April 10, 2019
The elephant in the room in the wearables market is the question of how the data collected from the wearable devices will be protected, Physician Sense for MDLinx reports. When precautions aren’t taken, data breaches become likely.
The popular fitness and nutrition tracking app MyFitnessPal was breached in 2018, exposing names, e-mail addresses and the passwords of 150 million people. The same year, the fitness app Strava revealed the locations of U.S. military personnel on secret bases. The black market value of EHR data makes the Apple Watch and any similar products prime targets.
Other Articles to Explore
Physician Sense turned to Linda A. Malek, chair of the health-care practice and the privacy and cybersecurity practice at the legal firm Moses & Singer LLP, for insights.
According to Malek, doctors who have partnered with wearable companies are responsible for protecting the privacy of patient data.
“If the physician is the one who recommends the wearable to the patient, or is facilitating or interfacing with the wearable company, and is accessing the health data generated by the wearable, there is a HIPAA implication,” she says.
The legal implications differ when a patient is independently choosing to give data from their wearable to a doctor.
“Here, the HIPAA implication may be different because the patient is offering her own health data to her doctor, presumably to assist in her treatment,” Malek says. “It may be a safer course for the provider to ask the patient to sign a HIPAA authorization form to allow for the information exchange if the situation is unclear.”
However, HIPAA isn’t the only legal hurdle doctors have to clear in this latter situation, Malek says. Each state has its own set of laws that may govern patient data exchanges such as this.
“The safer course in a situation like that is to get [written] consent — it may or may not be required,” Malek says. “This is not an area where there’s always a bright line that says you must get a HIPAA authorization or you must get a consent to comply with state law.”
Doctors should consult with their own attorneys before prescribing, or selling, wearables, or saving information in practice databases taken from wearable devices.