Wearables responsible for consumer privacy gaps, says HHS report
A new report released by the US Department of Health and Human Services argues that the ubiquitous nature of health apps and wearable technologies has led to gaps in consumer privacy, which are regulated by the watershed Health Insurance Portability and Accountability Act (HIPAA).
The report said: “New types of entities that collect, share, and use health information are not regulated by HIPAA. Health information is increasingly collected, shared, or used by new types of organisations beyond the traditional health care organisations currently covered by HIPAA, such as peer health communities, online health management tools, and websites used to generate information for research, any of which might be accessed on computers or smart phones and other mobile devices.”
As HIPAA does not cover health technology firms, patient privacy is being compromised on account of the increase in use of social fitness trackers and the widespread sharing of personal health information on unregulated networks. At present, the purview of HIPAA extends to health insurance plans, health care clearinghouses, health care providers conducting some electronic transactions and companies with access to personally identifiable health information involved in providing health services.
The report holds that HIPAA regulations do not cover services that are not classified as health plans, health care clearinghouses, or health care providers conducting certain electronic transactions and are not acting as an agent of or providing a service to a HIPAA covered entity. The report does not provide solutions for this issue but calls on authorities responsible to address these gaps.
The report added: “To ensure privacy, security, and access by consumers to health data, and to create a predictable business environment for health data collectors, developers, and entrepreneurs to foster innovation, the gaps in oversight identified in this report should be filled.”