The Internet of Bodies

Opportunities, Risks, and Governance

Mary Lee, Benjamin Boudreaux, Ritika Chaturvedi, Sasha Romanosky, Bryce Downing

ResearchPublished Oct 29, 2020

Internet-connected "smart" devices are increasingly available in the marketplace, promising consumers and businesses improved convenience and efficiency. Within this broader Internet of Things (IoT) lies a growing industry of devices that monitor the human body and transmit the data collected via the internet. This development, which some have called the Internet of Bodies (IoB), includes an expanding array of devices that combine software, hardware, and communication capabilities to track personal health data, provide vital medical treatment, or enhance bodily comfort, function, health, or well-being. However, these devices also complicate a field already fraught with legal, regulatory, and ethical risks. The authors of this report examine this emerging collection of human body–centric and internet-connected technologies; explore benefits, security and privacy risks, and ethical implications; survey the nascent regulatory landscape for these devices and the data they collect; and make recommendations to balance IoB risks and rewards.

Key Findings

Governance of IoB devices is managed through a patchwork of state and federal agencies, nonprofit organizations, and consumer advocacy groups

  • The primary entities responsible for governance of IoB devices are the FDA and the U.S. Department of Commerce.
  • Although the FDA is making strides in cybersecurity of medical devices, many IoB devices, especially those available for consumer use, do not fall under FDA jurisdiction.
  • Federal and state officials have begun to address cybersecurity risks associated with IoB that are beyond FDA oversight, but there are few laws that mandate cybersecurity best practices.

As with IoB devices, there is no single entity that provides oversight to IoB data

  • Protection of medical information is regulated at the federal level, in part, by HIPAA.
  • The Federal Trade Commission (FTC) helps ensure data security and consumer privacy through legal actions brought by the Bureau of Consumer Protection.
  • Data brokers are largely unregulated, but some legal experts are calling for policies to protect consumers.
  • As the United States has no federal data privacy law, states have introduced a patchwork of laws and regulations that apply to residents' personal data, some of which includes IoB-related information.
  • The lack of consistency in IoB laws among states and between the state and federal level potentially enables regulatory gaps and enforcement challenges.

Recommendations

  • The U.S. Commerce Department can put foreign IoB companies on its "Entity List," preventing them from doing business with Americans, if those foreign companies are implicated in human rights violations.
  • As 5G, Wi-Fi 6, and satellite internet standards are rolled out, the federal government should be prepared for issues by funding studies and working with experts to develop security regulations.
  • It will be important to consider how to incentivize quicker phase-out of the legacy medical devices with poor cybersecurity that are already in wide use.
  • IoB developers must be more attentive to cybersecurity by integrating cybersecurity and privacy considerations from the beginning of product development.
  • Device makers should test software for vulnerabilities often and devise methods for users to patch software.
  • Congress should consider establishing federal data transparency and protection standards for data that are collected from the IoB.
  • The FTC could play a larger role to ensure that marketing claims about improved well-being or specific health treatment are backed by appropriate evidence.

Order a Print Copy

Format
Paperback
Page count
36 pages
List Price
$19.00
Buy link
Add to Cart

Topics

Document Details

  • Availability: Available
  • Year: 2020
  • Print Format: Paperback
  • Paperback Pages: 36
  • Paperback Price: $19.00
  • Paperback ISBN/EAN: 978-1-9774-0522-7
  • DOI: https://doi.org/10.7249/RR3226
  • Document Number: RR-3226-RC

Citation

RAND Style Manual
Lee, Mary, Benjamin Boudreaux, Ritika Chaturvedi, Sasha Romanosky, and Bryce Downing, The Internet of Bodies: Opportunities, Risks, and Governance, RAND Corporation, RR-3226-RC, 2020. As of October 10, 2024: https://www.rand.org/pubs/research_reports/RR3226.html
Chicago Manual of Style
Lee, Mary, Benjamin Boudreaux, Ritika Chaturvedi, Sasha Romanosky, and Bryce Downing, The Internet of Bodies: Opportunities, Risks, and Governance. Santa Monica, CA: RAND Corporation, 2020. https://www.rand.org/pubs/research_reports/RR3226.html. Also available in print form.
BibTeX RIS

Research conducted by

Funding for this report was provided by a generous grant from Jacques Dubois. The research was conducted by the Center for Global Risk and Security.

This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.