Beware. Wearables and the data transmitted are not subject to HIPAA protections....yet.

The average patient may not be super health literate on their individual chronic conditions, how their health plans work, or how to comparison shop using the emerging price transparency tools but they do know one healthcare acronym- HIPAA.

According to Donovan (2018, September 11) in an interview with Andrew Boyd, Assistant Professor in the Masters of Health Informatics program at the University of Illinois,

Health data collected by Fitbit, for example, is not governed by the HIPAA Privacy Rule. It is governed by contract law and the licensing agreement with your software provider,” Boyd noted.

“When it becomes part of the health record, that is when the security protection gets added on. But right now it appears that, for all of the patient health data generated, these devices are not governed by healthcare law,” Boyd said.

“Do people realize that the data collected by wearables is not necessarily protected by the HIPAA Privacy and Security Rules?”

While it’s probably pretty natural and expected that those on the leading edge of technical innovation might not think about something as staid and boring as HIPAA, until the healthcare industry and regulators catch up, perhaps at the very least these devices should come with appropriate warnings regarding data security and privacy?