Does HIPAA Apply?
Your FitBit, Smartwatch or hearing aid, if not connected or communicating to a healthcare provider, is not affected by HIPAA. But when you provide the data to a doctor or a health plan, HIPAA kicks in. The responsibility for compliance is on the provider or the health plan, and those organizations should make sure they comply with HIPAA.
A potential gap in protecting privacy is represented in the number of business associates connected to patient data. Business associates of healthcare providers and health plans also need to comply with HIPAA. Those are the entities that create, receive, maintain or transmit protected health information on behalf of healthcare providers and health plans. In wearable tech, that's a lot of organizations who are just beginning to develop HIPAA compliance programs. Think Apple, AT&T, Google, Cisco, IBM, Verizon and Amazon.
Value of Wearable Tech
The use of wearable technology is expected to grow because it can improve health outcomes. Studies have shown that remote monitoring can reduce risk of predictable conditions, like stroke. The Journal of the American Medical Association on July 10 published the results of a study aimed at reducing strokes by monitoring patients with atrial fibrillation. The wearable device was much more likely to detect atrial fibrillation more quickly, allowing for immediate intervention and saving lives. More info about the studies here. Some patients are initiating the sharing of their information with their healthcare providers, and insurance companies are beginning to request that PHI be shared. As home health and chronic disease management become more prevalent, the growth in this market will be driven by improved outcomes, convenience and cost reductions. One report projects a growth from $4.36 billion in 2018 to $6.59 billion by 2023.
The security of electronic transmission is more critical with wearable devices in healthcare. Opportunities for theft through hacking abound by introducing multiple entities and transmission pathways. All the business associates who make this possible, and every covered entity using the data need to understand their HIPAA responsibilities and take steps to protect the privacy of patients who the new technology is designed to serve.