As the health wearables technology market expands, HIPAA and health information managers need to step up their game and adapt to the newest gadgets, Pamela Greenstone, program director for the online health information management program in the College of Allied Health at the University of Cincinnati, wrote in an op-ed for The Hill.
Consumer digital health products, like the Apple Watch, collect tons of data, from steps to sleep patterns. Recent developments in these wearables show their abilities to detect diseases and conditions, such as diabetes or atrial fibrillation. Other technologies — like Apple's Health app — even enable patients to store their sensitive EHR data on their iPhones. And, the decisions made by physicians and patients from this sensitive data have potentially life-changing affects, Ms. Greenstone writes.
All this patient-generated data shared with healthcare organizations presents data security concerns because under HIPAA, any third party that works with a HIPAA-covered entity must establish the responsibilities and requirements of HIPAA compliance in a contract. With wearables, HIPAA does not applies if the tech company does not shares health data with healthcare providers, although patient data collected by a wearable device provided by a healthcare organization will be covered under HIPAA.
Some companies, like Fitbit and Samsung, meet HIPAA compliance standards, while others take different security measures, such as Apple, which uses HealthKit to ensure data is stored securely.
"It will be the job of health information management personnel to make sure the databases storing wearable data are HIPAA compliant," she writes, adding that health information managers should act as patient advocates when ensuring data security and HIPAA compliance.
She suggests organizations do the following three things.
1. Providers should consider establishing a separate network that is not controlled by the IT department for wearable devices.
2. Health information managers and IT departments must assume responsibility for monitoring and ensuring physician-provided wearable Bluetooth receptors cannot make random connections with other devices by establishing strict security tools.
3. Physicians and patients must understand the capabilities of each wearable device and implement appropriate security rules. This includes how the health data is shared and who it is shared with.
"As technology evolves, so should the responsibilities of health-care organizations and the roles of health information managers, not just to maintain HIPAA compliance, but also to keep the best interests of the patient at heart," Ms. Greenstone concludes.
More articles on health IT:
Cerner implementation sparks delays at Connecticut health system
4 legal questions on sharing EHR data with public health agencies, answered
Aurora Health Care, U of Texas Health Sciences join Strata Precision Oncology Network