Privacy Protection on Personal Health Devices

By Jackie Waters

Photo Credit: Ketut Subiyanto via Pexels

Wearable technologies like smartwatches, and health-related apps like step counters and sleep trackers are all the rage. Smartwatches are also being used in the workplace to help with things like task management, dictation, and marketing. However, there are privacy risks when sharing your health data with big tech companies. Unlike healthcare providers, HIPAA regulations often don’t extend to companies in the tech industry. How can you ensure your personal data is private and protected?

Why Should I Protect My Personal Health Information?
“HIPAA regulations make your health care private, but they don’t cover as much as you think. Many groups, like tech companies, are not covered by HIPAA, and only very specific pieces of information are not allowed to be shared by current HIPAA rules. There are companies buying health data. It’s supposed to be anonymous data, but their whole business model is to find a way to attach names to this data and sell it,” said Anil Aswani, professor of the Industrial Engineering & Operations Research Department, College of Engineering, UC Berkeley.

Discussing Google’s purchase of Fitbit and the implications, CPO magazine asserts “The whole point of a ‘fitness tracker,’ after all, is for individuals to track their own health and wellness, and not for a corporation to track them. Given that some health insurance companies now provide incentives for people to use Fitbit devices, there is the further risk that all of the combined data that Google has accumulated about you might also be used in subtle ways to influence the type of insurance that you receive, or the rates that you are forced to pay.”

Are My Wearable Devices Putting Me at Risk?
Security Boulevard states that “Fitness app makers, just like every other industry, have suffered data breaches. The breach that hit UnderArmour’s MyFitnessPal in 2018 is the largest to date. It exposed the usernames, passwords, and email addresses of more than 150 million users. While hackers typically go after data they can easily monetize (like your credit card number) the thought that location data was exposed is especially troublesome. Given that joggers and bikers generally run and ride where they live, attackers could also identify where the user lived by looking at where the majority of their routes began and ended.”

ZDNet further explains that “[w]e have a serious problem when millions of users’ tracking data is going up to the cloud, and for the most part without the user’s direct knowledge or explicit consent. Our location, whether in real-time or historical, is one of our most private data points in our lives. They can show where we work and where we live — and even if you have “nothing to hide,” most people wouldn’t give up their home addresses to a random person on the street.”

How Can I Make Sure Companies Protect My Privacy and Data?
VPN Overview recommends that “even if your information is compromised, for it to have worth to others, it must be linked to you personally. By combining the information with a profile of your activities and interests online, your data becomes truly valuable. Protect your anonymity by using a VPN service on all your devices. A quality VPN makes sure your privacy is protected by rerouting your data through their server after encrypting it. Because the data does not go directly to you, your privacy is protected.”

What are Healthcare Providers and Tech Companies Doing to Ensure Privacy?
Ensure that patient information and other protected data is handled properly, healthcare organizations are now hiring health information management professionals. MHA Online notes: “So who can the healthcare industry trust to address information security concerns held by patients and providers? The answer is healthcare information managers. Healthcare information technology teams ensure that healthcare providers can access patient health data securely.”

What Other Steps Can I Take?
Security In a Box recommends always using “secure passwords to access social networks” and changing those passwords “regularly as a matter of routine.” Additionally, “make sure you understand the default privacy settings offered by the social networking site, and how to change them. Consider using separate accounts/identities, or maybe different pseudonyms [and] remember that the key to using a network safely is being able to trust its members. Separate accounts may be a good way to ensure that such trust is possible.”

“Regularly monitor your accounts and information for suspicious activity—not just immediately following a breach, but also for the foreseeable future,” says The Parallax.

Take advantage of white hat hacking. “White-hat hacking on the other hand is considered to be an ethical type of hacking. Generally a paid position, a white-hat hacker is someone who works to find insecurities in the system and then alert the company and find possible ways to fix the breach. It is a great way to go about spotting any gaps in the system without a risk of information being leaked. If you want to test your security system for potential holes, look into hiring a white-hat hacker.”

While the latest tech can help you get enough shut-eye and reach your fitness goals, many consumers take for granted the associated privacy considerations. Data breaches and identity theft can happen to anyone. Rather than assuming all your health data is protected by HIPAA, take the steps to educate yourself. With proper privacy precautions in place, you can stay healthy and keep your medical information safe.