By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    UV damage to eyes
    Warning Signs of Long-Term UV Damage to Your Eyes
    December 9, 2021
    degree for healthcare job
    The Ultimate Healthcare Recruiting and Staffing Guidebook
    March 21, 2022
    medicare part d benefits
    Everything that You Need to Know About Medicare Part D
    August 15, 2022
    Latest News
    Beyond Nutrition: Everyday Foods That Support Whole-Body Health
    June 15, 2025
    The Wide-Ranging Benefits of Magnesium Supplements
    June 11, 2025
    The Best Home Remedies for Migraines
    June 5, 2025
    The Hidden Impact Of Stress On Your Body’s Alignment And Balance
    May 22, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    nursing program
    7 Tips to Picking the Best Nursing Program
    February 5, 2018
    Health Care: A Modern-Day Blade Runner?
    December 10, 2014
    Occupational Therapy Assistant | Medical Assistant | Home Health Aide
    In-Demand Healthcare Support Jobs
    April 16, 2016
    Latest News
    Top HIPAA-Compliant Messaging Apps for Healthcare Teams
    June 25, 2025
    When Healthcare Ends, the Legal Process Begins: What Families Should Know About Probate and Medical Estates
    June 20, 2025
    Preventing Contamination In Healthcare Facilities Starts With Hygiene
    June 15, 2025
    Strengthening Healthcare Systems Through Clinical and Administrative Career Development
    June 13, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: What Developers Need to Know About HIPAA Compliance in Wearable Tech
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Technology > Medical Devices > What Developers Need to Know About HIPAA Compliance in Wearable Tech
BusinesseHealthMedical DevicesMobile HealthPolicy & LawTechnology

What Developers Need to Know About HIPAA Compliance in Wearable Tech

morgan_truevault
Last updated: May 19, 2014 8:00 am
morgan_truevault
Share
10 Min Read
wearable tech and HIPAA compliance
SHARE

With dozens of products already on the market and more on the way, it’s clear that wearable tech is only going to grow in popularity with consumers. From Fitbit to Jawbone Up, Nike Fuel Band and more, these devices are tracking more consumer health data than ever.

Contents
What Is HIPAA?HIPAA Privacy RequirementsUnderstanding Protected Health InformationConsentAdditional Reading:

With dozens of products already on the market and more on the way, it’s clear that wearable tech is only going to grow in popularity with consumers. From Fitbit to Jawbone Up, Nike Fuel Band and more, these devices are tracking more consumer health data than ever. While popular wearables are tracking steps and calories today, it’s likely that they will track things like hydration, heart rate and more in the next few months—especially if rumors about Apple’s Healthbook are true.

wearable tech and HIPAA complianceIt’s no surprise then that consumers and healthcare professionals alike see the potential in sharing this data with one another in order to better manage patient care. With constant collection and the ability to connect and share information via Bluetooth or via the Web to other systems, wearables promise an infinitely easier way to monitor patients than the current state of patient journaling in activity logs.

However, there’s a big gap in the legal requirements between health data collected for a consumer’s personal use and that used as part of a relationship with a HIPAA covered entity such as a doctor. Consumer health data stored on a device for a consumer’s personal use isn’t subject to HIPAA compliance rules; but as soon as that information is potentially part of an exchange with a doctor or other healthcare provider, the data on the device and stored as part of your application fall under HIPAA regulations.

More Read

healthcare reform
Healthcare Reform: The Real Elephant in the Room
White House’s Obamacare Support Tweet Attracts Haters
Personal or Population Health? Big Data or Small Data?
Retail Clinics and Telemedicine
How To: Take Advantage of Social Media at #RSNA12

If you’re building software for wearable tech and plan to make sharing that data with healthcare providers possible, it’s essential that you understand HIPAA laws in order to ensure compliance before bringing that app or product to market.

What Is HIPAA?

HIPAA stands for the Federal Health Insurance Portability and Accountability Act of 1996. The purpose of this law, according to the United States Department of Health and Human Services, is to ensure confidentiality of all healthcare information, to help ensure people are able to get and keep insurance, and to keep spending for administrative costs under control.

The main thing that developers need to understand is the security portion of these laws, because information potentially transmitted by your application to a covered entity such as a doctor or insurance provider is covered by HIPAA.

In January 2013, HIPAA was updated via the Final Omnibus Rule. Within this update, there are two things that affect developers of wearable tech and various mobile devices directly:

  • The first is that software developers who build applications that track, store and share healthcare information with covered entities are now required to be HIPAA compliant and meet the standards laid out in the HIPAA Security Rule, which includes the Administrative, Technical and Physical Safeguard requirements for health-related data.

  • The second is a change in the definition of a privacy breach. According to this new addendum, it is up to business associates (any party that handles private health information) such as an application developer, hosting provider, or a company like TrueVault, to determine whether or not something actually has to be reported as a breach. For example, if a wearable containing healthcare data was hacked, healthcare information that was exposed in the hack would require the reporting of a breach. However, if a device is hacked but the information stored on the device is not decrypted, then there would be no breach violation.

Due to the heavy fines and other sanctions allowed under HIPAA—and the simple fact that a person’s personal health information should remain private and secure—understanding the requirements of the Security Rules is crucial to ensure HIPAA compliance for the applications you develop for any wearable.

HIPAA Privacy Requirements

Before you start building, you want to have a good handle on what does and does not constitute HIPAA compliance in your technical and physical safeguards. For example, HIPAA compliant hosting will satisfy physical safeguards but not technical safeguard requirements. Noncompliance on these laws can come with up to $50,000 in penalties depending on the amount of privacy (aka data) that was lost.

The privacy details that developers need to always use include the following:

  • All data should be protected by passwords and user authentication methods.
  • Encryption must be used to protect data.
  • There must be a way to remotely wipe or disable the data.
  • File sharing should not be included on the device.
  • Firewalls should always be put in place and enabled properly.
  • All devices should have security software that is regularly updated.

You can learn more about the specific requirements for each element in this checklist for HIPAA compliance for developers.

Understanding Protected Health Information

Certain health details are considered protected health information (PHI), while other data collected by wearables is not considered covered by HIPAA. Things like number of heartbeats in a given time, number of steps a person takes, or a person’s sleep history are not technically considered PHI and would not fall under the parameters of HIPAA. However, and this is where it can get confusing, if the data is transferred in any way to a medical professional, including hospitals, doctors, and 3rd party companies in the course of providing a healthcare service, such as a diagnosis or treatment, then it automatically is covered by HIPAA because it is then considered a part of the patient’s health records. Of course, any of the wearable tech used specifically in the medical field to monitor patients is most certainly covered by HIPAA laws.

Consent

Most wearable tech at this time doesn’t even acknowledge HIPAA. However, as these devices become more popular, the demand to use this information in patient health management will increase. If you’re developing for wearable technology and your software and the data collected have a realistic potential of becoming part of the patient record you want to decide upfront if you should develop in a HIPAA compliant environment.

One additional thing to consider, a consent of some type might make sense during the first installation or use of your app. The consent simply needs to state that the user of the wearable tech is giving full consent for the data recorded by the device to someone else. This way, the software developer has a record of the user opting in to providing this data as part of using the software.

As wearable tech becomes more popular, there is a good chance that the US Department of Health and Human Services, as well as governing entities in Canada and the UK, will start issuing more guidance around the collection and sharing of wearable-collected data to ensure it conforms to the privacy and protection standards outlined in the HIPAA rules.

A HIPAA violation can come with a high price tag, so it’s critical that as a developer you work with your product team to determine whether you need to be HIPAA compliant or not, and then implement the proper administrative, technical and physical safeguards to comply with the law if you ultimately decide that you do.

Of course, if you use TrueVault as part of your build, we take care of the technical and physical safeguard requirements for you, enabling you to check those boxes and get on with the development of your software.

Additional Reading:

US Department of Health and Human Services, http://www.hhs.gov/ocr/privacy/

Why the New HIPAA Is Good for Mobile Health Developers, http://mobihealthnews.com/25889/why-the-new-hipaa-is-good-for-mobile-health-developers/

Rutgers Computer and Technology Law Journal, “New Technologies Potentially Raise HIPAA concerns.”http://www.rctlj.org/2013/02/new-technologies-potentially-raise-hipaa-concerns/

(HIPAA and wearable tech / shutterstock)

TAGGED:HIPAApatient dataPrivacywearable tech
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

women dental care
What Is a Smile Makeover and How Much Does It Cost?
Dental health
June 30, 2025
HIPAA-Compliant Messaging Apps
Top HIPAA-Compliant Messaging Apps for Healthcare Teams
Global Healthcare Policy & Law Technology
June 25, 2025
recovering from injury
Rebuilding After Injury: Path to Physical and Emotional Recovery
News
June 22, 2025
scientist using microscope
When Healthcare Ends, the Legal Process Begins: What Families Should Know About Probate and Medical Estates
Global Healthcare
June 18, 2025

You Might also Like

Value-Based Purchasing Must Bring Healthcare Providers & Vendors Together

March 18, 2012
Image
eHealthMobile Health

Mobile Health Around the Globe: Russia Uses mHealth to Help High Risk Patients

February 11, 2013
technology in health insurance
Health care

7 Major Technology Trends Shaping the Health Insurance Industry

June 29, 2021
celebrity health spokesperson
Medical EthicsNewsWellness

Celebrity Spokespeople: A Double-Edged Sword

June 25, 2013
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?