Wearable Devices: HIPAA Regulations Apply

They are all the rage and they are finding their way into healthcare environments, but beware; when it comes to wearable devices, HIPAA regulations apply!

Wearable technology promises to revolutionize the healthcare industry, and small electronic devices containing a wide array of sensors and being developed that can monitor heart rate, check vital signs and can report of a patient is mobile or has fallen. A number of companies are developing gadgets that can monitor diabetes sufferers’ blood glucose levels remotely.

However, these are not just electronic versions of dipstick tests; these devices not only record huge volumes of highly personal data, they transmit that data elsewhere. They can be paired with Smartphones and data can be viewed in real time or via a connection with a paired device or directly from the wearable gadget itself, that data is transmitted.

The benefits of wearable devices to the healthcare industry should not be underestimated. The gadgets have potential to save lives and ensure that seriously ill patients receive rapid medical care; such as is possible with devices that send a signal to the emergency services that all is not well.

Google Glass has received a lot of publicity in recent months, and after a long trial when sales were restricted to just developers, the product has been made available to everyone in the United States and the UK. The glasses have huge potential for both training and real time consultations in the healthcare industry and numerous applications have been suggested such as their use by surgeons performing ground-breaking operations. The glasses have an internet connection and record video and take pictures and share them in real time.

A survey on wearable technology was recently conducted by Juniper Research. The company predicted that the wearable tech market is set to increase by tenfold over the course of the next 4-5 years. It predicts that in the year 2018, over 180 million portable electronic devices will have been sold.

Its wearable technology predictions may appear bold, but currently more than a quarter of adults in the United States own or uses a fitness tracker or Smartphone fitness app, and demand for the devices is increasing every day.

Wearable technology is certainly here to stay, and it will soon be commonplace in hospitals all over the country, but the potential for wearable devices to cause HIPAA violations is considerable. The gadgets are not specifically mentioned in the HIPAA regulations – even laptop computers are not specifically mentioned – but healthcare providers should exercise caution when sanctioning the use of wearable devices; HIPAA regulations do demand that any device used to store or record PHI must contain a number of safeguards to ensure that the data is protected.

Before any new technology is used in a healthcare setting, it must be subjected to a full risk assessment. In the case of wearable technology, covered entities must determine exactly what data is recorded by the device and whether that data is encrypted. If no encryption is used, the CE must determine whether other suitable controls are in place to safeguard the data. They must also find out how, when and under what circumstances data can be transmitted, and whether the transmission is encrypted.

Only when a thorough risk assessment has been performed, potential security vulnerabilities identified, risks mitigated and a Business Associate Agreement signed with the vendor, should the devices be used by HIPAA-covered entities.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news