Today’s consumers have health and fitness literally at their fingertips. There are smartphone apps to help track calories. There are wearable devices to count steps per day or to help ensure you’re getting enough sleep at night. There are even Facebook groups to help you stay motivated to reach your fitness goals.
Although healthy industry regulations require medical providers to protect consumer health data, those regulations often don’t extend to health-related apps, social media, or wearable tech.
The Computer Company offers these need-to-know tips when it comes to keeping your health records safe:
What Companies Must Legally Protect My Health Information?
“Currently the HIPAA Privacy and Security Rules protect health data in traditional settings, however, it doesn’t extend to health apps compliance. Many of the companies providing these technologies share consumers’ data with other entities, with no regard for privacy, without repercussion,” explains Compliancy Group. Read more.
The National Institutes of Health states that “Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. For example, hospitals, academic medical centers, physicians, and other health care providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. Covered entities can be institutions, organizations, or persons.” Read more.
Why Should I Care Who Has Access to My Information?
“Here’s the reality of life as a wearable device owner: There’s no doctor/patient privacy or patient privacy or any privacy for that matter,” Huffington Post notes. “Monitoring your health and collecting data is like publishing your own medical autobiography online.” Read more.
PBS.org reports that with its recent purchase of FitBit, Google has stated that privacy and security are a top priority, but consumer “advocates say Google and other tech companies need to prove that only a small percent — if any — of the data they release can be rematched with individual users …
The threat of re-identification has led privacy advocates to question the motives of companies that create health apps, which have not been proven to improve health.” Read more.
What Can I Do to Protect Myself?
The BBC reports that there’s “too much onus on the consumer to navigate an opting-out system” along with “the fear that hackers could access [databases] and find the details of individual users.” Read more.
When using social networking sites, Privacy Rights Clearinghouse states that users “become familiar with the privacy settings available on any social network you use, and review your privacy settings frequently. On Facebook, for example, you may want to make sure that your default privacy setting is ‘Friends Only.’ Alternatively, use the ‘Custom’ setting and configure the setting to achieve maximum privacy.” Read more.
How Should Healthcare Providers Protect My Medical Information?
First, it’s wise to get an idea of what constitutes a HIPAA violation. According to Zeguro “Although HIPAA violations arise in a variety of ways, they all incorporate “someone who shouldn’t know something who learns about it because there weren’t enough protections.” This definition includes everything from employees having too much system access, to a hacker gaining entrance to your system, to someone leaving a piece of paper on a desk or a screen open to view. Read more.
“Healthcare organizations, while under fire, have been improving their cybersecurity posture over the last few years. Many have hired cybersecurity professionals from more mature industries, like financial services; most are working to adopt strong frameworks such as ISO, NIST, and HITRUST to evaluate and improve cybersecurity controls, including security awareness training for the healthcare workforce,” explains Becker’s Health IT and CIO Report. Read more.
Navigating health laws and data privacy can feel complicated and overwhelming at times. Start by understanding the current laws, regulations, and health privacy certifications, such as HIPAA and HITRUST. Do some research before investing in wearable tech or signing up for an app or social account. Above all, read the privacy policies and review the settings for any software or hardware you use. By following the tips listed in this article, you’ll stand a better chance of keeping your medical data safe.
Contributed by:
Diane Harrison