smartwatch wearable tech

Wearable Tech and Patient Privacy

The rapid growth of wearable tech, where people can track fitness and health activity may improve health but it also threatens privacy. In November Google announced it would buy the fitness tracker FitBit. Then two weeks later Google and the St. Louis-based healthcare system Ascension announced a collaboration that is designed to improve patient care. Congress is paying attention, asking questions and proposing new laws.

Who is responsible for guarding these data? Not the individual – only covered entities and business associates are responsible for following HIPAA when it comes to wearable technology.

Patients have a right to receive their own protected health information (PHI) and share it as they choose. They’re not subject to HIPAA and not aware of dangers like medical identity theft when they don’t keep their PHI confidential.

Wearable Tech Security Alarms the Public and Congress

Wearable tech has benefits patients love but threatens their privacy.

The internet is awash with personal health information shared on social media and recorded on health and fitness apps. Now Congress has started to take a look at privacy and security concerns around wearable tech. Two U.S. senators have introduced a bill that aims to protect the privacy of consumer health data collected on wearable devices, such as smartwatches and fitness trackers. The bill, called the Smartwatch Data Act, would prevent companies who collect health data from selling, sharing or using it without the patient’s consent.

A key legal question is the extent of Congressional authority to address these issues or regulate the actors. And a key policy question is whether and how Congress should address the issues. We doubt the Smartwatch Data Act (as it’s currently written) will become law but it is a step toward refining health information protections to counter rapidly developing technology.

HIPAA Provides Some Wearable Tech Protection

Although the Smartwatch Data Act is unlikely to become law, HIPAA protections must be updated because some standards are antique in the face of current technology. For example, disclosure of a “limited data set” of PHI, likely relied on by Ascension and Google, dates to the turn of the century when the power of Big Data Analytics was inconceivable.

The value of accurate, readily available health information to patients is immeasurable. But in the wrong hands personal health information can be a nuisance or worse; cause financial harm and threaten patient safety.

The HIPAA E-Tool® is the strongest protection covered entities and business associates can have to reduce their risks. The Risk Analysis module is comprehensive – and a complete Risk Analysis – Risk Management Plan is the best way to ensure compliance. Every policy needed to comply with the Privacy, Security and Breach Notification rules is there, with step-by-step guidance to make it easy.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2019 The ET&C Group LLC.
The HIPAA E-Tool® is a registered trademark of The ET&C Group LLC
Terms of Service | Privacy Policy

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free