HOME

 

 

Photo via Pexels

 

By Kiarra  Huettes

 

Health Tech and Personal Data: Does Health Insurance Portability and Accountability Act (HIPAA) of 1996,  Apply?

 

 

High quality smartwatches provide wearers with useful data about their exercise habits, heart rate, and sleep quality. Additionally, there are a number of ways they can even help you at work, from task management to staying in contact when you travel. In exchange, users provide health-based tech companies with anonymized data that can be used for marketing, research, and more. There’s only one problem: consumers don’t know about it.

 

While wearable device makers and health-based apps technically get consent to share health data from users with third-parties, consent is often hidden in vague language in the fine print. As a result, users think their health information is protected when it’s anything but. Here are some facts from Kiarra Huettes to help you sort through the confusion.

 

Who Is Required to Protect Personal Health Information?

 

      “Physicians and other health care professionals who work with patients and their confidential medical records must adhere to the policies procedures, and laws designed to protect patient privacy and confidentiality. Whether intentional or accidental, unauthorized disclosure of personal health information (PHI) is considered a violation of HIPAA,” Verywellhealth.com explains.

 

      It’s important to note that “HIPAA only applies to some businesses

. Generally, HIPAA applies to health insurers, health care clearinghouses, medical service providers, and ‘business associates’ of these entities. Being a third-party service provider in the healthcare sector often qualifies a company as a ‘business associate’ that must be HIPAA compliant.”

 

      RLDatix: “The rise of wearable technology has raised questions as devices such as smartwatches have begun collecting more health data, sometimes for clinical use. But data gathered via wearables don’t always fall under HIPAA security guidelines.”

 

Why Does It Matter?

 

      Outside Online asserts that “fitness trackers know our heart rates and step counts. They know we didn’t sleep well last night, maybe because they also know we ate barbecue and had a couple beers. And they track detailed patterns on when and where we like to work out, with whom, and where we live. That data, in the hands of malicious actors, seems like it could be devastating for users’ security and privacy.”

 

      “A growing number of data scientists and healthcare experts say the same computing advances that allow the aggregation of millions of anonymized patient files into a dossier also make it increasingly possible to re-identify those files — that is, to match identities to patients,” says Computer World.

 

     Reuters: “A big concern for app users is how their data will be used and by whom. John Houston, vice president of privacy and information security and associate counsel at the University of Pittsburgh Medical Center, said “What happens if an employer decides you are at risk for cardiovascular disease and doesn’t want to hire you?” He added: How Can Consumers Protect Themselves?”.”

 

      Protecting your medical information is crucial in maintaining your privacy and security. As a consumer, it's important to regularly check bills from doctors to ensure that no sensitive information is inadvertently exposed.

 

      Fitness apps are all the rage, and “if an app is not explicit about what data it shares and what organizations it shares data with, assume that all the data you enter into that app could be shared with any number of unknown third parties. If you aren’t comfortable with that, find another app.”

 

How Medical Practices Can Protect Personal Health Information

 

      Medical practices are encouraged to enlist firewalls: “Firewalls should be implemented with both your hardware and software to give you an extra layer of online protection. This will thwart attacks from hackers and prevent them from being able to access your or network. Some computer operating systems on the desktop such as Microsoft Windows come with a built-in firewall.  Online security experts recommend additional measures added to your routers and servers for maximum protection.”

 

      Health IT Security explains that “when it comes to protection and HIPAA compliance “in leveraging HITRUST, organizations can find actionable ways to manage the security requirements of HIPAA, while eliminating inconsistencies and wasted resources.”

 

While it’s important for consumers to read privacy policies before using health-based apps and wearable devices, vague language makes it hard to tease out exactly how data will be used once it’s collected. Until regulations are in place to protect health data collected by tech companies, the best consumers can do is avoid companies they’re uncomfortable with. Hopefully, in time, HIPAA regulations will expand to cover personal health information no matter whose hands it’s in.