HOME
Photo via Pexels
By Kiarra Huettes
Health Tech and Personal Data: Does Health Insurance
Portability and Accountability Act (HIPAA) of 1996, Apply?
High quality smartwatches provide wearers with useful data about their
exercise habits, heart rate, and sleep quality. Additionally, there are a
number of ways they can even help you at work, from task management to staying
in contact when you travel. In exchange, users provide health-based tech
companies with anonymized data that can be used for
marketing, research, and more. There’s only one problem: consumers don’t know
about it.
While wearable
device makers and health-based apps technically get consent to share health
data from users with third-parties, consent is often hidden in vague language
in the fine print. As a result, users think their health information is
protected when it’s anything but. Here are some facts from Kiarra Huettes to
help you sort through the confusion.
Who Is Required to Protect Personal Health Information?
●
“Physicians and other health
care professionals who work with patients and their confidential medical
records must adhere to the policies procedures, and laws designed to protect patient privacy and confidentiality.
Whether intentional or accidental, unauthorized disclosure of personal health
information (PHI) is considered a violation of HIPAA,”
Verywellhealth.com
explains.
●
It’s important to note that “HIPAA only applies to some businesses
. Generally,
HIPAA applies to health insurers, health care
clearinghouses, medical service providers, and ‘business associates’ of these
entities. Being a third-party service provider in the healthcare sector often
qualifies a company as a ‘business associate’ that must be HIPAA
compliant.”
●
RLDatix: “The rise of wearable technology
has raised questions as devices such as smartwatches
have begun collecting more health data, sometimes for clinical use. But data
gathered via wearables don’t always fall under HIPAA
security guidelines.”
●
Outside Online asserts that “fitness
trackers know our heart rates and step counts. They know we didn’t sleep well
last night, maybe because they also know we ate barbecue and had a couple
beers. And they track detailed patterns on when and where we like to work out,
with whom, and where we live. That data, in the hands of malicious actors,
seems like it could be devastating for users’ security and privacy.”
●
“A
growing number of data scientists and healthcare experts say the same computing
advances that allow the aggregation of millions of anonymized
patient files into a dossier also make it increasingly possible to re-identify
those files — that is, to match identities to patients,” says Computer World.
●
Reuters: “A big concern for app users
is how their data will be used and by whom.
John Houston, vice president of privacy and information security and associate
counsel at the University of Pittsburgh Medical
Center, said “What happens if an employer decides you are at risk for
cardiovascular disease and doesn’t want to hire you?” He added: “How Can Consumers Protect Themselves?”.”
●
Protecting your medical information is crucial
in maintaining your privacy and security. As a consumer, it's important to
regularly check bills from doctors to ensure that
no sensitive information is inadvertently exposed.
●
Fitness
apps are all the rage, and “if an app is not explicit about what data it shares
and what organizations it shares data with, assume that all the data you enter
into that app could be shared with any number of unknown third parties. If you
aren’t comfortable with that, find another app.”
●
Medical
practices are encouraged to enlist firewalls: “Firewalls should be implemented
with both your hardware and software to give you an extra layer of online protection.
This will thwart attacks from hackers and prevent them from being able to
access your or network. Some computer operating systems on the desktop such as
Microsoft Windows come with a built-in firewall. Online security experts
recommend additional measures added to your routers and servers for maximum
protection.”
●
Health IT Security explains that “when
it comes to protection and HIPAA compliance “in
leveraging HITRUST,
organizations can find actionable ways to manage the security requirements of HIPAA, while eliminating inconsistencies and wasted
resources.”
While it’s
important for consumers to read privacy policies before using health-based apps
and wearable devices, vague language makes it hard to tease out exactly how
data will be used once it’s collected. Until regulations are in place to
protect health data collected by tech companies, the best consumers can do is
avoid companies they’re uncomfortable with. Hopefully, in time, HIPAA regulations will expand to cover personal health
information no matter whose hands it’s in.