When I take a walk, I always carry my cell phone. I don’t do it to stay in touch with my friends. Instead, I have several fitness apps on my phone to keep track of the calories I burn and the distance I cover. My wife, a runner, has a watch that records the same information plus a record of her heart rate. Our wearable health technology is actually primitive compared with what is available with products like the new Apple Watch and fitness-tracking devices such as Fitbit, Withings and Jawbone. These, and similarly available wearable technologies, can track and monitor your blood oxygen levels, sleep patterns and glucose levels and provide nutrition information.
But what happens to all that data collected by these devices? Where is it stored? Who has access to it? Is any of it covered by the federal health-care privacy rules outlined in the HIPAA (shorthand for the Health Insurance Portability and Accountability Act) law that applies to your doctor and hospital data? Answers to those important questions…
• Buyer beware! If your doctor, hospital or a clinic gives you a monitor to wear for several days to track the electrical activities of your heart, for example, federal HIPAA privacy laws prohibit the information gathered to be shared with anyone without your permission. The same thing applies to any wearable monitoring technology prescribed by a doctor or hospital. But those same sorts of devices, bought by you directly and connected to a company through a cell phone or other technology, are not covered by HIPAA. That’s because the law was written before such direct-to-consumer devices were available and because manufacturers such as Apple are not considered health-care entities as defined by the law. Therefore, noncovered entities (also including companies that sell apps) can sell the data to third parties unless they have specific policies of their own that limit such sale or distribution. This means that health or life insurers, employers or marketing companies could purchase your health data. Important: If you buy a wearable fitness device, make sure you read the product manufacturer’s or seller’s policy about the privacy of the data that’s collected about you. It’s usually the lengthy, small-print statement that you “agree” to when you first activate the product. Some policies allow you to opt-out of the sale of your data or “cloud” storage (see below).
• Watch out for the cloud. Your collected wearable technology health records are likely stored in the device or app owner’s data storage cloud. But don’t be wowed into thinking that this is some highly secure entity. The cloud is simply a large mainframe computer owned or leased by the company to store data. It is hackable and vulnerable to glitches, and if the company goes broke, your data could end up in the hands of a buyer you don’t know. Think twice about what you want stored in a non-HIPAA–protected database.
• Stay secure with your doctor. As wearable health products become more commonplace, it will not be long before your doctor can provide you with storage links and connections through his/her office—meaning the product is HIPAA protected and regulated. Some physicians are already providing or selling wearable devices. By linking the data to your doctor or hospital, your privacy is much better protected.