- Rutgers University researchers have created a new smart wristband with a biosensor that can count particles in the user’s blood and transmit that data via Bluetooth to a nearby smartphone. While this technology could have a major impact on personal healthcare, it also could raise health data security and patient privacy concerns.
The plastic wristband includes a flexible circuit board and a biosensor with a pipe thinner than the diameter of a human hair with gold electrodes embedded inside. It has a circuit to process electrical signals, a microcontroller for digitizing data, and a Bluetooth module to transmit data wirelessly.
Blood samples of the wearer are taken through pinpricks, with the blood fed through the pipe and blood cells counted. The data is then sent wirelessly to a smartphone with an app that processes and displays data.
In the field, health professionals could get rapid blood test results from patients, without the need for lab-based equipment. Blood cell counts could be used to diagnose illness. Low red blood cell counts, for instance, could indicate internal bleeding and other conditions.
“Current wearables can measure only a handful of physical parameters such as heart rate and exercise activity,” said Abbas Furniturewalla, lead study author and former researcher in Rutgers' Department of Electrical and Computer Engineering. “The ability for a wearable device to monitor the counts of different cells in our bloodstream would take personal health monitoring to the next level.”
Andrew Boyd, assistant professor at the University of Illinois at Chicago’s Masters in Health Informatics program, is concerned about the patient privacy and security implications of data accessibility provided by these smart wristbands and other healthcare wearables.
Boyd told HealthITSecurity.com that the biggest concern is that most of these devices are not designed to protect health data in the same way as more traditional medical devices are.
“Health data collected by Fitbit, for example, is not governed by the HIPAA Privacy Rule. It is governed by contract law and the licensing agreement with your software provider,” Boyd noted.
“When it becomes part of the health record, that is when the security protection gets added on. But right now it appears that, for all of the patient health data generated, these devices are not governed by healthcare law,” Boyd said.
“Do people realize that the data collected by wearables is not necessarily protected by the HIPAA Privacy and Security Rules?” he asked.
While manufacturers of wearable devices have security built in to their products, these security measures can be bypassed.
“Within the HIPAA Privacy Rule, if you are considered part of a covered entity, if you accidentally release data or if you are hacked and the breach involves more than 500 individuals, you have to report that to the Office for Civil Rights. When you become part of a treatment modality and you are integrated into an electronic health record, the risks increase,” he said.
Boyd is familar with confronting risks to health data security and patient privacy. He worked on the NIH-funded Honest Broker program, which developed an information integration architecture to securely link health data from different clinical systems while adhering to HIPAA requirements.
“We built the Honest Broker to share hospital discharge data with primary care-based providers in Grand Rapids, Michigan,” he said.
The Honest Broker was developed under a broad agency announcement contract issued by the NIH to the University of Michigan as part of its 2004 Roadmap program.
In a Journal of the American Medical Informatics Association article, Boyd along with other researchers explained that the Honest Broker “is an automated tool for the secure, reliable, institutionally authorized transmission of biomedical data among a multidimensionally heterogeneous network of clinical and research entities.”
“The Honest Broker is intended to provide the means to accelerate translational research while simultaneously addressing the very real concerns surrounding patient privacy, information security, informed consent, lexical equivalence, and identity matching,” the authors related.
Boyd said that healthcare wearables could be a great way to move forward in the future. “However, people need to go into it with open eyes” regarding security and privacy risks, he concluded.