Privacy and Security Risks When Using Wearable Devices For Patient Care

Privacy and Security Risks When Using Wearable Devices For Patient Care

Wearables have revolutionized the healthcare sector, but could these devices put sensitive patient data at risk? Less than half of adults would feel comfortable sharing information via wearable devices, according to one study. It seems, then, that the majority of people have significant security and privacy concerns when using this tech. Here’s why patients and healthcare workers should be more aware of the risks associated with wearables.

The Problem With Using Wearables to Improve Patient Care

Wearables provide patients with a wide range of benefits. Fitness bands, for example, use biosensors to measure heart rate, blood cell counts, and exercise levels. Patients and practitioners can use this data to optimize health outcomes. Smartwatches, on the other hand, track healthy eating and fitness programs. Other wearables like smart thermometers — which measure children’s temperatures — and smart clothes serve a real purpose in the healthcare sector.

But, like all good technology, there are risks — and lots of them.

Earlier this year, an assistant professor at the University of Illinois raised security concerns about healthcare wearables and patient privacy. The problem? Most smart devices don’t protect health data in the same way as traditional medical devices.

“Health data collected by Fitbit, for example, is not governed by the HIPAA Privacy Rule,” Andrew Boyd told HealthITSecurity.com. “It is governed by contract law and the licensing agreement with your software provider.”

Recent healthcare breaches support the argument for tighter data protection.

The healthcare industry was subject to 88 percent of all ransomware attacks in the United States in 2016. Worryingly, the healthcare sector invests only 6 percent of its annual budget in cybersecurity.

A recent study suggests that smart wristbands made by Fitbit are vulnerable to hackers. Researchers from the University of Edinburgh were able to intercept messages from the Fitbit Flex and Fitbit One devices.

“The team accessed personal information from the devices as it was sent to the company’s cloud servers for analysis,” says The Telegraph. “The researchers said the problem could be used to falsify activity records or steal personal data.”

What Are the Risks?

Some wearables collect all kinds of patient data: Names, addresses, and even Social Security numbers. Others connect to social media accounts. Hackers can get access to this data and demand a ransom from healthcare providers before they hand back the information. This happened just last year with the WannaCry ransomware attack, which impacted Britain’s National Health Service. Alternatively, hackers can sell sensitive patient data to other cybercriminals.

With security gaps between HIPAA-governed and non-HIPAA-governed entities, there’s confusion over who regulates these medical devices. Currently, the FDA doesn’t regulate most wearables, and because there’s little regulation, not all manufacturers and app developers have to protect patient data.

The current situation is messy, and healthcare experts want clarification.

“Millions of health-care data points are collected by wearable device companies every day, and any gaps in data security and privacy policies could lead to catastrophic data breaches and uncertainty that would harm both the companies and consumers,” says Bloomberg BNA.

Wearables like smartwatches and smart thermometers provide both patients and practitioners with real value. These devices could increase the risk of a data security breach, however. Healthcare providers need to be aware of these issues in order to comply with HIPAA and other medical-related legislation.