The rapid growth of wearable tech, where people can track fitness and health activity may improve health but it also threatens privacy. In November Google announced it would buy the fitness tracker FitBit. Then two weeks later Google and the St. Louis-based healthcare system Ascension announced a collaboration that is designed to improve patient care. Congress is paying attention, asking questions and proposing new laws.
Who is responsible for guarding these data? Not the individual – only covered entities and business associates are responsible for following HIPAA when it comes to wearable technology.
Patients have a right to receive their own protected health information (PHI) and share it as they choose. They’re not subject to HIPAA and not aware of dangers like medical identity theft when they don’t keep their PHI confidential.
Wearable Tech Security Alarms the Public and Congress
Wearable tech has benefits patients love but threatens their privacy.
The internet is awash with personal health information shared on social media and recorded on health and fitness apps. Now Congress has started to take a look at privacy and security concerns around wearable tech. Two U.S. senators have introduced a bill that aims to protect the privacy of consumer health data collected on wearable devices, such as smartwatches and fitness trackers. The bill, called the Smartwatch Data Act, would prevent companies who collect health data from selling, sharing or using it without the patient’s consent.
A key legal question is the extent of Congressional authority to address these issues or regulate the actors. And a key policy question is whether and how Congress should address the issues. We doubt the Smartwatch Data Act (as it’s currently written) will become law but it is a step toward refining health information protections to counter rapidly developing technology.
HIPAA Provides Some Wearable Tech Protection
Although the Smartwatch Data Act is unlikely to become law, HIPAA protections must be updated because some standards are antique in the face of current technology. For example, disclosure of a “limited data set” of PHI, likely relied on by Ascension and Google, dates to the turn of the century when the power of Big Data Analytics was inconceivable.
The value of accurate, readily available health information to patients is immeasurable. But in the wrong hands personal health information can be a nuisance or worse; cause financial harm and threaten patient safety.
The HIPAA E-Tool® is the strongest protection covered entities and business associates can have to reduce their risks. The Risk Analysis module is comprehensive – and a complete Risk Analysis – Risk Management Plan is the best way to ensure compliance. Every policy needed to comply with the Privacy, Security and Breach Notification rules is there, with step-by-step guidance to make it easy.
