Apple Watch: The HIPAA Privacy IssuesAttorney Reviews Concerns for Providers, Consumers
Healthcare providers that decide to accept consumer-generated health or fitness data from wearable devices, such as the upcoming Apple Watch, need to develop a plan for protecting the privacy of that information, says privacy attorney Scot Ganow.
That's because once they accept that consumer-generated health data and incorporate it into electronic records, it's considered protected health information under HIPAA, he explains in an interview with Information Security Media Group.
"I would push every organization back to its existing HIPAA policies - their administrative, technical and physical safeguards - to clearly establish what they will and won't do with this consumer-generated data," he says. "If they are going to accept it, what safeguards are they going to put in place?"
In addition, healthcare providers need to educate their workforces about the risks and policies surrounding wearable health technologies. "Every device represents a point of contact for information coming in and out of your organization."
Apple Watch, which is due out next year, is tied to HealthKit, middleware which stores a user's encrypted health and fitness data. Apple announced recently that the release of HealthKit was delayed until the end of this month due to the discovery of a software bug.
In the interview, Ganow also discusses:
- Why the privacy and security issues surrounding new wearable devices are similar to many previous challenges posed with other mobile technologies;
- Why consumers need to "take the lead on privacy" when it comes to wearable health and fitness devices;
- Why consumers and healthcare providers need to consider all "downstream" parties, including insurers, that could have access to data generated by wearable health devices.
Ganow is an attorney in the Dayton office of Faruki Ireland & Cox P.L.L. He had more than 10 years of corporate and compliance experience in Fortune 500 companies prior to becoming an attorney, including serving as a chief privacy officer for healthcare and pharmaceutical informatics companies.