By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
The saying goes that you’re never fully dressed without a smile, but the reality for many people today is that you’re never fully dressed until you put on your smartwatch. Or your phone in your pocket. Or your health and fitness monitor at the gym. These component pieces are now standard in our attire and the apps that we use are as much as a part of our day as checking email. Did you get your steps in? What’s your heart rate right now? How much did you eat and what was your mental health at certain points throughout the day.
This technology is just one way that we can stay connected with our own health and wellness journey. But what about the data that is collected from us? Surely, we know that is being collected and analyzed, and even if it’s not being used at the individual level, it is giving researchers information to generalize with.
To collect and access your own health data doesn’t fall under any HIPAA guidelines. But when that data is transferred into the hands of your provider (with consent), it becomes something that should adhere to HIPAA guidelines. That is because the organization is now receiving health data from your wearable technology. From a business perspective, the guidelines with which healthcare employees maintain not only cybersecurity policies and procedures, but also adhere to HIPAA laws, must be followed for guarding this data as well. The data is valuable not only to the device manufacturer but also to a wide range of companies that can use the habits of individuals and as a collective group to create products and policies based on that information. And it doesn’t stop there. Marketing and advertising dollars are then spent where consumers are leaning. Your heart rate at the gym is stored alongside your credit card that purchased food or beverages that were logged into your fitness app as caloric intake. These companies may not even be aware of HIPAA compliance, so it is our job as cybersecurity and HIPAA leaders to educate them and make them aware of the value of this data.
We are not implying that using these apps and devices are dangerous, but as both a consumer and healthcare employee, you should be aware of the role that the data collected plays in the big picture. It might seem like a harmless weight loss app, but the records of how we purchase, play, and exercise is incredibly valuable to the people who are trying to sell it. It is also valuable to cybercriminals who find a different value in the credentials or identifying information that we input without hesitation.
Individuals must be reminded to guard their information against theft with as much fervor as they guard their smartwatch or other devices. Both are equally valuable.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE