Urgent Compliance Deadline: Smart Meter Warns of Severe Penalties for Transmitting Remote Patient Monitoring Data to China
Healthcare providers and companies utilizing remote patient monitoring (RPM) solutions are on high alert as the Department of Justice (DOJ) enforces a critical deadline to address data security risks. Smart Meter, a leading provider of cellular-enabled RPM solutions, is sounding the alarm about a significant privacy concern: many connected medical devices are routing sensitive patient data through servers located in China and other countries of concern before it reaches U.S.-based healthcare systems. This issue has captured the attention of federal agencies and lawmakers amid rising U.S.-China tensions, with the DOJ issuing new rules to curb this national security threat.
The DOJ’s April 8th mandate imposes strict restrictions on transferring sensitive data to U.S. adversaries, including China. With the 90-day enforcement discretion period set to expire on July 8, 2025—just 19 days away—healthcare providers and RPM vendors face mounting pressure to ensure compliance. During this grace period, the DOJ will not prioritize civil enforcement actions against entities making good-faith efforts to comply. However, willful violations could still result in severe penalties, including fines of up to $1 million and imprisonment for up to 20 years. These consequences highlight the seriousness of the issue and underscore the importance of safeguarding sensitive health data.
The Risks of Foreign Data Routing
The transmission of patient data through foreign servers poses a grave threat to privacy and national security. Personal health information, such as glucose levels, blood pressure readings, and weight measurements, is among the most sensitive data collected. When this information is routed through Chinese-operated servers, it becomes vulnerable to foreign surveillance, breaches, and misuse. Lawmakers and cybersecurity experts have long warned about the dangers of relying on infrastructure hosted in adversarial nations, particularly given the potential for state-sponsored cyberattacks and espionage.
Casey Pittock, CEO of Smart Meter, emphasized the urgency of addressing this issue: “Healthcare data is some of the most sensitive information that can be collected, and our government officials are deeply concerned about where that data is sent. Routing personal health data through China exposes it to foreign surveillance and increases the risk of breaches or misuse. At Smart Meter, we’ve built a secure, U.S.-based infrastructure to protect health data from Chinese intrusion.”
Smart Meter’s Commitment to Data Security
Unlike some RPM device manufacturers that rely on third-party connections or cloud services hosted abroad, Smart Meter has developed a proprietary ecosystem of cellular-enabled devices designed to operate exclusively within the United States. Its portfolio includes the iGlucose meter for Type 2 diabetes management, iBloodPressure monitors, iPulseOx for oxygen saturation levels, and iScale for weight monitoring. These devices connect through a private, HIPAA-compliant AT&T network, ensuring that patient data is transmitted securely and directly to U.S. healthcare providers without ever leaving the country.
Derek Trauger, CTO of Smart Meter, explained the company’s rigorous approach to data security: “For all new products, Smart Meter performs a forensic analysis before releasing them for public use. We work closely with our manufacturers to identify potential vulnerabilities that could allow healthcare data to be exposed to countries of concern. Any company not performing this level of analysis is putting patient data at risk.”
Shared Liability and the Importance of Vendor Selection
One of the most significant impacts of the DOJ’s guidance is the shift in liability assessment. Under the new rules, both RPM vendors and healthcare providers can now be held jointly responsible for data breaches, even if the breach originates from a third-party service or connected device. This change underscores the importance of selecting vendors with robust compliance track records and conducting regular third-party audits to ensure data security.
Healthcare providers must ask critical questions about where patient data is being stored and transmitted. Choosing partners committed to protecting sensitive information domestically is essential to mitigating risks and avoiding potential penalties. Smart Meter’s U.S.-based infrastructure and proactive approach to compliance make it a trusted partner for healthcare organizations navigating these complex regulatory requirements.
About Smart Meter, LLC
Smart Meter is the trusted supplier of Remote Patient Monitoring (“RPM”) solutions. We empower a nationwide network of SmartPartners™ who are working directly with healthcare providers to transform patient care. Millions of vital health data readings are reliably delivered across our platform to enable real-time, better-informed health care. Our proprietary patient-friendly cellular FDA-registered monitoring devices are connected to an exclusive AT&T 4/5G network to ensure an engaging patient experience for improved adherence. For more information, visit SmartMeterRPM.com
