- Better standards on health data collection and use, and formal processes for assessing benefits and risks of using that data are to ways to help curb potential health data privacy risks that stem from wearables, according to a recent study.
The current “weak and fragmented health-privacy regulatory system” does not have adequate federal laws to keep personal health information safe in wearables, researchers at American University and the Center for Digital Democracy explained in “Health Wearable Devices in the Big Data Era: Ensuring Privacy, Security, and Consumer Protection.”
“The connected-health system is still in an early, fluid stage of development,” said Kathryn C. Montgomery, PhD, professor at American University and a co-author of the report. “There is an urgent need to build meaningful, effective, and enforceable safeguards into its foundation.”
The nation’s connected health system continues to grow, and now includes tools such as watches, fitness bands, or even "smart" clothing, that are linked to apps and mobile devices. These technologies are also powerful tools when it comes to data collection and digital marketing, the report states.
“Privacy, security, and consumer-protection policies for the connected-health market should be held to a much higher standard than those established for most other areas of the digital marketplace,” the researchers write. “Addressing these concerns requires a comprehensive framework that will ensure true accountability and enable effective enforcement.”
The government, industry, philanthropy, nonprofit organizations, and academic institutions all need to work together to help create better health data privacy and security policies. Specifically, researchers highlighted the following areas:
- Develop clear, enforceable standards for both the collection and use of information
- Create formal processes for assessing the benefits and risks of data use
- Have stronger regulation of direct-to-consumer marketing by pharmaceutical companies.
"Americans now face a growing loss of their most sensitive information, as their health data are collected and analyzed on a continuous basis, combined with information about their finances, ethnicity, location, and online and off-line behaviors," Jeff Chester, Executive Director of the Center for Digital Democracy and report co-author said in a statement. "Policy makers must act decisively to protect consumers in today's Big Data era."
It is also important to strengthen the public’s interest and non-profit participation in health privacy reform, the researchers noted. Public education on such matters should be promoted, and a collaborative research agenda needs to be created. Finally, stronger industry safeguards and best practices must also be established.
“In contrast to the European Union, where privacy is encoded in law as a fundamental right and where robust data protection laws have been enacted, privacy regulation in the U.S. is sectorial, with separate laws for different types of information, users, and situations, such as financial, student, or medical privacy,” the researchers explained. “Overall, U.S. privacy laws governing health information are limited and fragmented, with significant gaps in coverage.”
PHI security gaps is not a new issue or concern in the healthcare industry, and has been recently highlighted as a top priority for the Office of the National Coordinator (ONC).
In July 2016, ONC cautioned how the increase in wearables and fitness trackers may create PHI security concern. Specifically, there is potential risk in the gaps between HIPAA covered entities and non-HIPAA entities.
“As individuals become more and more involved in managing their own health through new technologies, we must work together to ensure they know what happens to their information and that it remains safe and secure,” National Coordinator Dr. Karen DeSalvo and Office for Civil Rights (OCR) Director Jocelyn Samuels wrote in a blog post.
In a report issued to Congress, ONC reviewed several challenges in safeguarding electronic health information, and discussed how health data privacy and security measures have not necessarily kept pace with evolving technology.
The agency had similar findings as the American University and Center for Digital Democracy researchers, in that there is a lack of clear guidance as to how wearable fitness trackers, health social media, and mobile health apps may pose privacy or security threats to health information.
Improvements must be made “around consumer access to, and privacy and security of, health information collected, shared, and used” by non-HIPAA covered entities, ONC stated.