By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    photo of hands with blue veins
    8 Proven Tips on Finding Difficult Veins
    November 12, 2021
    tips for getting over the pandemic blues
    4 Proven Ways to Get Over the Pandemic Blues
    February 22, 2022
    medical industry innovations
    How is CNC Machining Transforming the Medical Industry?
    June 2, 2022
    Latest News
    How to Recognize the Signs of Hormonal Imbalance in Men
    May 27, 2023
    4 Signs It’s Time to See a Therapist
    May 24, 2023
    11 Ways To Modernize Your Private Practice
    May 17, 2023
    Important Steps to Take for Scaling A Biopharma Product
    May 2, 2023
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Hospital Robot Disinfects Rooms
    January 5, 2012
    Should Healthy People Take Cholesterol Drugs to Prevent Heart Disease?
    January 28, 2012
    The Insurance Czar
    August 24, 2017
    Latest News
    MRI Sedation Options: What You Should Know Before Screening
    May 17, 2023
    What is the Process of Creating Medicine from Nature?
    May 2, 2023
    Choosing the Right Treatment Option for Varicose Veins
    May 2, 2023
    What Are Wrong-Site Surgeries and How Do They Occur?
    April 27, 2023
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: What Developers Need to Know About HIPAA Compliance in Wearable Tech
Share
Sign In
Notification Show More
Aa
Health Works CollectiveHealth Works Collective
Aa
Search
Have an existing account? Sign In
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Technology > Medical Devices > What Developers Need to Know About HIPAA Compliance in Wearable Tech
BusinesseHealthMedical DevicesMobile HealthPolicy & LawTechnology

What Developers Need to Know About HIPAA Compliance in Wearable Tech

morgan_truevault
Last updated: 2014/05/19 at 8:00 AM
morgan_truevault
Share
10 Min Read
wearable tech and HIPAA compliance
SHARE

With dozens of products already on the market and more on the way, it’s clear that wearable tech is only going to grow in popularity with consumers. From Fitbit to Jawbone Up, Nike Fuel Band and more, these devices are tracking more consumer health data than ever.

Contents
What Is HIPAA?HIPAA Privacy RequirementsUnderstanding Protected Health InformationConsentAdditional Reading:

With dozens of products already on the market and more on the way, it’s clear that wearable tech is only going to grow in popularity with consumers. From Fitbit to Jawbone Up, Nike Fuel Band and more, these devices are tracking more consumer health data than ever. While popular wearables are tracking steps and calories today, it’s likely that they will track things like hydration, heart rate and more in the next few months—especially if rumors about Apple’s Healthbook are true.

wearable tech and HIPAA complianceIt’s no surprise then that consumers and healthcare professionals alike see the potential in sharing this data with one another in order to better manage patient care. With constant collection and the ability to connect and share information via Bluetooth or via the Web to other systems, wearables promise an infinitely easier way to monitor patients than the current state of patient journaling in activity logs.

However, there’s a big gap in the legal requirements between health data collected for a consumer’s personal use and that used as part of a relationship with a HIPAA covered entity such as a doctor. Consumer health data stored on a device for a consumer’s personal use isn’t subject to HIPAA compliance rules; but as soon as that information is potentially part of an exchange with a doctor or other healthcare provider, the data on the device and stored as part of your application fall under HIPAA regulations.

More Read

medical devices

Post Market Surveillance for Medical Devices: Essential or Overreaching?

3 Pressing Healthcare Cyber Security Challenges and How to Address Them
What is the Process of Creating Medicine from Nature?
Cutting-Edge Medical Innovations Are Disrupting Healthcare
Choosing the Right Treatment Option for Varicose Veins

If you’re building software for wearable tech and plan to make sharing that data with healthcare providers possible, it’s essential that you understand HIPAA laws in order to ensure compliance before bringing that app or product to market.

What Is HIPAA?

HIPAA stands for the Federal Health Insurance Portability and Accountability Act of 1996. The purpose of this law, according to the United States Department of Health and Human Services, is to ensure confidentiality of all healthcare information, to help ensure people are able to get and keep insurance, and to keep spending for administrative costs under control.

The main thing that developers need to understand is the security portion of these laws, because information potentially transmitted by your application to a covered entity such as a doctor or insurance provider is covered by HIPAA.

In January 2013, HIPAA was updated via the Final Omnibus Rule. Within this update, there are two things that affect developers of wearable tech and various mobile devices directly:

  • The first is that software developers who build applications that track, store and share healthcare information with covered entities are now required to be HIPAA compliant and meet the standards laid out in the HIPAA Security Rule, which includes the Administrative, Technical and Physical Safeguard requirements for health-related data.

  • The second is a change in the definition of a privacy breach. According to this new addendum, it is up to business associates (any party that handles private health information) such as an application developer, hosting provider, or a company like TrueVault, to determine whether or not something actually has to be reported as a breach. For example, if a wearable containing healthcare data was hacked, healthcare information that was exposed in the hack would require the reporting of a breach. However, if a device is hacked but the information stored on the device is not decrypted, then there would be no breach violation.

Due to the heavy fines and other sanctions allowed under HIPAA—and the simple fact that a person’s personal health information should remain private and secure—understanding the requirements of the Security Rules is crucial to ensure HIPAA compliance for the applications you develop for any wearable.

HIPAA Privacy Requirements

Before you start building, you want to have a good handle on what does and does not constitute HIPAA compliance in your technical and physical safeguards. For example, HIPAA compliant hosting will satisfy physical safeguards but not technical safeguard requirements. Noncompliance on these laws can come with up to $50,000 in penalties depending on the amount of privacy (aka data) that was lost.

The privacy details that developers need to always use include the following:

  • All data should be protected by passwords and user authentication methods.
  • Encryption must be used to protect data.
  • There must be a way to remotely wipe or disable the data.
  • File sharing should not be included on the device.
  • Firewalls should always be put in place and enabled properly.
  • All devices should have security software that is regularly updated.

You can learn more about the specific requirements for each element in this checklist for HIPAA compliance for developers.

Understanding Protected Health Information

Certain health details are considered protected health information (PHI), while other data collected by wearables is not considered covered by HIPAA. Things like number of heartbeats in a given time, number of steps a person takes, or a person’s sleep history are not technically considered PHI and would not fall under the parameters of HIPAA. However, and this is where it can get confusing, if the data is transferred in any way to a medical professional, including hospitals, doctors, and 3rd party companies in the course of providing a healthcare service, such as a diagnosis or treatment, then it automatically is covered by HIPAA because it is then considered a part of the patient’s health records. Of course, any of the wearable tech used specifically in the medical field to monitor patients is most certainly covered by HIPAA laws.

Consent

Most wearable tech at this time doesn’t even acknowledge HIPAA. However, as these devices become more popular, the demand to use this information in patient health management will increase. If you’re developing for wearable technology and your software and the data collected have a realistic potential of becoming part of the patient record you want to decide upfront if you should develop in a HIPAA compliant environment.

One additional thing to consider, a consent of some type might make sense during the first installation or use of your app. The consent simply needs to state that the user of the wearable tech is giving full consent for the data recorded by the device to someone else. This way, the software developer has a record of the user opting in to providing this data as part of using the software.

As wearable tech becomes more popular, there is a good chance that the US Department of Health and Human Services, as well as governing entities in Canada and the UK, will start issuing more guidance around the collection and sharing of wearable-collected data to ensure it conforms to the privacy and protection standards outlined in the HIPAA rules.

A HIPAA violation can come with a high price tag, so it’s critical that as a developer you work with your product team to determine whether you need to be HIPAA compliant or not, and then implement the proper administrative, technical and physical safeguards to comply with the law if you ultimately decide that you do.

Of course, if you use TrueVault as part of your build, we take care of the technical and physical safeguard requirements for you, enabling you to check those boxes and get on with the development of your software.

Additional Reading:

US Department of Health and Human Services, http://www.hhs.gov/ocr/privacy/

Why the New HIPAA Is Good for Mobile Health Developers, http://mobihealthnews.com/25889/why-the-new-hipaa-is-good-for-mobile-health-developers/

Rutgers Computer and Technology Law Journal, “New Technologies Potentially Raise HIPAA concerns.”http://www.rctlj.org/2013/02/new-technologies-potentially-raise-hipaa-concerns/

(HIPAA and wearable tech / shutterstock)

TAGGED: HIPAA, patient data, Privacy, wearable tech

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
morgan_truevault May 19, 2014
Share this Article
Facebook Twitter Copy Link Print
Share
Previous Article health administration Hospital Boards Grapple with Uncertain Future: What to Do Now?
Next Article health IT When Health IT Is the Patient

Stay Connected

1.5k Followers Like
4.5k Followers Follow
2.8k Followers Pin
136k Subscribers Subscribe

Latest News

How to Recognize the Signs of Hormonal Imbalance in Men
How to Recognize the Signs of Hormonal Imbalance in Men
Health May 27, 2023
nursing trends and predictions
Biggest Nursing Trends and Predictions for 2023
Nursing May 25, 2023
medical answering service
How Medical Answering Services Can Improve Patient Care
Technology May 25, 2023
healthy parenting
4 Ways Parents Can Raise a Healthy and Happy Child
Parenting May 25, 2023

You Might also Like

medical answering service
Technology

How Medical Answering Services Can Improve Patient Care

May 25, 2023
pet health apps
News

9 Best Apps for Pet Owners Trying to Keep their Animals Healthy

May 22, 2023
Biotechnology
Technology

What Are The Benefits of Biotechnology?

May 17, 2023
MRI sedation options
Global Healthcare

MRI Sedation Options: What You Should Know Before Screening

May 17, 2023
//

We influence million of users and is the most authentic source of information on healthcare business and technology news.

Quick Links

  • About
  • Contact
  • Privacy
Subscribe

Subscribe to our newsletter to get our newest articles instantly!

Follow US

© 2008-2023 HealthWorks Collective. All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?