Every industry is affected by advances in technology including artificial intelligence, robotics and the Internet of Things. The medical and healthcare sectors are no exception, and digital health innovation is progressing at a rapid pace. The growing market of the Internet of Medical Things (IoMT)) and BodyTech/wearable devices is likely to have a significant impact on the product liability regime.

The rapid development of IoMTs has led to significant improvements in healthcare both in terms of efficiency and the quality of care delivered to patients. Deloitte reported recently that the IoMTs market is estimated to be worth USD158.1 billion by 2022. Wearable technology, lifestyle devices and mobile health apps are becoming increasingly popular among consumers. There is now a vast range of connected and smart health devices available including smart watches, smart earplugs, smart glasses, activity trackers and other devices which enable us to monitor our fitness levels. We are monitoring our steps, heart rate, pulse rate, blood pressure and receiving reminders about when to take medication.

As with any product, the risk of failure or defect resulting in personal injury or property damage is very real. When it comes to connected devices in particular, the legal landscape is complicated by the many different players involved in the design, development, functioning, maintaining and updating of these products. Healthcare IT providers, network providers, manufacturers, hospitals and end users will all play a part in ensuring that safety is not compromised in the pursuit of innovation.

The existing product liability regime

The medical devices and healthcare sectors have been subject to product liability litigation for many years. Medical devices cover an enormous range of products from plasters you can buy from a pharmacy or supermarket to cardiac pacemakers and MRI scanners. Software can also qualify as a medical device in its own right or as an 'accessory' to a medical device. Obviously, the risk profile of the medical device will depend on what it does, how it does it, and the potential for serious harm or death of a user.

The typical claim in the UK involves an injured party pursuing a medical device manufacturer, usually under the Consumer Protection Act 1987 (CPA) which implements the Product Liability Directive and imposes 'strict liability' on the producer of defective products for damage caused by the defect. It is generally easier for a claimant to establish a claim under the strict liability regime of the CPA given that unlike in negligence, there is no need for the claimant to prove "fault" or that a manufacturer has failed to exercise reasonable care and skill in the design and manufacture of a product.

Common and recurring issues in medical devices product liability litigation include failure to comply with the authorised manufacturing procedures, events or incidents that become apparent after the product is launched on the market, and failure to provide adequate instructions for use/warnings.

Does the product liability regime work for connected devices?

Interconnected products which are dependent on hardware, software, networks and data, do not fall squarely within the traditional product liability regime, for example tangible products. A number of questions are raised in respect of the application of product liability law to connected devices:

  • Software as a "product" – it is currently unclear whether software itself falls within the definition of a "product" under the CPA. The EU's current product liability regime dates from 1985, and concerns have been raised that it is no longer fit for purpose, particularly in the context of technological advancements. It has been acknowledged that the meaning of "product" might need to be changed to deal with IoTs such that, for example, software as a service falls within this definition.
  • Multiple defendants – does liability lie with the medical devices manufacturer, designer of the system, software or network provider, user (patient or hospital) or even a third party hacker? How will liability be allocated between the multiple parties?
  • What is the defect? Is it a software bug, network failure, product design fault or user error? A product is "defective" for the purposes of the CPA if its safety, including not only the risk of personal injury but also the risk of damage to property, is "not such as persons generally are entitled to expect" taking into account factors including its purpose, instructions for use or warnings, what is reasonably expected to be done with the product and the time when the product was supplied by its producer to another.
  • There is limited guidance on the meaning of "defect" and even less in the case of advancing technologies such as the IoMTs and wearable devices. Broadly speaking, a claimant needs to establish what it is about the state or behaviour of the product or the risks that it poses that led it to fall below the level of safety that persons were generally entitled to expect at the time the product entered the market, although they would not need to prove the precise mechanism by which it came to fall below that standard (or detail the defect with any precision).
  • The expected safety standards of IoMTs and wearable devices are not well established and there is no universal safety standard for connected devices. Safety expectations will likely evolve as use of these devices becomes more prevalent among consumers and patients. That said, the court accepts that safety is a relative concept because no product, and particularly a medical product, if effective, can be absolutely safe.
  • There are also likely to be issues around the relevant time periods for determining the expected safety standard – when will safety be expected, at the time the product is placed on the market or will other times become relevant such as when updates are due on the software?
  • It is a defence to a product liability claim if it can be said that the scientific and technical knowledge when the product was supplied was such that the producer could not be expected to discover the defect. This is a notoriously difficult defence to run and again the state of the art in respect of advancing technologies is emerging.
  • User fault will also be relevant, perhaps as a result of incorrect use, failure to follow instructions for use or to maintain the product with necessary updates.

Wearable devices as evidence in litigation

Another area where these types of devices will affect litigation is in the data they hold. BodyTech holds vast amounts of data, which is likely to become utilised in litigation as evidence either supporting or dismissing a personal injury claim. For example, fitness tracking devices hold key data relating to a user's health (heart rate, sleep patterns etc.) which could become as important as medical records in personal injury claims to determine the severity of an alleged injury. If a claimant alleges that they have become incapacitated as a result of an injury, is the data on their fitness tracking device showing their activity levels discloseable in litigation? Can the fitness tracker be used as evidence to show a decline in physical activity following an injury caused by a defective product? There has been one known case in Canada where the plaintiff relied on data from a fitness tracker as a measure of activity in a personal injury claim. This, it seems to us, is just the start.

Risk planning

As with all manufacturers of products, wearable devices companies and IoMTs should undertake business planning and risk assessments to mitigate the risks of product liability litigation. In addition to physical injuries, a manufacturer may be liable for property damage or financial losses caused by a malfunctioning device. The reputational damage which can be caused when a business is forced to recall a product or face product liability claims can be significant.

Advice should be taken in respect of specific devices but as a general rule, the following matters should always be considered:

  • Product liability and recall insurance should be maintained and kept under review to ensure its applicability to these types of devices.
  • Indemnities should be obtained to protect from product liability claims within the supply chain.
  • Provide (and keep under review) warnings about anticipated or known risks with labelling, ideally on the product itself, where appropriate.
  • Provide clear and detailed instructions on intended use and consider disclaimers.
  • Monitor device performance and reported/adverse incidents and ensure traceability of products and monitoring following any corrective action.
  • Prepare, maintain and review product recall/incident plans.
  • Take necessary corrective action (warnings, safety notices, recalls) and consider communication strategies with consumers to limit brand damage.
  • Consider regulatory notification requirements and the timings of this.
  • In the event of a claim, take advice early on the preservation of documents, issues of legal professional privilege and insurance notifications.
  • Of course, a manufacturer of a wearable device that qualifies as a medical device is mandated to comply with obligations under the relevant medical device legislation. The existing regime is undergoing a significant upheaval with the introduction of two new EU Regulations which will increase the responsibilities of manufacturers and brings a new classification rule applicable to software. Manufacturers of wearable devices should review their product portfolios in light of the new legislation.