While technological innovation has advanced at an extraordinary pace in recent years, privacy and security protections of health information have not kept up. This is according to a new report from the Department of Health and Human Service. Many people are confused or have a limited understanding of when their health data is protected and when it is not, the report says.
The report goes on to say that new types of entities that collect, share, and use health information are not regulated by the federal patient privacy law known as HIPAA. What the report is referring to specifically, are wearables such as smartwatches and fitness trackers, along with fitness apps. This ultimately means that your health information such as your steps, heart rate and calories, is likely being sold to third-party companies.
“Let’s say for example that you just have it on your wrist and you took x amount of steps. That’s probably not covered. But let’s say your doctor used it in part of his diagnosis, then it probably could be. So really, HIPPA isn’t for a specific item. It’s are you basically being treated and is it being used for healthcare purposes,” said attorney Joe Viacava.
The report was mandated under a 2009 law that called on HHS to work with the Federal Trade Commission. It was due be complete in 2010 at which point it would be used to submit recommendations to Congress on how to deal with entities handling health information that fall outside of scope of HIPAA.
“At the end of the day, it’s a very complicated environment that we find ourselves in,” said Lucia Savage, chief privacy officer at the Office of the National Coordinator for Health Information Technology when asked why the report did not include any recommendations.
“We believe we’re fulfilling our duties. If Congress has concerns about that, I’m sure that we will hear about them.”
Like this article? Subscribe to our monthly newsletter and never miss out!