When it comes to protecting your health information and medical records, are you sure you’re doing everything you can to keep your data out of the wrong hands? Many people have their medical data stored on a smartphone or smartwatch, which, while at the same time a wonderful convenience, opens up the possibility of data theft if the device is misplaced.
Most consumers are aware of the Health Insurance Portability and Accountability Act of 1996, or HIPAA for short. However, HIPAA doesn’t extend regulations to all companies that might access your information, such as wearable technologies or social networks.
Markets Herald shares the top things consumers need to know about health-based tech companies that might be accessing their personal medical data:
HIPAA Regulations Aren’t Always Enough
- “HIPAA deals with a patient’s right to privacy,” says Study.com. You can think of HIPAA as “privacy standards to protect patients’ confidential health information and medical records.” Read more.
- Unfortunately, HIPAA protections don’t always extend to non-medical companies, such as smartphone apps, wearable tech, and social media. “When consumers are collecting health data for their own use, HIPAA doesn’t come into play,” Pamela Greenstone, program director for the online health information management program at the University of Cincinnati’s College of Allied Health, tells Health IT Security. “So, when you wear your Fitbit to track the number of steps you’ve taken in a day or monitor your heart rate, that doesn’t come under HIPAA.” Read more.
What Happens if My Information Falls into the Wrong Hands?
- BBC: “Online fitness tracker Strava has published a ‘heatmap’ showing the paths its users log as they run or cycle.” Unfortunately, these types of health-tracking apps might set you up for major security risks. For instance, “each piece of evidence is a fragment, but when added together it could pose a significant risk to security.” Read more.
- “When we hear of so-many-millions of accounts compromised, or that the information of countless users of a service has been stolen, the sheer volume of data lost can disguise the individual impact,” notes ZDNet. “The most expensive offering on the [dark web] market is provider information which can be used to forge a medical background, an alarming prospect given the harm which could be done when someone [poses] as a medical professional.” Read more.
How Can I Protect My Medical Information?
- “Alarmed at the idea that strangers could see the routes I run on two or three times a week, I embarked on an investigation into [app] privacy settings,” Rosie Spinks, a runner, tells Quartz. “The problem [is] that it puts the onus on consumers. […] And in cases where privacy is a concern, it can be downright dangerous.” Read more.
- Norton recommends that you “ask your doctor’s office for copies of your medical records to see if your identity has been used fraudulently. This might show if inaccurate health and medical information is present in your records, indicating that someone posed as you and saw your doctor. More broadly, be sure to check the benefit statements from your healthcare insurance provider. The statements would show evidence of healthcare fraud, indicating doctor visits and care that aren’t yours, as well as dates and other details.” Read more.
How Should Companies Protect My Medical Information?
- According to Microsoft, “The Health Information Trust Alliance (HITRUST) is an organization governed by representatives from the healthcare industry. HITRUST created and maintains the Common Security Framework (CSF), a certifiable framework to help healthcare organizations and their providers demonstrate their security and compliance in a consistent and streamlined manner.” Read more.
- Aside from HIPAA and HITRUST, more regulation is still needed. CDD: “Government, industry, philanthropy, nonprofit organizations, and academic institutions can work together to develop a comprehensive approach to health privacy and consumer protection … [including] clear, enforceable standards for both the collection and use of information; formal processes for assessing the benefits and risks of data use; and stronger regulation of direct-to-consumer marketing by pharmaceutical companies.” Read more.
Until governments, healthcare providers, pharmaceutical companies, and app developers work together to create better medical privacy laws, it’s up to consumers to closely monitor their accounts for any signs of fraud. Keep an eye on your credit score and your medical records, and alert the authorities, including credit bureaus and the FTC, if you notice anything suspicious. Ask companies for proof of HIPAA compliance and HITRUST certification, and always check the privacy settings on any apps or wearable tech you might use.