Wearable technology covers a broad area of devices. With its use becoming more common in the healthcare sector the issue concerning privacy becomes more crucial. New devices can help physicians monitor patients’ vital signs; sleep patterns and heart rhythms remotely transforming the face of medicine as we know it. These developments in technology will help detect early signs of diseases and aid in diagnosing medical conditions. Essentially these devices are mini computers that send and receive data which can be used for further analysis. The data that these incredibly powerful devices collect can be stolen, which raises concerns for data safety and encryption. Furthermore, there is a valid concern that companies will use large amounts of personal healthcare data for marketing and insurance purposes.
When it comes to healthcare and the clinical setting, the information must comply with HIPAA (Health Insurance Portability and Accountability Act). To sum up these HIPAA rules: if data is in electronic form then we should not be able to identify any personal/protected health information. Data can be any lab test, vital sign, physical exam info, etc. Personal/protected health information includes 18 identifiers such as name, address, social security number, medical record numbers, phone numbers, etc. A hacker getting a hold of someone’s heart rate or lab test is worthless if he/she doesn’t know who that person is.
An update to HIPAA in 2013, via the final omnibus rule, regarding privacy breaches was made to address the use of wearable technology. Business associates, such as developers, determine if something has to be reported as a breach or not. If a device was hacked into but the information was not decrypted then this would not be reported as a breach. New investments have been made to protect the data of the consumer so that this will not take place. Encryption and security measures have developed in parallel with wearable devices to make them safe for the general public.
If these rules are meant to be enforced, the use of wearable technology in healthcare will have to be safeguarded more so than other consumer-based devices. Such devices include those acquired from hospitals, clinics, healthcare workers, clinical research organizations, pharmaceutical companies and other HIPAA covered entities.
How do we safeguard our health information while complying with HIPAA?
Many steps will have to be set in place, including:
- Informed consent forms outlining the purpose of the wearable tech, background information on the developers, and a notification regarding those who will have access to the data.
- Multiple Encryption methods will have to be used in case one encrypted algorithm gets decrypted. The two key method in which the end user can access the information with the patient and the healthcare professional provided security measure.
- File sharing and data transmission will have to be closely monitored. New methods of data security are being created for the Internet of Things (IoT), which includes wearable devices.