ONC report highlights gaps in privacy, security of health data from wearables

Staff -

The applicability of HIPAA's privacy and security requirements for consumer-facing technology can be hazy, as developers don't fall under the "covered entities" outlined by the law. A new report from the ONC examines this oversight and the limited scope of HIPAA in a world where individuals are sharing more health data than ever.

As HIPAA was written before the flood of health technology, it can be unclear how the privacy law applies to other organizations. The law itself says it applies to "covered entities," which includes health plans, healthcare clearinghouses and healthcare providers conducting certain electronic transactions, as well those entities' business associates.

"Yet these days, scores of new businesses use consumer-facing technology to collect, handle, analyze and share health information about individuals — sometimes without those individuals' knowledge," according to an ONC blog post announcing the report.

The report outlines the lack of guidance surrounding privacy and security of health data stored by such businesses not covered by HIPAA, as well as consumer access to this information. 

"To ensure privacy, security and access by consumers to health data, and to create a predictable business environment for health data collectors, developers and entrepreneurs to foster innovation, the gaps in oversight identified in this report should be filled," according to the report.

More articles on cybersecurity:

78% of organizations don't have a plan to deal with cybersecurity 
3 cybersecurity tips from Google's security and privacy lead 
Execs more likely to pay ransom if they've been previously hacked, survey finds 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.