A man in Ohio was arrested and charged with arson and insurance fraud after police looked at medical data on his pacemaker. The case has raised some serious privacy concerns around medical devices, their data, and who can access it.
Ross Compton has been accused of starting a fire at his house, which caused $400,000 in damages, in September. According to police, Compton’s statements were inconsistent with evidence from the incident.
The man had claimed that once he had noticed the fire, he gathered some of his belongings, exited through a window, and brought these belongings to his car. However, a cardiologist reviewed data from Compton’s pacemaker and said that, given his significant heart conditions, it was “highly improbable” that the 59-year-old was physically able to do all of these things as he claimed.
Compton has an artificial heart implant with a pacemaker. Local outlet Journal-News reports that the police obtained a search warrant to access the data stored on the pacemaker. The data, including heart rate and cardiac rhythm, was analyzed for their activity during and after the fire.
Court papers state that with Compton’s extensive heart problems it would not have been likely that was able to “collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions.”
The case has raised concerns over data privacy, especially sensitive medical data. Stephanie Lacambra, an attorney with the Electronic Frontier Foundation, told SC Magazine that people should not have to choose between health and privacy when it comes to devices like pacemakers.
“We as a society value our rights to maintain privacy over personal and medical information, and compelling citizens to turn over protected health data to law enforcement erodes those rights,” she said.