Data monitoring is threatening because those subject to it don’t know what information is being collected, for what reason, and by whom. And unlike iPhone or Amazon Echo users, I cannot just choose to stop using my connected pacemaker. In a way, my heart is no longer entirely mine: I share it with both Medtronic and with the U.S. hospital in which it was implanted. As an immigrant in America at a time when foreign status is uncertain, I can’t help but wonder if my pulse might one day betray me. Might it show I visited a place I was not supposed to, or dared meet someone from a hostile country?
* * *
Alongside privacy and security, other concerns are equally frightening but more macabre. At 34, my biggest fear is that my pacemaker will stubbornly continue to beat my heart after my brain ceases to function. As the writer Katy Butler movingly described in a New York Times piece about her father’s final years, “If we did nothing, his pacemaker would not stop for years. Like the tireless charmed brooms in Disney’s Fantasia, it would prompt my father’s heart to beat after he became too demented to speak, sit up, or eat. It would keep his heart pulsing after he drew his last breath.”
As Butler reported, the Heart Rhythm Society and the American Heart Association have issued guidelines declaring that “patients or their legal surrogates have the moral and legal right to request the withdrawal of any medical treatment, including an implanted cardiac device.” Deactivating a pacemaker, the groups concluded, amounted neither to euthanasia nor assisted suicide. And yet, the notion of not being able to choose when to die haunts me. Even if a medical professional can non-intrusively deactivate my pacemaker, the thought that this decision might be left to my loved ones is heartbreaking. The connected nature of my device makes this fear even darker. Will my body continue to send data to the cloud even if my brain ceases to function? In the future, will it be possible to “deactivate” me from afar?
Given all the questions, an open, honest conversation about the real and possible impacts of connected medical devices is needed. Transparency from cardiologists, computer scientists, medical companies, and law makers is especially crucial since legislation on the matter has languished. Writing in Modern Health Care, Rachel Z. Arndt recently warned that cybersecurity vulnerabilities in networked medical devices could “wreak havoc” on health systems. Faced with growing security threats, many in the medical industry now call for a “software bill of materials” that would list all the software components in any wireless device.
Despite a 2014 bill requiring government agencies to get a complete list of the software components for new products, these efforts have not yet been implemented. Instead, according to Arndt, “the FDA recommends that manufacturers take cybersecurity into account when designing devices and continue to do so after the devices have been introduced.”
In the meantime, patients are left without answers. I woke up to a life that depends on a fancy metronome and the invisible infrastructure sustaining it: replaceable batteries, bedside monitors, secure servers, Wi-Fi connectivity. There are millions more people who depend on wireless medical implants, our bodies talking constantly to medical companies and data brokers. If our bodies can talk to them, it shouldn’t be outlandish to imagine they might return the favor.