How many of us believe that data collected through wearable devices like Fitbit or Apple Watch is covered by HIPAA? How many of us think that it should be covered under HIPAA for patient protection? It all might be sounding very confusing. Let's try and assess it.
If you buy a device from a departmental store and if that device is not covered under HIPAA then it is very likely the data that device generates is also not covered under HIPAA. However, if the device is given by the practitioner or hospital then the piece of data that falls under Protected Healthcare Information (PHI) is covered under HIPAA.
And interestingly, your pulse rate data alone is not a concern for HIPAA unless it gets tied up with something that can personally identify you such as your mobile number, name or address. So if the device is generating just your pulse rate data without associating it with your information then it is not covered under HIPAA.
Are you wondering why this strange thing in HIPAA? But in the mid of 1990s while HIPAA was formed, there was no such thing like wearable or smartphone in the minds of regulators. This has created a gap in the healthcare ecosystem. And this gap is knowingly or unknowingly been exploited by wearable device manufacturers and programmers. So HIPAA has to be looked completely grounds up considering (a) regulations for unprotected information which could be potential health information, of the user (b) one law for all health related information and (c) redefine healthcare information considering current and future digital evolutions.
The US Federal Trade Commission found that 12 mHealth and fitness applications sent consumer data to 76 third-party companies. This data included personal identity information and even sensitive information. In certain cases the data is been shared with analytics services company that can link this data and share it further.
So if you are building a mobile fitness tracker applications or wearable healthcare software solutions then please pay attention to these gaps. I would love to hear your views in the comment section.