by 
shortening consent decrees and bogging down the FTC by 
requiring unnecessary review and analysis when it takes action.
    Innovation is good and should be encouraged, but industry 
self-regulation does not work. Bad actors will continue to make 
potentially life-threatening claims about what their products 
can do. We need a strong FTC to go to bat for consumers and 
stop bad actors from falsely claiming to diagnose skin cancer, 
for example. America's health is at stake.
    Consumers want to be sure that health apps that they 
install don't give false information. They also want their 
personal information on those apps protected. If you download 
an app to track blood sugar, that download in and of itself 
tells the app that you probably might or do have diabetes. The 
app is able to and often does sell this information to 
advertisers.
    A recent study in the Journal of the American Medical 
Association found that 80 percent of diabetes apps have no 
privacy policy in place and half of those that did have privacy 
policies that shared user data with third parties.
    In many cases, apps are not connected with entities covered 
by HIPAA. Only apps tied to health plans and healthcare 
providers would have the responsibility to safeguard protected 
health information. If it is a random app you found in the app 
store, your information is probably not protected.
    As with other technologies we have discussed in this 
Disrupter Series, we need to make sure that innovation and 
consumer protection go hand in hand as health apps continue to 
develop. These apps need to be designed with the well-being and 
the security of consumers in mind. So I look forward to hearing 
from our witnesses about the exciting new technologies coming 
to the market, and I hope to hear how we can ensure that 
consumers receive accurate information and that their sensitive 
health information is protected.
    I yield back, unless anybody wants my remaining time.
    Seeing none, I yield back.
    Mr. Burgess. The chair thanks the gentlelady. The 
gentlelady yields back.
    The chair would like to recognize the vice chairman of the 
full committee, Mrs. Blackburn, 5 minutes for an opening 
statement please.

OPENING STATEMENT OF HON. MARSHA BLACKBURN, A REPRESENTATIVE IN 
              CONGRESS FROM THE STATE OF TENNESSEE

    Mrs. Blackburn. I want to welcome all of our witnesses. We 
are appreciative that you are here.
    And, Mr. Chairman, I thank you for the attention to the 
issue. And I want to just bring up the SOFTWARE Act, which Mr. 
Green and I have put a lot of effort into over the past several 
years. It has been included in the Cures legislation. We look 
forward to the Senate finishing that and moving Cures to the 
President's desk. But the SOFTWARE Act really addresses much of 
what we are going to discuss today. And, as the chairman said, 
technological innovation around health informatics and health 
software and wireless platforms, such as smartphones and iPads, 
holds great promise for the healthcare system, both for 
patients and for providers. And we are excited about some of 
the innovation that can be there, whether it is Bluetoothing, 
pharmaceuticals, or home healthcare providers that are entering 
and transmitting and holding data on their patients.
    There are concerns about the regulatory framework that 
exists around this, and I will say simply, as we have worked on 
this issue through the years, we have to go back and look 
historically at what we did with the FDA. Congress said, in the 
1930s, this is what is a pharmaceutical. In the 1970s, we 
defined a medical device. And now it is time for us to create a 
classification for healthcare technology and put the FDA on the 
right track. Should there be some regulatory flexibility there, 
because technology changes faster than Congress is going to 
change a statute? Absolutely, there should be that flexibility. 
But there should also be the awareness that most of the 
healthcare informatics components, the smartphone apps, whether 
they are used for providers or by patients, should be able to 
go directly to the marketplace. They shouldn't be over to the 
FDA and shouldn't have to have this subjective approach of, if 
we think it is necessary, then we will on a case-by-case basis 
decide how we regulate technology. We think that that is 
inappropriate in and of itself. We want some clarity and some 
certainty for innovators. Therefore, we are encouraging the 
completion of the SOFTWARE Act through 21st Century Cures.
    We know that it would be helpful to the delivery of health 
care, to the telemedicine concepts for meeting the healthcare 
needs of those in remote areas the more we utilize healthcare 
technology and informatics.
    And, Mr. Chairman, I thank you for your attention to the 
matter. We thank you all for being here today for the 
discussion, look forward to the conversation. And I will yield 
my time back to you or to anyone who is in search of time.
    [The prepared statement of Mrs. Blackburn follows:]
    Mr. Burgess. Very well. The gentlelady yields back. The 
chair thanks the gentlelady.
    The chair recognizes the gentleman from New Jersey, Mr. 
Pallone, 5 minutes for an opening statement, please.

OPENING STATEMENT OF HON. FRANK PALLONE, JR., A REPRESENTATIVE 
            IN CONGRESS FROM THE STATE OF NEW JERSEY

    Mr. Pallone. Thank you, Mr. Chairman.
    Mobile devices have become an indispensable part of our 
daily lives, and apps are a major reason why. For millions of 
consumers, the smartphone has become more than just a means to 
call or text. It is now their personal scheduler, navigator, 
jukebox, television and much more, thanks to apps available for 
download online.
    Health apps, which have risen in popularity in recent 
years, look to add physician, personal trainer, and dietician 
to that list as well. Many of these apps perform relatively 
simple tasks, such as helping users keep track of their 
calories or sending out a reminder to take a prescription. 
Other apps may actually analyze and diagnose a medical 
condition, effectively eliminating the need for a doctor's 
appointment altogether in some cases. And consumers and 
physicians alike are embracing health apps as a way to better 
manage and administer care. A growing health app marketplace 
mirrors a rising health consciousness amongst Americans, and we 
should support technology that yields positive outcomes for 
consumers.
    Like many of the technologies this subcommittee has 
examined this Congress, however, we must also be aware of the 
potential risks to personal safety, privacy, and data security. 
The safety and effectiveness of these apps should be closely 
examined. An inaccurate calorie counting app may be an 
inconvenience, but an app that incorrectly diagnoses a 
cancerous skin condition could be fatal. It is, therefore, 
essential that consumers and physicians understand the 
limitations of each app and recognize when they cannot 
substitute for a doctor's visit.
    Personal health information is a prime target for hackers, 
and breaches of this type of information in recent years have 
been devastating for consumers. In addition to these security 
gaps, I am also concerned with the lack of adequate privacy 
protections on a large percentage of these health apps. 
Healthcare data contains addresses, Social Security numbers, in 
addition to diagnosis and prescription history. The more apps 
that handle this information, the greater the risk of a privacy 
breach for consumers. And exacerbating the health privacy 
problems is consumer confusion and, frankly, confusion by many 
stakeholders. Most people believe health information to be 
especially personal, requiring a higher level of privacy and 
security, yet the law protecting a person's personal health 
records, the Health Insurance Portability and Accountability 
Act, HIPAA, applies only to health plans, healthcare 
clearinghouses, mosthealthcare providers, and their business 
associations. Many, if not most, health apps available right 
now in the app store are not covered entities under HIPAA. So, 
even if these apps collect the same information as a healthcare 
provider, the same protections may not apply.
    So mobile health technology is where we are, where we are 
going. As the mobile app industry continues to grow, I believe 
that prioritizing privacy, security, and safety will benefit 
consumers and businesses alike. And so I look forward to 
learning more about the potential of health apps to improve 
health outcomes for consumers and the protections that these 
apps are putting in place.
    Unless someone on my side wants the time, I yield back. 
Thank you, Mr. Chairman.
    Mrs. Blackburn. If the gentleman would yield to me.
    I am thrilled that Mr. Pallone is revealing his age by 
using the term ``jukebox.''
    I yield back.
    Mr. Pallone. I'm sorry. I didn't say ``icebox,'' at least. 
That is even worse. And I say that sometimes too.
    I yield back.
    Mr. Burgess. The gentleman yields back.
    We will await punching B17 on the jukebox.
    That concludes member opening statements. The chair would 
like to remind members that, pursuant to committee rules, all 
members' opening statements will be made part of the record.
    Again, we do want to thank all of our witnesses for being 
here this morning, taking time to testify before the 
subcommittee. Today's witnesses will have the opportunity to 
give opening statements, followed by a round of questions from 
members.
    Our witness panel for today's hearing will include Dr. Matt 
Patterson, President at AirStrip; Dr. Bettina Experton, 
President and CEO of Humetrix; Dr. Laura Ferris, Assistant 
Professor, University of Pittsburgh, Department of Dermatology; 
Dr. Ray Dorsey, Professor of Neurology and Director of the 
Center for Human Experimental Therapeutics at the University of 
Rochester Medical Center; Ms. Diane Johnson, Senior Director, 
North America Regulatory Affairs Policy and Intelligence 
Medical Devices, at Johnson & Johnson; and Mr. Nicolas P. 
Terry, Professor of Law and Executive Director of the William 
S. and Christine S. Hall Center for Law and Health at Indiana 
University, Robert H. McKinney School of Law.
    We appreciate each of you being here today. Ordinarily, we 
would begin the panel with Dr. Patterson, but are we still 
waiting for some technical assistance? Yes.
    OK. I do this all the time. This is the premier predominant 
technological committee in the United States House of 
Representatives, the greatest deliberative body in the free 
world, and we frequently have trouble with our electronics 
here.
    So, Dr. Experton, let us begin with you, and we will come 
back to Dr. Patterson at the end.

  STATEMENTS OF BETTINA EXPERTON, M.D., M.P.H., PRESIDENT AND 
    CEO, HUMETRIX; LAURA FERRIS, M.D., ASSISTANT PROFESSOR, 
  UNIVERSITY OF PITTSBURGH, DEPARTMENT OF DERMATOLOGY; E. RAY 
 DORSEY, M.D., M.B.A., PROFESSOR OF NEUROLOGY AND DIRECTOR OF 
 THE CENTER FOR HUMAN EXPERIMENTAL THERAPEUTICS, UNIVERSITY OF 
    ROCHESTER MEDICAL CENTER; DIANE JOHNSON, NORTH AMERICA 
  REGULATORY AFFAIRS POLICY AND INTELLIGENCE MEDICAL DEVICES, 
 JOHNSON & JOHNSON; NICOLAS P. TERRY, HALL RENDER PROFESSOR OF 
 LAW AND EXECUTIVE DIRECTOR OF THE WILLIAM S. AND CHRISTINE S. 
 HALL CENTER FOR LAW AND HEALTH, INDIANA UNIVERSITY ROBERT H. 
 MCKINNEY SCHOOL OF LAW; AND MATT PATTERSON, M.D., PRESIDENT, 
                            AIRSTRIP

          STATEMENT OF BETTINA EXPERTON, M.D., M.P.H.

    Dr. Experton. Chairman Burgess, and distinguished 
subcommittee members, thank you for the opportunity to appear 
before you today to discuss the disruptive role of mobile 
health applications in transforming the U.S. healthcare system. 
My name is Dr. Bettina Experton, and I am the founder and CEO 
of Humetrix, a mobile health technology company based in Del 
Mar, California.
    As a member of the Consumer Technology Association's, CTA, 
Health and Fitness Technology Board, Humetrix actively worked 
on the CT Guiding Principles on the Privacy and Security of 
Personal Wellness Data because it is important that consumers 
understand both the potential value of patient-facing 
technologies and the privacy options they have. We believe that 
this will help drive adoption of these important lifesaving 
apps. Humetrix's mobile health apps address critical health 
needs and can literally save lives.
    One of our apps, SOS QR, recently won the prestigious FCC 
Chairman's Award and was designed to help anyone in an 
emergency situation. Through the app, anyone can call for help, 
send their GPS location, and even if the user is incapacitated, 
his or her critical health information can be made immediately 
accessible to emergency responders. And when you travel abroad, 
this information can be displayed in the language of that 
emergency responder automatically.
    Another Humetrix app, TENSIO, can help more than 30 million 
Americans with uncontrolled high blood pressure, managing their 
hypertension in consultation with their physicians.
    But, today, I would like to focus on our iBlueButton app, 
which won multiple industry innovation awards, which can 
greatly improve patient safety and reduce healthcare costs by 
addressing the issue of the lack of interoperability of 
disparate electronic health record systems.
    The average Medicare beneficiary sees seven different 
doctors in a given year. Our veterans who access the VA 
healthcare system receive, in fact, more than 50 percent of 
their care outside the VA. Often they are transitioned from the 
DOD health system with complex medical needs. And the care 
transition is not optimum, as the exchange of VA and DOD 
records is complex to operate. In this environment, the 
potential of medical errors as a result of incomplete 
information is high.
    However, there is a cure: patient-facing mobile apps that 
put patients' medical data in their own hands, securely and 
effectively.
    Randy Watson is a disabled Army veteran who served in Korea 
and Vietnam and is an active user of the Humetrix iBlueButton 
mobile app to assemble and annotate his health records from the 
VA, Medicare, and his private providers directly and securely 
on his own smartphone. Randy manages various service-connected 
health problems, survived multiple heart attacks and had 
several surgeries, some of which were performed by non-VA 
surgeons. Because the closest VA Medical Center is more than an 
hour away, in emergency situations, he often finds himself in a 
non-VA hospital closer to his home. He reports that having his 
VA and Medicare records on his mobile device has resulted in 
doctors quickly getting the information they need and, in many 
cases, avoiding repeating costly tests like MRIs.
    When Randy uses iBlueButton, the app will automatically get 
his Medicare claim data, translate billing codes and assemble 
these with his VA and private providers' EHR data, 
automatically creating a usable and actionable summary record 
with all of his medications in one place, providers' contact 
details, and the dates of his past tests and procedures on his 
mobile phone. This ensures that his information is immediately 
accessible wherever he seeks care. And because all of his 
personal information resides on the device itself and all the 
computing is done in real time in the app, all personal data is 
safely and only stored on the user's mobile device, encrypted 
under the user's own control, rather than in the cloud or other 
servers, where it could be subject to hacking.
    With iBlueButton, more than 55 million Americans covered by 
Medicare, 10 million in the TRICARE program, and 9 million 
veterans using the VA system can securely download, understand, 
annotate, and share their medical history with any doctor to 
help ensure their own safety and control costs. Today, with the 
same goals, the State of New York is planning to provide next 
year a version of iBlueButton to their millions of Medicaid 
beneficiaries, who will be empowered with their own health 
information on their own phones wherever they receive care.
    In closing, I would like to thank you again for inviting me 
to testify today. At Humetrix, we believe that disruptive 
mobile technology, developed in the private sectors and placed 
in the consumer's hands, can be the needed disrupter to change 
the face of health care. I look forward to answering any 
questions. Thank you.
    [The prepared statement of Dr. Experton follows:]
    
    
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

  
    
    Mr. Burgess. The chair thanks the gentlelady. The 
gentlelady yields back.
    Dr. Ferris, you are recognized for 5 minutes for an opening 
statement, please.

                STATEMENT OF LAURA FERRIS, M.D.

    Dr. Ferris. Thank you. I appreciate the opportunity to 
testify today. I was invited here based on work that I have 
done showing the potential harm of mobile health technology, 
which both of you actually mentioned in your opening 
statements. However, I also do want to discuss how technology 
may improve patient care and access, particularly in my field 
of dermatology.
    The three points I would like to make and focus on are that 
direct-to-consumer apps that function as medical devices making 
unsubstantiated claims and that are not data-driven can put 
patients at a higher degree of risk, and regulatory oversight 
should reflect this.
    Telehealth applied to the field of dermatology does have 
the potential to improve patient access to high-quality care. 
And mobile health applications that aid in making a diagnosis 
really are most appropriately and safely used in the hands of 
physicians, and the regulatory path to developing such 
technologies should take into consideration the difference in 
risk posed by a medical device in the hands of a physician 
versus in the hands of a patient.
    So, because of the visual nature of my field of 
dermatology, we were really among the first fields to 
experience the breadth of applications that can be used in 
delivering mobile health care to patients. So I am going to 
talk a little bit about the good and the bad.
    So the first is my work as a researcher and clinician at 
the University of Pittsburgh. So I had many patients who came 
in and casually asked me about apps that they could download on 
their smartphone that allowed them to use their camera to take 
a picture of a mole and then the app would tell them ``this 
looks good'' or ``this looks bad.'' And so my research team and 
I thought this would be something interesting to study, because 
there really wasn't data to back these up.
    So we decided to look at three different apps that were 
available in the app store that were automated, inexpensive or 
free, and gave an immediate response as to if that lesion was 
likely to be skin cancer or not, and then a fourth app that 
sent the image to a board certified dermatologist who then gave 
feedback on it.
    What we found is that these three automated apps missed a 
third to over 90 percent of the melanomas, which is our most 
deadly form of skin cancer, that we presented to them. The 
board certified dermatologist missed only one. Really, that was 
less than 2 percent of the melanomas in our study.
    What does this mean? This means that if a patient had 
decided to save some time and money and used one of these apps, 
they could have been dissuaded at least a third of the time 
from seeking medical attention for something that is a curable 
disease when it is caught and treated early but fatal when it 
is caught late.
    However, they wouldn't have been aware of this, because 
these apps didn't provide them with data, and they didn't 
provide an adequate warning of the risk of a missed melanoma. 
So mobile medical apps that interact directly with the patient 
without physician input had the greatest potential for harm.
    Our findings did also show, however, that store-and-forward 
teledermatology can be an effective way to diagnose skin 
cancer. However, this must be done safely. In the apps that we 
used, the physician was not providing an extension of an 
existing relationship, and they were not able to do things such 
as arrange followup care. And there are several similar apps in 
dermatology that are currently available online, and many of 
these actually don't even provide care from a physician who is 
licensed in the United States.
    So it is important to realize that it is easier to ignore 
an app than it is to ignore a physician. It is also important 
to realize that a physician can provide care remotely as long 
as it is done safely.
    Finally, it is important that we have access for our 
patients to dermatologic care. We do have an issue of limited 
availability, particularly of dermatologists, and we think that 
this is a way that we can provide access to patients who might 
not have it otherwise.
    Finally, in addition, although I have already pointed out 
some of the pitfalls of using technology, in my own work, in 
collaboration with Carnegie Mellon University, we have 
developed a system that allows us to take an image taken with a 
tool attached to a smartphone called a dermatoscope that can 
allow us to upload an image of a skin lesion to a classifier, 
which can then analyze that and give an idea, give a score that 
helps to predict if that lesion is malignant or not. In our own 
study, we found that we could accurately identify 97 percent of 
melanomas with this tool.
    Others have developed similar technologies. We have always 
seen this as a tool that would be helpful in the hands of 
another healthcare provider, such as a primary care provider 
who may be seeing a patient with a suspicious lesion. It would 
allow them to get a basic risk assessment and communicate back 
with us. We have not seen this as a tool that would be helpful 
directly placed in the hands of a patient.
    So, in summary, I would just like to say that we think that 
the oversight of such tools should reflect the risk and that 
the risk in the hands of a physician is much lower than the 
risk directly in the hands of a patient. In addition, privacy 
concerns are allayed, because physicians in healthcare systems 
are covered entities under HIPAA. Thank you.
    [The prepared statement of Dr. Ferris follows:]
    
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    
    
    
    Mr. Burgess. The chair thanks the gentlelady.
    Dr. Dorsey, you are recognized for 5 minutes for an opening 
statement, please.

            STATEMENT OF E. RAY DORSEY, M.D., M.P.H.

    Dr. Dorsey. Chairman Burgess, Ranking Member Schakowsky, 
members of the Commerce, Manufacturing, and Trade subcommittee, 
today we have the means to enable anyone anywhere to receive 
care, to participate in research, and to benefit from those 
advances. Unfortunately, policy barriers limit adoption of 
these new tools.
    I am a neurologist at the University of Rochester Medical 
Center in Rochester, New York, and for the past decade, my 
colleagues and I have been applying technologies, including 
smartphones, wearable sensors, and video conferencing, to 
enhance research and improve care for individuals with 
Parkinson's disease and Huntington's disease. Currently, 
clinical trials are plagued by limited participation and 
insensitive outcome measures. For example, only 3 percent of 
individuals with cancer participate in clinical trials, and 
today, we assess whether a new drug works for Parkinson's 
disease with paper diaries and subjective assessments of finger 
tapping. We can progress faster with better tools, including 
smartphones.
    In March 2015, Apple created ResearchKit, an open-source 
platform for creating smartphone research applications, and 
released applications for asthma, breast cancer, cardiovascular 
disease, diabetes and Parkinson's disease. Within a day, 2,000 
individuals were participating in the Parkinson's disease 
study. In 7 months, over 70,000 individuals from every State in 
the union had enrolled in the study. In 1 year, nearly 10,000 
Parkinson's disease study participants were sharing their data 
with researchers globally. Because of their potential, 
pharmaceutical companies are incorporating smartphones into 
clinical trials. Such use could help determine whether new 
therapies are efficacious in smaller, shorter, cheaper studies 
and accelerate our ability to find treatments for Parkinson's 
disease and other neurological disorders that will affect 
almost all of us.
    In addition to smartphones, we use video conferencing to 
care for individuals with Parkinson's disease. Because of 
distance and disability, over 40 percent of Medicare 
beneficiaries with Parkinson's disease do not see a 
neurologist. Those that do not see one are more likely to 
fracture their hip, more likely to be placed in a skilled 
nursing facility, and more likely to die prematurely. Simple 
videoconferencing, like Skype, enables clinicians to reach 
patients in their homes. In a pilot study, these virtual house 
calls were feasible, provided comparable outcomes to in-person 
care, and saved patients and their caregivers 3 hours of time 
and 100 miles of travel. With 18 centers, including Baylor, 
Northwestern, University of Kansas, and the University of 
Florida, we are conducting the first national randomized 
controlled trial of virtual house calls for Parkinson's 
disease.
    Demand for telehealth is high. Over 11,000 individuals from 
80 countries and all 50 states visited the study's Web site, 
and nearly 1,000 individuals with Parkinson's disease wanted to 
participate in this 200-person study, which will complete this 
summer.
    Despite the promise and potential of these new 
technologies, policy barriers, including State licensure laws 
and Medicare's narrow coverage, limit adoption. In 2015, 
Medicare spent less than one-hundredth of 1 percent of its 
budget on telehealth. Currently, Medicare pays neurologists 
$150 to see a patient with Parkinson's disease in a hospital-
based clinic, $80 for a visit in a community-based clinic, and 
zero dollars to see a patient remotely in her home. In essence, 
Medicare subsidizes institution-based care and disincents 
patient-centered care.
    Fortunately, policy solutions are available. The Tele-Med 
Act would enable any Medicare provider to care for me Medicare 
beneficiary. The act mirrors how physicians in the Veterans 
Administration can care for any veteran anywhere in the U.S., 
and last year, the VA provided over 2 million telehealth 
visits.
    The Medicare Telehealth Parity Act would expand Medicare's 
coverage of telehealth, which today reaches veterans, military 
personnel, Medicaid beneficiaries, and prisoners, but largely 
excludes 50 million older Americans.
    Fifty-one years ago, a Texan signed legislation that 
guaranteed all older Americans healthcare coverage. Two 
generations later, Medicare is showing its age. However, this 
committee, led by a Texan, can help ensure that this 
generation's tools fulfill Medicare's founding vision and 
extend care to every American senior everywhere.
    Thank you very much for your time and service.
    [The prepared statement of Dr. Dorsey follows:]
    
    
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    
    
    Mr. Burgess. Thank you, Dr. Dorsey.
    Ms. Johnson, you are recognized for 5 minutes for an 
opening statement, please.

                   STATEMENT OF DIANE JOHNSON

    Ms. Johnson. Before I begin my testimony, I would first 
like to thank Chairman Burgess for his key leadership on this 
issue and others. He has been a longstanding advocate for 
patients, and we appreciate his tireless efforts.
    Distinguished members of the subcommittee, thank you for 
the opportunity to come before you today and to detail critical 
applications within development at the Johnson & Johnson family 
of companies that will enhance physician and patient 
interaction while delivering additional patient tools in 
innovative ways. In addition, my testimony will focus on how 
Congress can help support these ongoing activities.
    As part of the Johnson & Johnson credo, we believe our 
first responsibility is to the doctors, nurses and patients, 
mothers and fathers, and all others who use our products. The 
commitment to safety is part of our DNA, factoring into our 
decisions and development of our products and services.
    With that credo in mind, J&J has developed a number of apps 
to help individuals monitor their health or health of their 
family and support the doctor-patient relationship. I will 
describe a few key points, but there are many more.
    The goal of this suite of apps is to empower patients, 
reduce cost of care, and enhance patient outcomes.
    OneTouch Reveal allows patients to check blood sugar 
results on a mobile phone or tablet. The app provides overviews 
and a 365-day logbook with colorful visuals and simple 
navigation. It provides the patient with the ability to share 
ongoing information with his or her physician, allowing for 
enhanced care management for people with diabetes.
    Care4Today Mobile Health Manager is a mobile app and Web 
site designed to support and motivate people to stay on 
schedule with their medication and report adherence to their 
treatment plan as prescribed by their physician. The 
application helps ensure that the physician is aware of 
possible drug interactions or problems with medication 
adherence.
    The PATIENT ATHLETE Program is designed to help patients 
preparing for surgery to take their experience beyond merely 
reducing the pain. The program encourages patients to emerge 
stronger, healthier, and ready for the next chapter of life. 
Key components include a self-guided video-based training 
program led by a performance coach who had a bilateral knee 
replacement and uses the same concepts to enhance his own 
experience. Eight core lessons, two per week, to complete over 
a 4-week period prior to surgery and 11 refresher lessons to 
complete post surgery.
    The Johnson & Johnson 7 Minute Wellness for Expecting and 
New Moms App is a science-based wellness resource designed to 
help new moms manage and expand their energy during pregnancy 
and after giving birth.
    The Digital Health Scorecard helps one determine one's 
health score and better understand the likelihood of developing 
common chronic diseases such as diabetes, heart or respiratory 
disease, or cancer.
    HEALTHYDAY gathers data from the same trusted sources that 
doctors and hospitals use and cross-references information with 
local crowd-sourced data to determine what illnesses are 
trending nearby. This help informs the user to determine 
whether what they are feeling may be a cold, the flu, or pesky 
allergies. Then when you are feeling great, it lets you see 
what is going on around local and sends real-time alerts to 
help you know what to watch out for.
    With this demand for cutting-edge technologies and 
continuous innovation, we as manufacturers must remain diligent 
in ensuring that cyber security is an integral part of the 
process. We believe that patient safety, including security of 
their data, is the most important consideration. To that end, 
foundational to our approach to cyber security is the 
development of a formalized security framework for our 
products. From a policy perspective, we believe that, in order 
to ensure the continuous innovation, smart regulation is 
critical.
    Currently, the FDA has shown great flexibility in 
establishing the types of apps for which the agency intends to 
exercise enforcement discretion; that is, the FDA will not 
enforce the requirements of the act. FDA released a guidance 
document that provides examples. This guidance document is 
extremely useful, and J&J is supportive of this approach, but 
having specific criteria that determines what is and is not 
regulated is key.
    Johnson & Johnson worked extensively with the HELP 
committee and other stakeholders to craft the language of the 
SOFTWARE Act that would provide this clarity. While additional 
work may need to be done to reconcile the SOFTWARE Act with the 
MEDTECH Act, the goals are similar, and we would encourage 
Congress to complete the work and provide companies with the 
regulatory certainty that will foster innovation and encourage 
investment in this space.
    We think the following considerations are critical, that 
the functionality is what is critical, what the app does--not 
the platform it runs on--and that the findings should be 
applied regardless of whether the app developer is or is not 
considered a medical device manufacturer.
    The policy changes are similar to those raised in the 
wearable devices hearing, including device security, data 
ownership, and privacy laws.
    We hope you can ascertain that Johnson & Johnson strongly 
encourages and supports these activities, which enhance the 
doctor-patient relationship and improve patient empowerment and 
access to medical products. We look forward to continue working 
with Congress. Again, thank you for the opportunity.
    [The prepared statement of Ms. Johnson follows:]
   
 
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
  
   
   
    
    Mr. Burgess. The chair thanks the gentlelady.
    Mr. Terry, you are recognized for 5 minutes for an opening 
statement please.

                 STATEMENT OF NICOLAS P. TERRY

    Mr. Terry. Chairman Burgess, Vice Chairman Lance, Ranking 
Member Schakowsky, and members of the subcommittee, it is a 
privilege to share my thoughts and some of the legal and 
regulatory issues involving healthcare apps. I congratulate 
this committee on its Disrupter Series and its engagement on 
these forward-looking and exciting issues.
    I live in a small village just north of Indianapolis, where 
I receive particularly superior representation. My day job is 
serving as a professor at Indiana University Robert H. McKinney 
School of Law. There I teach and write about health law and 
policy, with a particular interest in information technologies 
and healthcare data protection.
    Some of my work is examining the question, why health 
information technology, such as electronic health records or 
clinical decision support systems, has failed to transform or 
disrupt health care. I concluded there were several overlapping 
explanations. These included typical healthcare market failure 
problems, overarching structural issues, the illiquidity of 
healthcare data, and underperforming technologies.
    Not surprisingly, Federal and State policymakers have 
turned toward subsidy and command-control models in an attempt 
to promote HIT adoption. Mobile health and healthcare apps 
potentially avoid these problems. They posit inexpensive care 
pulled by patients only when needed and delivered away from 
inconvenient, centralized locations.
    Obviously, many mobile health apps will be developed with 
regard to existing healthcare relationships, offering improved 
condition management, particularly for chronic diseases. Many 
of these apps will be subject to existing regulatory models.
    However, the most disruptive health apps are those that are 
patient-facing. These create or may create a direct app-patient 
relationship that lacks professional intermediation and, as a 
result, traditional regulation of safety, quality, and 
confidentiality.
    The regulatory framework for most of these apps is 
complicated and, in some cases, troubling. Here, the 
oversimplified binary of regulation versus innovation is a poor 
frame. Rather, we have a current technological space that is 
subject to both over-regulation and under-regulation. This is 
also a space I would suggest where overarching labels, such as 
health apps, mobile health, or digital health, are not always 
helpful. Different apps for different functions used in 
different contexts by different persons pose quite diverse 
policy questions.
    For present purposes, I restrict my comments to three 
issues: safety, effectiveness, and data protection.
    First, the Food and Drug Administration has used a 
subregulatory guidance to signal a light touch regarding most 
categories of apps. However, patient diagnosis and treatment-
recommending apps, that arguably could be useful and stimulate 
innovation, remain subject to traditional device regulation. 
Arguably, this approach frightens off responsible innovators 
while the FDA lacks the bandwidth to deal with the many 
industry minnows selling apps on the app stores that seem to 
cross the regulatory line. Such a state suggests that 
additional regulatory clarity is required, together with some 
innovative regulatory models that is more attuned to the rapid 
iteration in the mobile industry.
    Second, there is the question of app efficacy or 
effectiveness. Even if they are safe, many health apps are 
simply ineffective. The structure of the app market and the 
absence of effective infomediaries create immense problems for 
consumers looking for quality apps, creating doubts as to 
whether the market will function effectively. This is a classic 
consumer protection problem, and in my opinion, the Federal 
Trade Commission has taken the correct approach in demanding 
competent and reliable scientific evidence in app cases 
involving, for example, claims of melanoma detection and vision 
improvement. However, sufficient regulatory resources must be 
deployed in this endeavor lest innovative apps are drowned out 
by mobile health snake oil.
    Third, data protection. This is an area of acute under-
regulation. Most patient-facing apps existing exist in what I 
call a HIPAA-free zone, subject only to a small number of State 
laws or, in the most egregious cases, to the FTC's unfairness 
jurisdiction. Here, our flawed sectoral downstream approaches 
to data protection are on full display.
    This country has enjoyed a deep-rooted cultural expectation 
of and professional commitment to health privacy, no doubt in 
part because healthcare data seems particularly susceptible to 
discriminatory and other harmful uses. Every day, doctors 
rightfully reassure their patients as to the legally enforced 
confidentiality of the information they share while their 
offices distribute mandated privacy notices. However, the same 
or similar data collected on mobile devices lack these 
protections. Most mobile health apps, particularly the more 
disruptive patient-facing ones, are not subject to HIPAA 
privacy and security rules, leaving patient wellness and health 
data woefully unprotected. In my opinion, Federal data 
protection law that obviates the gaps between our commercial 
sectors and protects health information wherever it happens to 
reside is overdue and is a necessary precondition for the full 
embrace of disruptive health apps by both medical professionals 
and consumers.
    Again, I express my thanks to the committee.
    [The prepared statement of Mr. Terry follows:]
    
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    
    
    
    Mr. Burgess. The chair thanks the gentleman.
    The gentleman yields back.
    Dr. Patterson, we will come to you finally. Are we good?
    Dr. Patterson. I hope so, sir.
    Mr. Burgess. I hope so too. Very well. You are recognized 
for 5 minutes. Regardless of whether the technology works, we 
are happy you are here and look forward to what you have to 
say.

               STATEMENT OF MATT PATTERSON, M.D.

    Dr. Patterson. Chairman Burgess, Ranking Member Schakowsky, 
and members of the subcommittee, thank you for the opportunity 
to be here with you.
    I am excited to hopefully show a glimpse of the software 
that my firm, AirStrip, creates because I think that that is 
the best way to really demonstrate the opportunity for mobile 
health to improve healthcare outcomes as well as to set the 
platform to talk about some of the challenges.
    So, as a United States Navy physician, I got my first taste 
of the value of mobile technology in remote care. I left 
clinical practice to devote my career toward the improvement of 
healthcare access, quality, and cost efficiency at scale in the 
United States. Before I joined AirStrip, I consulted with major 
U.S. health firms around the country as they transitioned from 
fee-for-service based reimbursement to value-based 
reimbursement. And I saw firsthand that, after waves of cost-
cutting, they finally realized that the only way to really move 
the needle further and get further gains is to bring about 
broad transformation in healthcare delivery, and that is 
shifting high-quality care to lower cost settings, using all 
the resources. So now, as president of AirStrip, I feel very 
fortunate to be creating solutions to address that challenge.
    I would like to show you what AirStrip created with the 
following scenario. So imagine I am a doctor, and I am in a 
value-based care program like the Medicare Shared Savings 
Program. I get a call from a patient from the call center on a 
patient, who was discharged 2 weeks ago with heart failure, now 
feeling short of breath at home and wondering what to do. The 
primary care doctor is a colleague, but let's say I don't know 
the patient very well. I get a name and phone number from the 
call service and that is it.
    So when I was in this situation as a doctor, I would try 
desperately to create some kind of objective context before I 
made that phone call. But, since that was usually impossible, 
most of those phone calls ended with: You should go to the 
emergency department.
    Today, we must do better. We must prevent avoidable 
escalations in care while improving outcomes, and we need the 
right tools to do that. So, hopefully, if all goes well, I can 
show you that.
    The eagle has landed. OK. So I would, of course, have to 
authenticate and log in, either with biometrics or a password, 
but once I am in and I find my patient, I get, in near real 
time, a longitudinal view of this patient's data, multiple 
tiles populating on the fly from multiple disparate sources of 
information.
    So, if this patient had home monitors, I would be able to 
pull up home monitoring data, see trended vital signs, like 
weight and blood pressure, since the patient was discharged. 
Since I don't know the patient that well, I could then view 
documents that were logged by their primary care doctor. And 
since the patient was just recently discharged from the 
hospital, I could also take a look at a different electronic 
medical record note that came from the hospital setting.
    So, right there, with 10 seconds and three clicks, I can do 
what was previously impossible for doctors. I mean, I can't 
explain the revelation that doctors have of being able to go to 
one place and not have to log in 20 different times in order to 
view this data.
    We can also accommodate FDA-regulated medical devices. In 
fact, we were pioneering the first medical software to be a 
Class II regulated medical device. So I can view at 12G ECG on 
this patient if they had a body sensor monitoring them at home, 
and I can view that side by side with an electrocardiogram that 
was done perhaps in the hospital. And the level of fidelity 
that I can pull up in real time using pinch and zoom and normal 
gestures that we all use on our smart devices, I can see very, 
very minute detail.
    Let's say that I wanted to get a quick opinion from a 
cardiologist about this patient. I could send a HIPAA-compliant 
secure text to another doctor, and I could share in real time 
where I was in this exact link to this electrocardiogram. So 
text-based asynchronous work flows are the norm now in health 
care. It has totally replaced phone calls in many 
circumstances.
    So, as a recipient cardiologist, when I get this, I can 
then explore other places in the work flow, to include looking 
at other monitors that may be hooked up to the patient--in this 
case a cardiac monitor--that I can search through, or I can 
even look as if I am standing at the bedside in near real time, 
wherever I am, wherever the patient is, across the continuum of 
care.
    So, with a view like this, when I have all of the data in 
one place, it is much easier for me to come to a conclusion to 
tell this patient ``you should come to my office, and I can see 
you immediately right now'' or ``come tomorrow morning,'' and I 
will feel a lot more confident about that if that is the right 
decision.
    So if we are going to do anything when it comes to helping 
clinicians in a value-based reimbursement climate, we have to 
address work flow improvement. And by ``work flow,'' I mean, 
the way that people interact with data on devices. It is the 
clicks they have. It is the swipes of the screen that they do. 
And I think that that is the thing that is making the biggest 
difference in mobile health technology on the provider side and 
the physician side, is making it easier for them to interact 
with that data.
    I describe several challenges in my written testimony, but 
very, very briefly, I think mobile help applications require 
true interoperability with existing data sources. So, in 
technical terms, we need open, bidirectional, complete, and 
affordable outpatient programming interfaces. And the 
technology already exists to do that today. We don't need 
future standards.
    Interoperability enforcement can be strengthened through 
seamless grant and incentive structures. On the regulatory 
front, there is an opportunity to improve and clarify mobile 
health technology classification by the FDA and to expedite 
real-time communication on submissions for innovative solutions 
that may not fit in previous categories.
    Finally, updating telehealth definitions for HIPAA and 
other policies to reflect the current state of technology 
offerings would be very welcome.
    Thank you again for the opportunity. I apologize for taking 
a little bit of extra time, but I appreciate the opportunity to 
show our software to you.
    [The prepared statement of Dr. Patterson follows:]
   
   
   
   [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

   
   
    
    Mr. Burgess. The chair thanks the gentleman.
    So I want to thank all of our witnesses for their succinct 
presentations this morning.
    Dr. Patterson, it was worth the wait to see your mobile 
device up on the big screen.
    We are going to move to the question-and-answer portion of 
the hearing, and I would like to recognize the gentleman from 
New Jersey, Mr. Lance, to begin the questioning.
    Five minutes, please.
    Mr. Lance. Thank you, Mr. Chairman.
    And good morning to the panel.
    To Ms. Johnson from J&J, the FDA issued mobile medical app 
guidance in 2015 to help stakeholders understand how the FDA 
plans to oversee healthcare apps that include medical device 
functionalities. In your judgment, is there a need for more 
regulatory clarity and certainty, particularly regarding the 
FDA's enforcement discretion for healthcare apps that do not 
operate as medical devices?
    Ms. Johnson. Yes. We do support that legislative clarity is 
needed in this area.
    Mr. Lance. Is regulatory uncertainty affecting investment 
and innovation in the healthcare apps market, not only 
regarding J&J but based upon your experience across the entire 
field?
    Ms. Johnson. At Johnson & Johnson, we are a very large 
company. We have very sophisticated regulatory departments and 
extensive law departments. And I think for us it is somewhat 
easier to navigate. Where we see the real struggle is with the 
smaller innovative app developers, the one-, two-, three-people 
companies that don't have access to the level of expertise. 
Their level of comfort with enforcement discretion and the 
investor's level of comfort with enforcement discretion is 
certainly, from my experience, quite a bit lower than it is 
with J&J. So I believe it is really impacting the small 
companies.
    Mr. Lance. Are there other distinguished members of the 
panel who would like to comment on that? What would you propose 
is the right level of FDA and FTC oversight over apps that 
don't meet the definition of a mobile medical app under the 
FDA's guidance but may have health- and medical-related 
components, Ms. Johnson?
    Ms. Johnson. Well, the decision should be risk-based, as 
long as they don't--they are not performing functions that meet 
the definition. The current regulatory environment is positive, 
but we do believe that the patient privacy aspects need to be 
better addressed and a patient's ownership of the data and the 
ability of people to sell patient's data should be more 
transparent.
    Mr. Lance. And I think we are all of that view, that 
patients' privacy should be foremost, and certainly that is 
something on which we should be working here in Washington. And 
I started with you because J&J is a great New Jersey company, 
and much of J&J is in the district I have the honor of serving.
    Dr. Patterson, from your perspective, what are the biggest 
legal and policy barriers preventing or obstructing the 
adoption of healthcare apps and other digital healthcare 
technologies for patients and for providers?
    Dr. Patterson. I think some of the greatest challenges 
right now that we face on the policy and regulatory front have 
to do with both interoperability enforcement as well as to 
clarity from the FDA on classification of more innovative 
solutions.
    So, briefly, on the second point--and it feeds on what you 
were just talking about--I think that we have to consider 
situations where a platform can accommodate both data that is 
in the sophisticated medical device, medical grade world of 
sensors as well as be able to accommodate consumer-based data 
in one place, because the combination of those two data 
elements can lead to some very, very insightful analytics and 
predictive insights about patient behavior and outcomes.
    And so the concept that I would introduce is one of 
provenance, and provenance refers to knowing where a piece of 
data comes from. So getting clarity on data provenance and what 
the burden is of provenance, that when a consumer device or a 
medical device shares its data with something else, you know 
where that data element came from and what grade of data 
element that was.
    Mr. Lance. And is provenance an area where, working 
together, we have to do a better job?
    Dr. Patterson. I would agree so, yes.
    Mr. Lance. Thank you.
    I yield back 35 seconds, Mr. Chairman.
    Mr. Burgess. The admonition to do a better job is so noted 
and will be taken under advisement by the chair.
    The chair recognizes the gentlelady from Illinois, Ms. 
Schakowsky, 5 minutes for questions, please.
    Ms. Schakowsky. Thank you, Mr. Chairman.
    Thank you, panel.
    There was an article this week in the New York Times that 
prescribed caution for consumers seeking medical advice from 
Web sites and apps instead of going directly to a doctor.
    The study, conducted by doctors at the Mayo Clinic, tested 
the quality of medical advice provided by health Web sites, and 
the doctors found that, ``going online for health advice was 
more likely to result in getting no advice or incomplete advice 
than the right advice.''
    Now, Dr. Ferris, you conducted a similar study of apps 
meant to detect skin cancer. As you said in your testimony, you 
had similar results to the Mayo Clinic study. It seems that 
false negatives are a particular concern with these apps. What 
happens if an app falsely tells a person that a mole is benign?
    Dr. Ferris. If an app falsely tells a person that their 
melanoma is benign and reassures them that they can save their 
time and money and not go see a physician, the consequence will 
be that that melanoma is going to progress. It is going to be 
deeper. And it goes from being what is, diagnosed early, a 
fairly surgically curable disease with a simple inexpensive 
procedure to a fatal cancer.
    Ms. Schakowsky. And were the apps that you tested intended 
to be used with physicians, or were they meant for consumer 
use? I guess you called that, Mr. Terry, consumer-facing, is 
that what you said?
    Mr. Terry. Patient-facing.
    Ms. Schakowsky [continuing]. Patient-facing apps and using 
that app instead of going to a doctor?
    Dr. Ferris. In our study, we tested four apps. And the 
first three that were automated were intended to be patient-
facing, and they were not used in conjunction with a physician. 
So it was to give the patient an assessment of the risk of 
their lesion being skin cancer, and it would say, looks OK, 
green light, things like that, or it would say, red light, 
caution, get this looked out.
    They all contain some sort of small disclaimer but really 
not significant or sufficient information about the risk of 
misdiagnosis. None of them had data saying how likely they were 
to be wrong or the risk of a false positive versus a false 
negative.
    Ms. Schakowsky. And none of them made a suggestion that 
they go see a physician if they have further questions?
    Dr. Ferris. They generally somewhere in their warnings 
would say things like, you should see a physician if you have 
concerns. The problem is that that wasn't highlighted in the 
output that they gave, and they still gave medical advice, they 
still gave an assessment of that lesion.
    Ms. Schakowsky. I am just wondering from the panel, should 
we be considering this in two different categories, those that 
deal with professional health providers and those that are just 
alone, patient-facing? Is there anyone who disagrees with that?
    Dr. Ferris. So that is, I think, a very important 
distinction.
    So part of the reason--I have been interested in this idea 
of using technology to diagnosis skin cancer, and I think that 
there is potential that it can be helpful and safe.
    As I mentioned, sort of, at the end of my statement, I am 
working on a technology with computer scientists at Carnegie 
Mellon in Pittsburgh where, you know, we are doing validation 
studies. We are trying to understand how we can use technology 
to better understand melanoma.
    We have very promising early results. However, I would 
never put that out and make it available to my patients, 
because I feel that this is technology better used in the hands 
of a physician. We all know, all of us who are physicians up 
here know that sometimes your clinical judgment overrules what 
the tests that you ordered showed.
    And so, really, I am a proponent of having really a little 
more flexibility and regulations that respect the decreased 
risk when there is additional information provided to a 
physician and it is really physician-to-physician communication 
that is being impacted or data being provided to a physician 
who ultimately communicates that back to the patient and helps 
to make a decision about the course of the treatment of that 
patient.
    Ms. Schakowsky. Dr. Patterson, in the display that you had, 
the doctor that is looking at all the data is not the physician 
that the patient normally goes to. Is that true?
    Dr. Patterson. It can be a situation where it is a primary 
physician, or it could be a colleague or another member of the 
care team.
    Ms. Schakowsky. But on that care team.
    Dr. Patterson. Correct.
    Ms. Schakowsky. I see.
    Again, is there anyone here who thinks that there ought not 
to be a distinction between those that are physician-driven, 
that are healthcare-provider-driven, and just the app?
    Did you want to answer that?
    Ms. Johnson. I think when we were working on the language 
around the SOFTWARE Act, we tried very hard to embody the 
concept that there is a big difference and that, if it is the 
patient trying to make a decision, that is a lot different than 
the physician. And the physician who is getting the information 
needs to understand the context around the information that 
they are receiving. And we do believe it makes a critical 
difference.
    Ms. Schakowsky. OK.
    Can Dr. Dorsey reply?
    Dr. Dorsey. The FDA guidance is around regulating apps that 
are used to diagnosis or treat a condition, and I think that is 
great guidance. Apps that empower consumers to give them more 
information on how they are sleeping, how they are eating, how 
they are exercising, potential medication interactions, those 
are all very valuable.
    I think the concern comes around when you are giving a 
diagnosis or a treatment recommendation. I think that would be 
the distinction that I would highlight.
    Ms. Schakowsky. Right.
    And that is your expertise, too, Mr. Terry. What did----
    Mr. Terry. I think, yes, the patient-facing-against-
professional-facing differentiation is important. But, equally, 
I think, as this moves forward with the pace that it is 
showing, we may end up with additional categories, including 
some sort of hybrid categories.
    I think it is also quite possible that we would want to get 
more granular and distinguish between some patient-facing apps 
and others. So, for example, the risk of a melanoma negative, a 
false negative, is such that we maybe wouldn't want that. But, 
on the other hand, personally, I would find it quite useful if 
my watch would tell me when I am about to have a myocardial 
infarction and tell my car to pull over and also phone my 
spouse and tell her I am going to be late for dinner.
    Ms. Schakowsky. Thank you.
    Dr. Experton. If I may add a point on this, Mr. Chairman, 
yes, those patient-facing mobile apps can also be extremely 
important in the physician-patient communication.
    We discussed, you know, how we want to avoid medical harm. 
Today, in America, the third-leading cause of deaths are 
medical errors. About one-fourth of them are caused by the fact 
that, at any given point in time, a physician doesn't have the 
full picture of the history of that patient.
    So when a patient comes with a medical app which provides 
the key information that a physician needs to properly 
diagnosis and treat, we can address a dramatic public health 
issue. And so, with those apps, we are talking about enhancing 
the physician-patient communication, and then the patient 
provides that information the physician is seeking, which often 
lacks when that Medicare beneficiary comes alone or with a 
family caregiver and comes a critical question from that 
physician: What medication do you take?
    And oftentimes it can be half a dozen of those. And at one 
point that patient may say, ``I take a pink pill, but I don't 
remember the name of it.'' Then comes the additional 
prescription which can interfere with that list of multiple 
medications that Medicare beneficiary is taking.
    So those are the situations of life-and-death scenario, 
where more harm is being done with a lack of information. And 
arming the patient with tool to enhance their memory, to 
provide their physician with a list of medication which the 
physician can see, provided from that Medicare source it can 
trust, is lifesaving. So I would put that category of 
applications, of patient-facing applications, a hybrid indeed 
application, they are of critical use for the physician.
    I am a former adjunct professor of medicine at University 
of California, San Diego. I am a former public health officer; 
I am a data scientist. And, at one point, it came to me that a 
commonsense approach to the lack of information we have is to 
outfit patients with the critical information they need to 
present to their physician. Because we are still in a very 
fragmented healthcare system. We spend $35 million in the 
HITECH Act. The patient has to be part of that story to 
communicate information that their physician needs.
    Ms. Schakowsky. Thank you for your indulgence, Mr. 
Chairman.
    And thank you, panelists.
    Mr. Burgess. Absolutely. You will pay for it later.
    The chair would like to recognize the gentleman from 
Mississippi, Mr. Harper, 5 minutes for questions, please.
    Mr. Harper. Thank you, Mr. Chairman.
    And thanks to each of you for being here. This is such an 
important topic for our future and for today.
    Ms. Johnson, the Center for Telehealth at the University of 
Mississippi Medical Center in Jackson, Mississippi, is a leader 
in providing health care using telemedicine, especially to 
underserved populations.
    How do telemedicine and other mobile health technologies, 
including healthcare apps, affect patient engagement in the 
healthcare system? And what does this mean for the 
accessibility, affordability, and delivery of care?
    Ms. Johnson. Well, certainly, as the healthcare system as a 
whole becomes more interoperable and data-sharing is possible 
across the entire healthcare system and patients have access to 
all of their information, the patients will become more 
engaged. As the patients become more engaged, we believe this 
will help reduce healthcare costs, help them make more cost-
conscious decisions.
    So, really, as the whole ecosystem grows to be as one and 
the patients have access to their data, we do think it will 
change the way the healthcare system operates.
    Mr. Harper. Thank you.
    Dr. Dorsey, in your testimony, you talk about Medicare's 
limited coverage of telehealth. How is Medicare's current 
reimbursement scheme impacting clinicians' adoption of 
telehealth and other mobile health technologies? Tell us your 
opinion on how that is working.
    Dr. Dorsey. Congressman Harper, thank you very much for the 
question. Thank you very much for your advocacy for telehealth.
    It really impacts patients. So, as I mentioned, 40 percent 
of Medicare beneficiaries with Parkinson's disease don't see a 
neurologist. And that happens in Mississippi, that happens in 
Texas, that happens in Nevada, and it even happens in New York 
City. And the reason they can't access it is because they are 
either an outsider--all of us in this room are healthcare 
insiders and we can readily access care, but many people can't 
because of distance or disability. And, increasingly, we ask 
people who are disabled, have limited mobility and impaired 
driving ability, to drive to urban centers to receive care. We 
have it backwards. We should be providing care to individuals 
on their terms, in their environments, and not in institutions.
    And Medicare, which increasingly stands alone in its 
limited coverage of telehealth, is limiting access to care for 
Medicare beneficiaries, including 2 million homebound Medicare 
beneficiaries who can't access care increasingly, except by 
either physicians and clinicians visiting them or through 
telehealth.
    Mr. Harper. OK. So is there a role from Congress in 
addressing this issue?
    Dr. Dorsey. Absolutely. The VA covers telehealth, and 2 
million telehealth visits were conducted last year. Increasing 
reimbursement for telehealth would be an outstanding start, 
including coverage of telehealth provided into the home, where 
it is most beneficial, most convenient, and most centered on 
the needs of patients.
    Medicare could stop incenting institution-based care by 
providing higher incentives to institutions for the same visits 
that could be conducted remotely that are centered on the needs 
of patients.
    Mr. Harper. Thank you, Dr. Dorsey.
    Ms. Johnson, do you have specific examples of how your 
mobile healthcare technologies or these technologies generally 
have shown demonstrable changes in patients' health status or 
in improved patient health outcomes?
    Ms. Johnson. Well, I can't say that there is published 
statistically significant data available, but, certainly, with 
the diabetes care solutions, in particular, we do see, 
generally speaking, the appearance of less excursions of blood 
sugar, you know, being too high and too low.
    There is certainly literature to support that sort of 
improved control leads to a reduction in complications from the 
diabetes. But there is no published data to support that. But, 
certainly, with the diabetes, we see better control.
    Mr. Harper. Thank you very much.
    And, Dr. Dorsey, the Congressional Budget Office, CBO, has 
raised concerns that expanding telehealth and remote patient 
monitoring, or RPM, services within Medicare will be costly to 
implement and sustain. The CBO scoring does not look at longer-
term cost savings that could result from a healthier Medicare 
patient population.
    Could you share any insight on those cost savings that 
telehealth and RPM services have provided in other settings and 
how that might impact Medicare in the future?
    Dr. Dorsey. There is tremendous empirical evidence to get 
around this concern that increased reimbursement will lead to 
higher cost. Increased reimbursement will lead to increased 
utilization of services, but in the grand scheme of things, 
physician visits at $70 a visit are much less expensive than 
$1,000 emergency room visits and $17,000 hip replacements.
    The VA uses telehealth. They are under a fixed budget, and 
they view it as a cost-effective solution for providing 
patient-centered care to military veterans.
    Kaiser Permanente this year will have more virtual visits, 
in the form of phone, e-mail, video, than in-person visits. 
They are under a capitated environment, and they obviously view 
this as a means for enhancing care at lower cost.
    Bills like the Medicare Telehealth Parity Act are a step in 
that direction, and we are just scratching the surface of what 
is possible. Our chief areas right now are Medicare's limited 
reimbursement and our arcane licensure laws.
    Mr. Harper. Thank you, Dr. Dorsey.
    And thanks to each witness for being here and sharing your 
testimonies with us.
    And I yield back.
    Mr. Burgess. The gentleman yields back. The chair thanks 
the gentleman.
    The chair recognizes the gentlelady from New York, Ms. 
Clarke, 5 minutes for questions, please.
    Ms. Clarke. I thank you, Mr. Chairman and our ranking 
member.
    I thank our experts for your testimony here today. It has 
been extremely edifying and certainly has raised a number of 
issues that I think we are all going to have to grapple with. 
It is something that I believe will advance us if done 
correctly. And I thank you once again for your testimony here 
today.
    Professor Terry, in your testimony, you mention that many 
apps are operating in a HIPAA-free zone. It is my understanding 
that, when HIPAA does not apply, the apps may be subject to FTC 
oversight. Is that correct?
    Mr. Terry. That is correct. The FTC has some general 
oversight with regard to unfairness that could apply and has 
been applied outside of the app space to security violations, 
for example, by businesses. However, the FTC's jurisdiction is 
very broad and therefore tends not to provide a lot of guidance 
for industry as a result, or certainty. And, of course, you 
have a major resource problem with regard to enforcement from 
that angle.
    Ms. Clarke. And I was going to go directly to that. The FTC 
is an enforcement-only regime when it comes to privacy. So is 
it the case that the FTC's privacy-related enforcement actions 
mostly have focused on companies' failure to comply with their 
own privacy policies?
    Mr. Terry. That is correct. And, as you point out, 
Congresswoman, it is an ex post facto regulation.
    Ms. Clarke. Right.
    Mr. Terry. The FTC has stated in a recent case that its 
jurisdiction does extend into the healthcare space as it tries 
to sort of break down one of the gaps between our privacy 
sectors. But there is a lot more that could be done, I think, 
in that way.
    Ms. Clarke. Absolutely.
    Professor Terry, if a health app that is not covered by 
HIPAA does not have a privacy policy at all or if the privacy 
policy permits the app to share or sell information, is there 
anything that prevents that company from selling or sharing 
personal information it collects?
    Mr. Terry. It is very difficult to find any clear answer 
``yes'' to that. Generally speaking, those apps are just going 
to be unregulated.
    Now, obviously, some jurisdictions, some states, like 
California, have state laws that require a privacy policy. If 
you are using the care framework or the health framework or the 
health kit framework from Apple, then the Apple store requires 
you to have a privacy policy.
    But the people that would comply with that are not our 
problem. It is the ones that don't comply with that that are 
the----
    Ms. Clarke. And, certainly, when we all are talking about 
portability in health care as well, if you are in California, 
great, but if you move someplace else, quality control becomes 
an issue, right?
    How have the app developers, as relative newcomers to the 
technology space, affected data security practices in the 
industry?
    Mr. Terry. Well, again, I think you have to recognize, 
particularly my copanelists, when we are looking at extremely 
responsible companies with lots of lawyers and lots of risk 
managers who are doing fine things. But our main concern is 
going to be the apps that are out there that simply have 
inadequate security. And there have been studies showing that 
that is the case.
    There have been studies shown, for example, in Canada that 
most wearable devices give off persistent tracking signals, 
creating privacy and security issues. And an English study 
showed that there were major security flaws even with apps that 
have been approved by the National Health Service for use 
there.
    Ms. Clarke. So how can we ensure that new companies are up 
to speed and know what they are doing with respect to data 
security before their products reach consumers?
    Mr. Terry. Well, I think I could have given my same 
presentation to any of the disrupter topics that you chose, and 
the reason for that is because we have this sectoral approach 
to privacy. And so my optimistic suggestion is that we move 
away from that and we have an overarching, comprehensive 
privacy law, data protection law, that would stop these gaps 
between these different industries or between the industries 
that are conventional and the disrupters, to stop those 
developing.
    In the absence of that, in a shorter term, I think the 
existing agencies probably need to maybe be given some 
additional powers. If I may give you one example, we know, for 
example, that the ONC, with its meaningful-use program, now has 
APIs, application programming interfaces, in order to improve 
the interoperability of data and share it with patients. And we 
all believe that that is a good thing. Yet the moment that data 
leaves the hospital or physician her, it merges into 
unprotected space.
    Ms. Clarke. Yes.
    Mr. Terry. So I think maybe we need sort of a version of 
the Pottery Barn rule, right? So if we give an agency the power 
to push the data out, we should also give that agency the power 
to protect it as it emerges from that sort of protective 
cocoon.
    Ms. Clarke. Dr. Experton, did you want to----
    Dr. Experton. Yes. Thank you for giving me the microphone. 
I think there is a very positive element in what technology can 
bring to that security question.
    We have all learned that phones can be highly secure, they 
cannot be broken down, with the FBI having to reach out to try 
to get information in an older iPhone series 5. The phone can 
be highly secure, and it is a personal device. So your phone 
can indeed store securely when the data is encrypted, which is 
the case for multiple applications--iBlueButton or Tensio for 
hypertension measurement.
    It is in your hands. It is under your control. You cannot 
break in. If hackers want to get to your data, they will have 
then to hack millions of phones instead of one server in a 
cloud. So I think technology has made incredible steps to give 
individual citizens control over their most personal and 
critical information, which is their health information.
    And I mentioned the iBlueButton app. At no point does 
Humetrix store or share that data. The data comes directly from 
the source, whether it is Medicare or TRICARE, VA or privatized 
care providers, directly to the user's phone, where it is 
securely encrypted.
    So modern technology and mobile technology answer critical 
healthcare needs. It is immediate access to information me, the 
patient, or my doctor needs. It is in my hands, under my own 
control. And we oftentimes forget that, indeed, technology has 
evolved to solve the very problems we have.
    Ms. Clarke. Thank you, Mr. Chairman. There is still an 
issue of quality control that we will all have to manage 
though. And I yield back, sir.
    Mr. Burgess. The chair thanks the gentlelady. The 
gentlelady yields back.
    The chair recognizes the gentlelady from Indiana, Mrs. 
Brooks, 5 minutes for questions, please.
    Mrs. Brooks. Thank you, Mr. Chairman.
    And thank you to our panel. This has been fascinating, and 
really appreciate your expertise.
    We know that in the next year, I have been told, 500 
million smartphone users worldwide will have a health app. So 
the apps are growing. We have to wrap our arms around what is 
the right way forward with respect to how we use these.
    And, in Indiana, Eskenazi Health in Indianapolis recently 
hosted what was called ``Connectathon,'' and it brought 
together software developers and innovators from across the 
state. And it was a competition, and the winning team built a 
medication adherence app that sends texts or mobile reminders 
to patients' smartphones to take or refill their prescription 
medications--obviously something critically important in 
patient care.
    And so I am encouraged with all that is happening out 
there. And we need these creative app developers like the teams 
in Indianapolis and around the country, but we also need to 
protect health data.
    And I must say, Professor Terry, welcome to Washington, 
D.C. You weren't a professor when I was at the law school in 
which you teach, and I wish to thank you for your leadership at 
the Hall Law and Health Center. And I think we all would really 
enjoy your classes, but I am happy I am not in law school any 
longer.
    Mr. Terry. You are always welcome.
    Mrs. Brooks. But had you been there, I would have certainly 
looked forward to taking your class.
    But I want to talk to you a little bit about the issues of 
context and functionality of the apps in defining and properly 
classifying it for proper regulatory and policy purposes. And 
that is something you have studied actually far more than I 
have studied and maybe more than most of the panel has really 
given a lot of thought to. And I think that is very important.
    Can you talk to us a bit more about--you talked about 
whether it is patient-facing versus physician- or provider-
facing. As we are crafting this important area of law that is 
growing and that is needed, what are, kind of, the 
classification tools and categories we should be looking at? Or 
should we not be looking at classification categories?
    It would be great also if you just gave us the proper 
privacy policy legislation that we could debate and discuss; we 
would welcome that. But what about with respect to the 
classifications in this space?
    Mr. Terry. Well, I think with respect to the 
classifications, Congressman Lance, you referred to the 2015 
subregulatory guidance. That is, in fact, a republication of 
one that was in 2012. And the way that this stuff is developing 
so fast, maybe that is worth a reexamination to see if we have 
more categories or categories that we can better define.
    I think that we probably know enough about this space now 
that there are some categories that have been proven to be 
risk-free, and we no longer need regulatory discretion; we just 
need to jettison now into the consumer electronic space and let 
them thrive as they can.
    So then the question is, can we actually be slightly 
cleverer with regard to how we categorize some of these 
products? Should we start maybe saying the condition-diagnosis 
type of app is a little bit different from the treatment type 
of app, so that we can get some space in there?
    And then I think the other thing that is a continual 
problem that high-tech disruptive industries face is that the 
timeframe for regulation is out of sync with the rapid 
iteration of these types of technologies. And I think it is 
going to take smarter people than myself to figure that piece 
out. But those will be the kind of pushes that I would throw 
out to the regulatory agencies to see if they could come up 
with something like that.
    Mrs. Brooks. And thank you. We look forward to your help 
and your continued suggestions in this space.
    Dr. Experton, quick question with respect to the 
iBlueButton. Because I am on a Medicaid Task Force 
contemplating reforms to our Medicaid program, and I understand 
the iBlueButton is being contemplated for the millions of 
Medicaid beneficiaries as well.
    And yet, can you please talk to us a little bit about what 
that app looks like, how it could help with cost containment, 
and, very briefly, how you have overcome with your products the 
HIPAA issues that Professor Terry brought up?
    And sorry, that is a lot. Mr. Chairman, if I might indulge. 
Thank you.
    Dr. Experton. Thank you, Congresswoman, for this question.
    Yes, the iBlueButton app I mentioned is also available for 
State Medicaid programs. And the State of New York took a 
leadership role in choosing that application, to have patients 
participate in solving the critical safety but also cost-
control issue any State Medicaid program has.
    So, with the iBlueButton app, we take the Medicaid claims 
the way we take the Medicare claims and, on the fly, on the 
app, decode financial information into clinical information in 
English for that Medicaid beneficiary to understand, review, 
annotate, research, and to share with their physician wherever 
they receive care.
    Medicaid beneficiaries are, more than anyone, subject to a 
problem of access and coordination of care. And, at most 
instances, any given patient doesn't have the full history of 
their medical care. So they come with that information coming 
from their claims, turn into a longitudinal health record right 
there on their phone, securely encrypted, which they can 
present, whether it is in the emergency room, whether it is 
some specialist to the next.
    So that is the use of iBlueButton. So we white-label and 
customize our iBlueButton app for a State Medicaid program, 
which is going to query directly from the app in the user's 
control that Medicaid database of claims and, in real-time, 
turn that claim data into a longitudinal record so that patient 
can say, ``Here, Doctor, the medication that has been 
prescribed to me and the one I continue to take or do not take 
because of this side effect I discovered through the app. Here 
is a test I got. You don't need to repeat.''
    Medicaid program represents about one-third of the State 
budgets. There is an issue of cost control, but there is also 
an issue of safety with the lack of coordination of care in 
those States. So this patient visit type of technology is 
critical on both fronts.
    Mrs. Brooks. Thank you very much.
    And thank you, Mr. Chairman, for the extra time. I yield 
back.
    Mr. Burgess. The chair thanks the gentlelady.
    The chair recognizes the gentleman from North Carolina, Mr. 
Butterfield, 5 minutes for questions, please.
    Mr. Butterfield. Thank you, Mr. Chairman.
    And good morning, one and all. Thank you to all of the 
witnesses for coming today. I have been watching some of your 
testimony on television, and at other times I have been moving 
around the Capitol, as most of the members have today, trying 
to complete our work before the August recess. And so thank you 
for your testimony.
    It is clear that for most Americans health information is 
so very personal, requiring a high degree of privacy and data 
security. But as Mr. Pallone said in his opening statement, I 
think there is some confusion for the average consumer when it 
comes to the privacy of their health information.
    And so, Professor Terry, it is my understanding that, 
despite the fact that that is not true, most people assume that 
health information is generally protected by HIPAA. Do you have 
any of those same concerns?
    Mr. Terry. I definitely do. Let me illustrate it by the 
simplest-of-all type of exchange that could involve a 
smartphone app, which is that I use an app to access my 
electronic health record. We want that kind of sharing, right?
    Well, the moment that that data leaves the electronic 
health record of the provider and enters the smartphone app, 
there is considerable confusion as to the legal state of it. 
Now, if that app was provided by the hospital or the provider 
or a business associate, then the HIPAA shield would be all 
over it. If it was not, if it was an app that the patient just 
purchased from an app store, then it is highly likely HIPAA 
would not apply.
    Now you have two sets of data, identical data, one on the 
her, one on the phone, identical data. One bundle is subject to 
the most stringent privacy protection we have in this country; 
the other is basically unregulated.
    The patient then, for example, could add some wellness 
information from a Fitbit app or something to that electronic 
health record. Now the data is different. The patient could 
then send that back to the doctor, back across the threshold. 
Now you have two more sets of data, but, again, completely 
different protective systems applying to them.
    I considered that certainly beyond my ability to explain to 
any patient.
    Mr. Butterfield. I think I read in the material that there 
are 160,000 apps that are out there.
    Mr. Terry. I think that is about right, yes, and growing.
    Mr. Butterfield. And growing.
    Does HIPAA protect all health-related information?
    Mr. Terry. No, it does not. So, for example, there is tons 
of data, probably more health-related data is being generated 
outside of the traditional healthcare environment than is being 
generated within it. So every time you use a supermarket 
loyalty card and you pick up, I don't know, a diabetes testing 
kit or an over-the-counter pregnancy testing kit, that little 
piece of data goes up into the data broker cloud.
    You are all familiar with the Target story of early 
diagnosis of pregnancy by the use of preferences with regard to 
hand lotion; exhaust data that comes off online sites that sell 
products, online resellers. Social media sites and, more and 
more frequently, mobile devices are all building this sort of 
surrogate version of your health life completely outside of the 
regulation of HIPAA. And it is being sold back to insurers and 
employers as body scores or health scores, which are 
potentially extremely discriminatory.
    Mr. Butterfield. All right.
    I have 45 seconds remaining. Let me do this very quickly. 
Let's say that an app that monitors blood pressure is offered 
by the patient's primary care physician, who would be a HIPAA 
entity. Does HIPAA cover the information that is collected and 
stored by the physician?
    Mr. Terry. If that app was developed by the physician or 
the hospital or a business associate, then it is highly likely 
that it would be covered.
    Mr. Butterfield. Would be covered. Yes.
    Again, let's say that a doctor recommends that a patient 
use a blood pressure monitoring app, but the doctor does not 
offer the app. If the patient shares the information collected 
with his or her doctor, is information held by the doctor 
covered by HIPAA?
    Mr. Terry. That would be covered by HIPAA. Of course, there 
is the overarching question as to whether any sane physician 
would recommend an app without knowing it inside-out because of 
the liability issues that could well occur there.
    Mr. Butterfield. Thank you. You have been very kind.
    Thank you. I yield back.
    Mr. Burgess. The chair thanks the gentleman.
    The chair would note to the members of the subcommittee 
that the chair has deferred his questions till the end. I did 
that on purpose so that I could accumulate all of the time that 
each of you went over, and I have now aggregated that, and I 
yield myself the next hour and a half.
    No, I do want to thank all of you for being here this 
morning. It has been terribly illuminating and illustrative. I 
have made a number of notes here. And I do, of course, as 
always, will have opportunities for questions for the record if 
time does not permit all the questions to be asked.
    But, Dr. Patterson, let me just ask you--you know, you gave 
such a wonderful demonstration. It really was worth the wait. I 
mean, I cannot tell you the times--look, we just had a big 
series on opiates within the full committee and Subcommittee on 
Health.
    And I will tell you, as a practicing physician, I think you 
just hated to realize that maybe you got scammed on that 
prescription. So, in order to avoid that, even though it was 3 
o'clock in the morning, I would go back up to my office that 
was physically adjacent to the hospital. A patient would call 
in and say, look, your partner prescribed whatever because I 
had surgery, and the dog ate my homework, and could you just 
get me enough to get me through my 3-week vacation that is 
coming up in just a few hours here?
    I would fall for it once, but next time--``Well, meet me at 
the emergency room. I just want to check and make sure 
everything is OK, and I will be happy to write you a 
prescription.'' I would go to my office and pull the record. 
The patient almost invariably did not show up in the emergency 
room.
    But, boy, how powerful to have what you demonstrated to us, 
where you could basically access that information at home. So, 
like, in a five- or six-physician practice, all of those 
records would be available to the physician on call for the 
practice. Is that correct?
    Dr. Patterson. That is correct, yes.
    Mr. Burgess. Now, Mr. Terry pointed out that, once that 
data leaves the confines of the medical records department at 
the clinic or the hospital, now it is in a different world. But 
that is OK on your device? There is a proper protection on that 
device?
    Dr. Patterson. Yes. So everything that we provide in our 
platform is done under a business associate agreement with the 
provider side, so either the health system clients or the 
physician groups where our software is deployed.
    I think that the challenge that comes with a platform like 
ours is that we are positioned to incorporate device data from 
anywhere, so we are agnostic to the source. And so there is a 
host of consumer-facing applications and sensors out there 
where that data could be very useful for the broader context of 
caring for a patient.
    So, as a doctor, I don't mean to be crass, but I really 
don't care how many steps you take, and I don't really care how 
many calories you have eaten on a day-to-day basis. That is not 
what I am going to be spending my time on and probably 
shouldn't be, for that level of decisionmaker. But if I can see 
data that links how many steps somebody takes to their onset of 
depression because they are no longer taking their dog for a 
walk, and then that is linked to their medication 
noncompliance, and then that is linked to a rehospitalization, 
suddenly I might be very, very interested in having that being 
pulled together through machine learning or algorithms.
    And so we have to find a way to accommodate various 
disparate sources of data. So I liken it to recreational data 
versus professional-grade data. So in my mind, we have to set a 
very clear bar on what is recreational and what is 
professional-level. And I don't necessarily think it is who is 
using it, but I do think it is more related to the level of 
risk and the safety involved. And that should be the primary 
criterion, is what is safe, what is not safe.
    And then, subsequent to that, there needs to be a crosswalk 
capability that allows recreational data to be drafted to the 
big leagues, so to speak, down the line. So there has to be 
some way that we can bridge the gap between these two and do 
that safely.
    And I feel that provenance is one of the most important 
things. You always have to be able to tell where a data element 
originated from. If that is lost in the little pieces of 
metadata that surround that data element--for example, if I 
have a glucose reading, I want to know where did that glucose 
reading come from on that diabetic, what type of device, how is 
that regulated, how much can I trust that.
    I think if we solve for some of those issues, we can 
probably clarify a lot of the classification issues that are 
coming up where we don't have to have 20 different 
classifications. And the legislation would never be able to 
keep up with the innovation.
    Mr. Burgess. One of the things that got me interested in 
this several years ago, I was able to download an app onto my 
phone that used the flash attachment to measure heart rate, so 
that was kind of neat.
    And then at a prayer breakfast, Dr. Collins, the head of 
the NIH, was seated next to me, and his iPhone had an EKG on 
it. Well, wait a minute, Dr. Collins, I want an EKG on my 
iPhone. So I figured out how to get it. It actually is an FDA-
approved device. You do have to have a physician's license in 
order to have that; you can't just download that for regular 
consumer use. But now I have two ways to measure heart rate on 
my iPhone, one with the light sensor and one with the EKG app.
    But, Mr. Terry, your last comments about the blood pressure 
cuff--the other thing that made me interested in this, I used 
to practice OB/GYN. Yes, it has been a few years since I have 
done so. But, invariably, the last patient at 4:45 on a Friday 
afternoon comes in for a routine prenatal check up at 36 or 37 
weeks pregnancy, about a month away from delivery, and her 
diastolic blood pressure is 90 millimeters of mercury. Yikes. 
She has never had blood pressure that high before. But, is this 
the harbinger of something very bad that is about to happen, or 
is this a one-off because I didn't provide adequate parking out 
in front of my office and she got mad at her husband because he 
had to drive around to drop her off? You don't know that at 
4:45 on a Friday afternoon. Sure, recheck the blood pressure, 
perhaps wait 15 minutes.
    But how empowering--you make one decision and say, ``I am 
sorry. You have never had blood pressure this high before. 
Although you have no other symptoms and no other criteria, I am 
going to have to ask you to come into the hospital for 
observation.'' Three days later, with no elevated blood 
pressure, rather sheepishly you are discharging that patient. 
She is angry because of having to arrange daycare for her other 
kids. Or, 3 o'clock on Sunday morning, that patient is back in 
the emergency room either having had an eclamptic seizure or a 
platelet count of 2,000 or something very bad has happened.
    So how great to be able to use that blood pressure now that 
is available in the home. I mean, you don't even have to tell 
someone to go down to Walgreens and sit in the chair. A $40 
peripheral and you can measure that blood pressure at home and 
have perhaps several blood pressures a day e-mailed to the 
doctor on call for that weekend. What is wrong with that? That 
seems like it is a way to extend the ability to give good care 
and make good decisions.
    Mr. Terry. I completely agree. And, in fact, I would go 
further than Dr. Patterson, because I don't think we are 
talking about just wellness or fitness data that could be 
valuably incorporated into this very professional environment 
that you are talking about. But, as we know from the Institute 
of Medicine and work that is being done elsewhere at HHS, we 
are really trying very hard to incorporate a lot more health-
determinant information data into our records to push that 
environmental piece back into it.
    So not only would you be able to look at the blood pressure 
of that patient, but you would get a sense of the different 
environments that maybe have pushed or lowered that blood 
pressure, which would, again, I think, give you even more data.
    The problem is that, after a while, you wonder whether this 
really can stay on that encrypted device for that level of 
processing and whether, in fact, our desire for sharing and 
additional processing will in the end force this up into the 
cloud and, therefore, raise so many of the privacy and security 
risks that we have discussed.
    Mr. Burgess. Very well.
    Let me ask you this, because you brought up the question of 
industry minnows. And although we don't deal with endangered 
species on this committee, I couldn't help but wonder about the 
delta smelt and if that was one of those industry minnows. But, 
seriously, that is--and Ms. Johnson referenced some of the 
difficulties that the FDA has.
    That potentially is an enormous task on the regulatory 
side. Industry minnows are turning out health apps. The 
regulatory body that, oh, by the way, in addition to the 
180,000 health apps that they are trying to regulate, they have 
also got 11,000 laboratory-developed tests that they now say 
they are going to regulate as medical devices--I mean, suddenly 
just the workflow through the agency becomes problematic.
    What do you foresee in that situation?
    Mr. Terry. Well, I think unless there is tight regulation 
and enforcement, I think the minnows are going to get worse. 
You only have to do a brief search through app stores these 
days amongst health-related apps to find all sorts of apps that 
look like they are doing device-like things but are not 
approved medical devices.
    And, frequently, you will see when you click on the 
``more'' button on that app site, it will proudly tell you that 
this is for informational or educational or game enjoyment only 
and should not be used for diagnosis. Yet, at the same time, 
they are selling these things for what looks like diagnosis.
    Unless that gets tightened up, I worry that the good 
companies will find themselves just sort of overwhelmed by the 
bad. Generally speaking, it is my belief, at least, that our 
finest corporations actually will embrace regulation because it 
brings certainty. And good enforcement might help that.
    Mr. Burgess. Yes. This is the disrupter series, however, 
and I think the admonition to pay attention to the provenance 
of the data is--I mean, I think that is valid and I think that 
is wise.
    Dr. Ferris, let me just ask you, because not this 
subcommittee but another subcommittee of the Energy and 
Commerce Committee, in 2012, did a number of hearings leading 
up to the FDA user-fee agreement reauthorization, the FDA 
Safety and Improvement Act. And as part of those hearings 
leading up to that, we had a member who is no longer here in 
Congress but was very concerned. His daughter had a melanoma. 
He was interested in--it wasn't a consumer app. It was 
something called the MelaFind camera.
    MelaFind had difficulty getting approval and then did. And 
then I don't know what the difficulties were after the fact, 
but I think, if I understand correctly, it is back on. So it 
sort of speaks to some of the difficulty that you raised.
    And yet, at the same time, I am thinking back to the flip 
phone that I had when I started in the Congress. Yes, I could 
take a picture with it, and you could almost make out the 
images. The technology is getting a lot better literally every 
year. I rather expect, when we have the user-fee agreement 
reauthorizations, we are likely to have other devices that are 
talked about at that time because of the advance of the 
technology.
    So do you have a sense how the improvements in technology, 
how that may impact the ability to provide this type of 
information? And I am not even thinking so much at the 
consumer-level. I am thinking at the level of a primary care 
doctor, like I was.
    Basically, it is a binary choice for me. If a patient shows 
me a mole and asks me if she needs to be worried about it, I 
say, ``You need to go to the dermatologist to get it 
biopsied.'' Because if she's worried about, I am worried about 
it, and we are all going to worry about it until you tell us it 
is OK.
    Yes, if there were an intermediate step that dealt with a 
transmission of data on a--whether it was a consumer-driven app 
or an FDA-approved app, that just seems to me that that would 
increase utilization of trying to diagnose those lesions.
    Dr. Ferris. Yes. Thank you.
    So I am familiar with MelaFind device and actually 
participated in the pivotal trials that resulted in, 
ultimately, FDA approval after a very long process of that.
    So there is a difference between a device like MelaFind--
because it is truly on optical device. It is doing image 
capture. It is doing analysis within the app and giving a 
score. And part of the reason it needed approval was that it 
actually did initially give a binary output, a biopsy 
recommended or no biopsy recommended. So that is purely a 
recommendation.
    In the scenario that you are talking about, where you have 
a patient who has a mole and you just say, ``Go see 
dermatology,'' if you were doing that in western Pennsylvania, 
where I practice, if you were not within the city of Pittsburgh 
and didn't have my cell phone number, you would potentially be 
telling that patient to either drive at least an hour to see a 
dermatologist or to call our office, where they would be told 
that our next available appointment may be up to 4 to 6 months 
later because of the access-to-care issues.
    So now we have better ways to do that. So one is you can 
take a photo, and, through a HIPAA-secure system, you can send 
that to a dermatologist, because we can very quickly triage. 
So, one, that should be more widely available. That is not a 
direct-to-consumer. That is physician-to-physician 
communication.
    Two, the technology that we are trying to work on is that 
we could outfit your office with an attachment to your iPhone 
that is maybe a couple hundred dollars that would give us an 
even more clear and analyzable image of that lesion, that you 
could either, one, get an even better opinion from us quickly 
through telemedicine, or, two, that we, by having a tool that 
can analyze that image, we could actually give you a score of 
risk.
    We are not giving that to the patient; we are giving that 
to you as a physician. We know how to set the bar. I can talk 
to you about sensitivity and specificity or positive and 
negative predictive value in a way that I can't talk to a 
patient about it. We can set the bar such that, if it comes 
back high-risk, you don't have to go through having your office 
call my office. We have a way to immediately get that patient 
triaged. And then if it comes back as very low-risk, that can 
go into perhaps a more cumbersome process of maybe having that 
image reviewed by a dermatologist. But this can really speed up 
the process.
    Again, I think that the bar for safety is lower when it is 
physician-to-physician or when it is data being provided to a 
physician. I can in real-time improve that app as I get more 
images. If I have to go through full-bore FDA approval every 
single time we tweak an algorithm to make it better, we are not 
going to make products better; we are going to come up with 
what we think we can get approved and not continue to develop 
and use technology to make health care better.
    Mr. Burgess. Correct. That is the regulatory risk.
    Dr. Patterson--but, really, just for the panel in general--
I don't think we can discount how the young physician--medical 
students, residents--are going to change how this is all 
viewed. I went and talked to either one of my medical schools 
or residency programs down in Fort Worth a couple of years ago. 
And the residency director opined--I guess they had a system 
like yours that they did defensively because it was impossible 
to keep the residents from taking a picture of something in the 
emergency room, sending it to their attending and saying, what 
do you think, can I close this here or does it have to go to 
the OR, that kind of question, which were the same questions 
that I asked as a resident to my faculty, but there we had a 
rotary dial phone, and now, of course, they have these very, 
very fancy smartphones with quite accurate cameras.
    So that hospital actually had to develop something like 
your system that was a secure system where, in a HIPAA-
compliant way, data could be transferred. And the only reason I 
bring that up is the young physicians coming up are either 
going to demand or they are just going to drive in a direction 
that they want to go, whether or not we thought it was a great 
idea or not in a congressional hearing.
    This has been a very fascinating hearing. I have a number 
of questions for folks in writing, but I am way over time, and 
it always makes Ms. Schakowsky nervous when I do that. So, in 
deference to her--oh, well, I would yield to the gentlelady if 
she had a followup question she wanted to ask.
    Ms. Schakowsky. No, I don't. Thank you.
    Mr. Burgess. So, seeing that there are no further members 
wishing to ask questions for this panel, I will thank all of 
our witnesses for being here.
    Before we conclude, I need to submit the following 
documents for the record by unanimous consent: a letter from 
Fitbit that tells me to get busy--I am way behind; a letter 
from the Competitive Carriers Association; a letter from the 
Consumer Technology Association; a letter from the American 
Medical Association; a letter from Opternative, Incorporated.
    [The information appears at the conclusion of the hearing.]
    Mr. Burgess. Pursuant to committee rules, I remind members 
they have 10 business days to submit additional questions for 
the record. I ask the witnesses to submit their responses 
witness 10 business days upon the receipt of those questions.
    Without objection, the subcommittee is adjourned.
    [Whereupon, at 12:13 p.m., the subcommittee was adjourned.]
    [Material submitted for inclusion in the record follows:]

                 Prepared statement of Hon. Fred Upton

    Today we continue our Disrupter Series as we examine health 
care apps that are truly revolutionizing how folks in Michigan 
and across the country are managing their health.
    As the sponsor of the 21st Century Cures Act, with my good 
friend and colleague, Congresswoman Diana DeGette, it's no 
secret that we have been fighting to modernize and personalize 
our health care system to find faster cures and better 
treatments for all Americans.
    And we face some of the same concerns with health apps in 
terms of ensuring that government is encouraging rather than 
hindering the development of new life saving technologies. 
Today, we will examine what it means for patients as mobile 
apps have the potential to modernize, personalize, and improve 
the overall delivery of care.
    The development and proliferation of health apps is an 
essential part of our effort to cultivate a healthier 
population and save more lives. Because of remarkable 
advancements in technology, doctors and patients both receive 
information that is more accurate and timely, which accelerates 
better diagnoses and preventative treatment plans. This 
technology's ability to seamlessly connect doctors and patients 
together through a smartphone or connected device opens the 
door to a wide range of medical discoveries, possibilities, and 
insights, not to mention the potential to prevent medical 
problems before they occur.
    An additional benefit of mobile health apps is that they 
help to drastically reduce skyrocketing health care costs. By 
integrating the Internet into practically everything we own, we 
have generated productivity and efficiency gains, and cost 
savings across multiple economic sectors. The health care 
sector is no different--if anything, there is no sector in 
greater need of this modernizing. Better care achieved more 
efficiently can lead to reduced doctor visits, decreased 
complications and risks, lower hospital readmissions, and much 
more.
    The potential stemming from this technology is undeniable 
and exciting. To ensure that these life-saving tools are 
accessible to folks in Michigan and every corner of the 
country, we need the right regulatory framework in place. A 
framework that encourages innovation, removes barriers to 
investment, and advances new opportunities for patients and 
providers to engage in the health care system. At the same time 
privacy and security are absolute musts. This is one of the 
most important policies that industry must show leadership on.
    As the world's leader in medical innovation, the time to 
make these promising health care advances available to American 
families is now.
                              ----------                              



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                                 [all]