Beware the Privacy Risks of Health Wearables

Posted in Mobile Health by MarieThibault on December 15, 2016

A new report warns that consumers need far more protection for their personal health information.

Marie Thibault

It’s a fledgling industry, but health wearables need more regulation and standards. 

That’s the message from researchers from American University and the Center for Digital Democracy in a December 15 report, “Health Wearable Devices in the Big Data Era: Ensuring Privacy, Security, and Consumer Protection.” The authors argue current federal regulation and industry self-regulation is not enough to protect consumer privacy.

“The connected-health system is still in an early, fluid stage of development,” Kathryn Montgomery, PhD, American University professor and report co-author, said in a press release. “There is an urgent need to build meaningful, effective, and enforceable safeguards into its foundation.

While many consumer may think it doesn’t matter whether someone knows how many steps they walked today, consumer health information is going far beyond steps taken. The authors point out that in the future, “Biosensors will routinely be able to capture not only an individual’s heart rate, body temperature, and movement, but also brain activity, moods, and emotions.”

The use of this information could lead to “potential harms [such] as discriminatory profiling, manipulative marketing, and data breaches,” the authors added.

The report points out that privacy protections are stronger in the European Union because privacy is legally viewed as a fundamental right. The authors argue that this same view needs to be adopted in the United States.

Don't miss MD&M West in Anaheim, February 7-9, 2017.

There are privacy laws for health information, of course, most notably HIPAA. But, the authors wrote that health wearables, apps, and other “smart” accessories don’t fall under HIPAA and FDA has stepped away from regulating low-risk wellness devices. The authors note FTC has taken some action in the mobile health app space, but wrote that “because of its narrow jurisdiction, lack of rulemaking ability, and limited regulatory resources, the agency is ill-equipped to provide the kinds of comprehensive and granular rules that would be necessary to protect consumers . . .”

So what to do? The authors recommend a number of principles for industry, including treating all wearable data as sensitive, setting out what data will be collected and how it will be used, explaining data practices in easy-to-understand terms, fair marketing, and using the same set of standards for the entire connected health industry, among other best practices.

“Policy makers must act decisively to protect consumers in today’s Big Data era,” Jeff Chester, report co-author and executive director of the Center for Digital Democracy, said in the release.

Marie Thibault is the managing editor at MD+DI. Reach her at and on Twitter @MedTechMarie.

[Image courtesy of FANCYCRAVE1/PIXABAY]