Glass <3 FDA + HIPAA

Lots of people ask me about FDA and HIPAA compliance for Glass. There’s nothing in either of these regulatory frameworks that has unique implications for Glass, even in the most delicate clinical environments such as surgery.

Glass is a computer, just like a smartphone, tablet, laptop, or desktop. It’s not special except that it looks funny. It runs Android, the fastest-growing, widely-used, flexible, extensible operating system known to mankind.

There will be Glass apps that require FDA regulation, but those apps will only require FDA regulation if the same function warranted FDA regulation on smartphones or tablets. Most of the Glass apps being developed inside universities are extensions of the EHR.

As an example, every idea listed by John Halamka, MD, CIO at BIDMC, is an EHR extension. As such, none of these apps will require FDA approval.

Glass isn’t unique within the HIPAA regulatory framework, either. Glass is just another Android device on the network. All data storage and transmissions to and from Glass must adhere to HIPAA protocols, but that’s not unique to Glass.

Moreover, because Glass runs Android, CIOs already know how to manage Glass within their existing IT infrastructure. My company has tested Glass with existing mobile device management (MDM) tools such as AirWatch and it works. MDMs simply recognize Glass as another Android device on the network.

Many have stated that the first-person camera will be the bane of Glass’s existence in hospitals. The camera is a non-issue. Hospitals are already recording everything 24 / 7. In surgery, this is especially true, where hospitals will spend north of $100,000 to install cameras in the OR lights. In fact, most hospitals already give patients waivers (that they don’t read) stating that the hospital has a right to record everyone inside.

In many ways, Glass is more regulation-friendly than traditional computers and smartphones because:

  1. Glass doesn’t have a cellular chip, meaning it doesn’t support texting.
  2. Glass’s proximity sensor can detect when the device is taken on and off. Unlike traditional computers, which can be physically hijacked within 2-3 minutes of last use if the user forgets to lock / logout, Glass is physically un-high jackable.
  3. Glass won’t store any personal information, contacts, or connections. At Pristine, we’re removing the consumer-centric timeline user interface and replacing it with our own that’s hospital-centric. As such, users won’t have access to anything except hospital-specific functions. That means no texting, no Gmail, no Twitter, no SnapChat, no Instagram, etc.

Lots of people are trying to understand how Glass will reshape healthcare. Quite a few universities and hospitals are already testing Glass internally. A handful of venture-backed startups in addition to mine that are trying to reshape healthcare on Glass.

Surprisingly, I’ve seen little Glass activity out of the older healthcare IT vendors. I guess I shouldn’t have been so surprised. After all, this is healthcare IT.


Kyle Samani is a healthcare technology entrepreneur who’s passionate about healthcare and technology startups.

  • Chris Vukin

    Pertinent points Kyle, thanks for the post!

  • John

    Expecially when most healthcare IT is Windows XP enterprise and non SQL based databases, like MUMPS and MAGIC….

↑ Back to top

Founding Sponsors

Platinum Sponsors