Wearable devices and smart phones are being used more and more to collect Patient Generated Health Data (PGHD). Naturally physicians are wondering about the security risks and HIPAA responsibilities associated with this new development. Let’s examine the facts of this new use of technology. Coupled with this, we’ll delve into any safeguards clinicians should be enacting to protect themselves.
What are the associated security risks with wearable devices and mobile phones?
Anytime data is transferred there is an inherent security risk to consider, as keeping data secure is of the utmost importance. The biggest risk facing these types of consumer technologies is the lack of oversight and standardized regulations surrounding these devices and how data is collected and transferred. To this end, providers must be aware of these risks and take steps to protect themselves. These safeguards include processes such as encryption and strong cyber security practices.
Is there a potential for HIPAA issues with wearable tech?
Unfortunately this question doesn’t come with a very simple answer. Essentially, the use of wearable technology in the healthcare space is a bit of an unclear area regarding HIPAA compliance. If a consumer is using a wearable to collect health data for their own personal use, HIPAA doesn’t apply. However, when a provider asks a patient to submit the health data they collected with wearable tech, HIPAA plays a role. HIPAA applies once a wearable interfaces with a practice’s EHR system.
Remember that HIPAA regulations only apply to covered entities and business associates. This grouping includes clearinghouses, health plans, and providers. There aren’t very cut and dry HIPAA regulations related to wearable technology at this point. However, once a provider becomes involved with receiving data from a piece of wearable technology, that exchange is subjected to HIPAA regulations.
Are there safeguards physicians should be putting into place?
First of all, medical practices and other healthcare organizations using wearable technology to collect PGHD should set up a protected space. Ideally, in this space, patients submit data that is then encrypted, summarized, and then moved into the practice’s EHR software. Ensure that your patients understand where the information will be stored and what its purpose will be. In addition, it’s a good idea to look into what other privacy regulations, such as state laws, may apply to any devices you’re utilizing.
Finally, maintaining an overall level of cyber security is also important, including training your employees on policies and procedures meant to protect data. The potential benefits to collecting and utilizing PGHD through wearable technology creates a strong case for analyzing your practice’s participation. If you decide to utilize this technology collection, ensure that you implement a program that is both safe and effective.