By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    improving patient experience
    6 Ways to Improve Patient Satisfaction Within Hospitals
    December 1, 2021
    degree for healthcare job
    What Are The Health Benefits Of Having A Degree?
    March 9, 2022
    custom software development is changing healthcare
    Digital Customer Journey Mapping and its Importance for Healthcare
    July 21, 2022
    Latest News
    Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
    May 16, 2025
    Learn how to Renew your Medical Card in West Virginia
    May 16, 2025
    Choosing the Right Supplement Manufacturer for Your Brand
    May 1, 2025
    Engineering Temporary Hospitals for Extreme Weather
    April 24, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Can Thinking Younger Make You Live Longer?
    April 20, 2011
    Image
    Obesity’s Outlook Unchanged
    June 13, 2011
    When It’s An Emergency Elderly Not Treated As Well in Hospitals
    July 16, 2011
    Latest News
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
    The Critical Role of Healthcare in Personal Injury Recovery: A Comprehensive Guide for Victims
    May 14, 2025
    The Backbone of Successful Trials: Clinical Data Management
    April 28, 2025
    Advancing Your Healthcare Career through Education and Specialization
    April 16, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: What Developers Need to Know About HIPAA Compliance in Wearable Tech
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Technology > Medical Devices > What Developers Need to Know About HIPAA Compliance in Wearable Tech
BusinesseHealthMedical DevicesMobile HealthPolicy & LawTechnology

What Developers Need to Know About HIPAA Compliance in Wearable Tech

morgan_truevault
Last updated: May 19, 2014 8:00 am
morgan_truevault
Share
10 Min Read
wearable tech and HIPAA compliance
SHARE

With dozens of products already on the market and more on the way, it’s clear that wearable tech is only going to grow in popularity with consumers. From Fitbit to Jawbone Up, Nike Fuel Band and more, these devices are tracking more consumer health data than ever.

Contents
What Is HIPAA?HIPAA Privacy RequirementsUnderstanding Protected Health InformationConsentAdditional Reading:

With dozens of products already on the market and more on the way, it’s clear that wearable tech is only going to grow in popularity with consumers. From Fitbit to Jawbone Up, Nike Fuel Band and more, these devices are tracking more consumer health data than ever. While popular wearables are tracking steps and calories today, it’s likely that they will track things like hydration, heart rate and more in the next few months—especially if rumors about Apple’s Healthbook are true.

wearable tech and HIPAA complianceIt’s no surprise then that consumers and healthcare professionals alike see the potential in sharing this data with one another in order to better manage patient care. With constant collection and the ability to connect and share information via Bluetooth or via the Web to other systems, wearables promise an infinitely easier way to monitor patients than the current state of patient journaling in activity logs.

However, there’s a big gap in the legal requirements between health data collected for a consumer’s personal use and that used as part of a relationship with a HIPAA covered entity such as a doctor. Consumer health data stored on a device for a consumer’s personal use isn’t subject to HIPAA compliance rules; but as soon as that information is potentially part of an exchange with a doctor or other healthcare provider, the data on the device and stored as part of your application fall under HIPAA regulations.

More Read

health administration
Hospital Boards Grapple with Uncertain Future: What to Do Now?
What Is An Apothecary? A Quick History Of Organic Pharmacies
Health Myths From Aaron Carroll
HIMSS Analytics 3rd Annual Mobile Survey
Is Your Online Community a Ghost Town?

If you’re building software for wearable tech and plan to make sharing that data with healthcare providers possible, it’s essential that you understand HIPAA laws in order to ensure compliance before bringing that app or product to market.

What Is HIPAA?

HIPAA stands for the Federal Health Insurance Portability and Accountability Act of 1996. The purpose of this law, according to the United States Department of Health and Human Services, is to ensure confidentiality of all healthcare information, to help ensure people are able to get and keep insurance, and to keep spending for administrative costs under control.

The main thing that developers need to understand is the security portion of these laws, because information potentially transmitted by your application to a covered entity such as a doctor or insurance provider is covered by HIPAA.

In January 2013, HIPAA was updated via the Final Omnibus Rule. Within this update, there are two things that affect developers of wearable tech and various mobile devices directly:

  • The first is that software developers who build applications that track, store and share healthcare information with covered entities are now required to be HIPAA compliant and meet the standards laid out in the HIPAA Security Rule, which includes the Administrative, Technical and Physical Safeguard requirements for health-related data.

  • The second is a change in the definition of a privacy breach. According to this new addendum, it is up to business associates (any party that handles private health information) such as an application developer, hosting provider, or a company like TrueVault, to determine whether or not something actually has to be reported as a breach. For example, if a wearable containing healthcare data was hacked, healthcare information that was exposed in the hack would require the reporting of a breach. However, if a device is hacked but the information stored on the device is not decrypted, then there would be no breach violation.

Due to the heavy fines and other sanctions allowed under HIPAA—and the simple fact that a person’s personal health information should remain private and secure—understanding the requirements of the Security Rules is crucial to ensure HIPAA compliance for the applications you develop for any wearable.

HIPAA Privacy Requirements

Before you start building, you want to have a good handle on what does and does not constitute HIPAA compliance in your technical and physical safeguards. For example, HIPAA compliant hosting will satisfy physical safeguards but not technical safeguard requirements. Noncompliance on these laws can come with up to $50,000 in penalties depending on the amount of privacy (aka data) that was lost.

The privacy details that developers need to always use include the following:

  • All data should be protected by passwords and user authentication methods.
  • Encryption must be used to protect data.
  • There must be a way to remotely wipe or disable the data.
  • File sharing should not be included on the device.
  • Firewalls should always be put in place and enabled properly.
  • All devices should have security software that is regularly updated.

You can learn more about the specific requirements for each element in this checklist for HIPAA compliance for developers.

Understanding Protected Health Information

Certain health details are considered protected health information (PHI), while other data collected by wearables is not considered covered by HIPAA. Things like number of heartbeats in a given time, number of steps a person takes, or a person’s sleep history are not technically considered PHI and would not fall under the parameters of HIPAA. However, and this is where it can get confusing, if the data is transferred in any way to a medical professional, including hospitals, doctors, and 3rd party companies in the course of providing a healthcare service, such as a diagnosis or treatment, then it automatically is covered by HIPAA because it is then considered a part of the patient’s health records. Of course, any of the wearable tech used specifically in the medical field to monitor patients is most certainly covered by HIPAA laws.

Consent

Most wearable tech at this time doesn’t even acknowledge HIPAA. However, as these devices become more popular, the demand to use this information in patient health management will increase. If you’re developing for wearable technology and your software and the data collected have a realistic potential of becoming part of the patient record you want to decide upfront if you should develop in a HIPAA compliant environment.

One additional thing to consider, a consent of some type might make sense during the first installation or use of your app. The consent simply needs to state that the user of the wearable tech is giving full consent for the data recorded by the device to someone else. This way, the software developer has a record of the user opting in to providing this data as part of using the software.

As wearable tech becomes more popular, there is a good chance that the US Department of Health and Human Services, as well as governing entities in Canada and the UK, will start issuing more guidance around the collection and sharing of wearable-collected data to ensure it conforms to the privacy and protection standards outlined in the HIPAA rules.

A HIPAA violation can come with a high price tag, so it’s critical that as a developer you work with your product team to determine whether you need to be HIPAA compliant or not, and then implement the proper administrative, technical and physical safeguards to comply with the law if you ultimately decide that you do.

Of course, if you use TrueVault as part of your build, we take care of the technical and physical safeguard requirements for you, enabling you to check those boxes and get on with the development of your software.

Additional Reading:

US Department of Health and Human Services, http://www.hhs.gov/ocr/privacy/

Why the New HIPAA Is Good for Mobile Health Developers, http://mobihealthnews.com/25889/why-the-new-hipaa-is-good-for-mobile-health-developers/

Rutgers Computer and Technology Law Journal, “New Technologies Potentially Raise HIPAA concerns.”http://www.rctlj.org/2013/02/new-technologies-potentially-raise-hipaa-concerns/

(HIPAA and wearable tech / shutterstock)

TAGGED:HIPAApatient dataPrivacywearable tech
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
May 18, 2025
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
May 15, 2025
Learn how to Renew your Medical Card in West Virginia
Learn how to Renew your Medical Card in West Virginia
Health
May 15, 2025
Dr. Klaus Rentrop Shares Acute Myocardial Infarction heart treatment
Dr. Klaus Rentrop Shares Acute Myocardial Infarction
Cardiology
May 13, 2025

You Might also Like

Western Medicine vs. Alternative Medicine in India

September 8, 2012

Medicaid: Not Just for the Poor Anymore

March 7, 2011
Policy & Law

The Crown Jewel of ObamaCare Failures

December 6, 2012
Dental healthTechnology

How Technology Is Changing Dentistry In Multiple Ways

June 12, 2020
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?