They put a new focus on health for patients, but medical wearables come with issues for health care providers
Personal health and medical wearables are everywhere these days, and yet another technological target for hackers, and another area of health data that needs protection. Unfortunately, many of us aren’t thinking enough about how to keep our health care data safe and secure when using new health wearables and health apps.
Most people are aware of Fitbit, the Apple Watch, and even newer up-and-coming health wearables that are now making the news. These are great products for improving health and bringing awareness to medical and chiropractic needs. Some patients, such as a few hundred users in the latest Stanford University cardiology and Apple Watch study, are actually being diagnosed because of results found using health wearables. In medicine, many of the tests requiring a blood sample will eventually be replaced by non-invasive wearables.
It’s a huge shift from early-generation fitness wearables tracking exercise to now tracking sensitive patient health information. We’re in unprecedented territory now, and the potential for data breaches is significant.
Wearables and data breaches
Collecting all this data and transmitting it via Bluetooth or storing it for later access and analysis presents a challenge as collected information approaches sensitive health information territory. Not all wearables and not all of their data is subjected to HIPAA, the gold standard and key legal regulation directing how healthcare data is collected, used, stored, and transmitted.
If patients are using wearables on their own and saving the data for their own analysis, technically HIPAA doesn’t apply at all. That said, many patients are now taking data they collect on their own and sharing it with their physicians. It’s very possible that at that point, HIPAA does apply to the data — it enters the patient’s record and should now be protected (Donovan 2018).
Wearable manufacturers and health app developers such as Samsung and Apple are reportedly trying to achieve HIPAA compliance. This will become a significant issue as corporate wellness programs and primary care physicians start expecting this data from patients and looking for ways to transfer and store the information for diagnostic and treatment purposes.
Wearables data and chiropractors
In May 2018, a smart thermometer wearable designed for babies and young kids was found to contain a significant security vulnerability that placed users at risk of their health data leaking to hackers. The wearable uses Bluetooth to transmit data to a linked smartphone and makes personal information accessible to unauthorized third parties. Data could be wirelessly intercepted and stolen.
As primary care physicians, chiropractors need to be careful about how they work with wearable technologies. Here are a few tips:
- Don’t require wearable use: Once healthcare professionals ask their patients to use wearables and share the data, they may be crossing into territory regulated by HIPAA. At that point, the provider could be held liable for keeping the information secure, even without direct control of the device. It’s better to encourage patients to use the device on their own and make data sharing with the doctor optional.
- Encourage security: Let patients know about the risk of unintentional data breach when using these devices. Remind patients to keep their device inaccessible to people they wouldn’t trust with their own EHR records. If the device has privacy and encryption settings, encourage patients to learn how to use these features.
- If a patient shares data with you, protect it: Treat wearable data just like PHI (personal health information). For instance, if you have to physically borrow the device while you enter the data manually into the patient’s record, keep the device locked-up and away from unauthorized users.
If you’re concerned or unsure about how to treat patient information, consider asking a compliance specialist or doing some additional research for guidance.
Sources:
Donovan, F. “How does HIPAA apply to wearable health technology?” Health IT Security. Published: July 2018. Accessed: March 2019. Retrieved from: https://healthitsecurity.com/news/how-does-hipaa-apply-to-wearable-health-technology
Donovan, F. “Smart kids thermometer coughs up digital health data to hackers.” Health IT Security. Published: August 2018. Accessed: March 2019. Retrieved from: https://healthitsecurity.com/news/smart-kids-thermometer-coughs-up-digital-health-data-to-hackers
Farr, C. “Apple’s groundbreaking heart study signals a new era of medicine, and doctors are debating the results.” CNBC. Published: March 2019. Accessed: March 2019. Retrieved from: https://www.cnbc.com/2019/03/18/apple-watch-heart-study-with-stanford-results-and-debate.html
Gonzales, C. “New wearable sensor may soon replace blood tests.” Machine Design. Published: May 2018. Accessed: March 2019. Retrieved from: https://www.machinedesign.com/mechanical/new-wearable-sensor-may-soon-replace-blood-tests