Fitness Meets HIPAA Compliance: Is Your Health Data Secure?
The federal Health Insurance Portability and Accountability Act (otherwise known as HIPAA) is a law that was enacted with a few primary goals, including protecting the confidentiality and security of healthcare information. It was enacted in 1996, long before mobile health apps and wearable devices rose to prominence. Due to this, the law doesn’t always make it clear just which apps and devices need to be HIPAA-compliant and which ones do not.
You may be surprised to learn that many of today’s health-related apps and wearable devices aren’t HIPAA-compliant. In fact, most of the ones on the market right now aren’t. However, that could change over time and we’re already seeing evidence that things are heading that way. For example, Fitbit, a leading company known for its activity trackers, recently went through a voluntary, third-party HIPAA audit. As a result, they’re now complying with HIPAA safeguards and they expect that it will allow them to “more deeply integrate and partner” with self-insured employers, health plans and corporate wellness organizations.
Making its technology HIPAA-compliant should prove to be a smart move for Fitbit, as it’s likely to open some new doors for the company. It’s also likely to allow them to get away from a lot of the criticism they received in the past. As you may or may not be aware, the default setting on their devices made data manually entered by users available for public viewing. People could make their data private if they so wished, but many had no idea that their information was even being shared. This is not unique to Fitbit. Many vendors in the fitness wearables market are even more open with customer data – at least Fitbit has good sense to allow you to protect your data should you so desire.
The way things stand right now, a company doesn’t need to worry about their apps or devices being HIPAA-compliant if they’re used for things such as allowing folks to record their weight or exercise routines, letting people keep up with their daily diets or being used to look up medical reference information and other stuff of that nature. Apps and devices that do need to be HIPAA-complaint are ones that specifically identify individuals and are used to share patient information with health professionals. Since many fitness devices are now evolving into health wearables, the necessity for Protected Health Information (PHI) will grow.
To be HIPAA-compliant, an app or device needs to come with a number of safety features, including ones that enable users to keep their data secure, recover the information if it’s lost and delete their personal health information at any time if needed. All of these features are absolutely essential when dealing with important personal data, because there are a lot of risks in keeping info of this nature on phones and wearables that are easily lost and rarely as secure as they should be.