Privacy Issues in Using Wearable Technology to Manage Chronic Disease

It is notoriously difficult to manage a chronic disease on a day-to-day basis. Individuals with, for example, diabetes, heart disease, and substance use disorders require lifestyle changes that will define their quality of life. Many physicians and healthcare systems have begun to incorporate wearable technologies – including medical devices and consumer electronics – in the daily treatment of chronic disease because these devices can collect relevant data in real time, and provide clinicians with a glimpse into the daily habits of patients without recall bias. However, there are numerous legal ramifications and potential pitfalls in utilizing wearable technologies to monitor objective and subjective risk factors in the treatment of chronic disease.

 In a broad sense, the concept of personal privacy has changed dramatically in the last 50 years; perhaps even more so since the turn of the century. Indeed, seemingly ubiquitous security cameras, satellite cameras, and the realization that the government and big businesses have access to many personal correspondents such as emails, gives Americans the feeling that they are being watched almost all the time. Whether big data is used for national security, marketing, or product pricing, most people understand that the Internet is keeping tabs on them – from Google search to Facebook.  

The extents to which personal data is shared among companies and government entities are still, however, a mystery to mostAmericans. For example, who handles the transfer of data from one company to another, and who regulates these transactions? When considering health data (which is not necessarily a medical record) such as heart rate and/or steps on a Fitbit, is that data also valuable to a marketing firm? What about GPS tracking? If an individual is using a wearable technology to manage chronic illness, shouldn’t all data from that device be held to HIPAA standards?

Wearable technologies are being used more often in the treatment of chronic disease, a trend that will likely continue in the future. However, many of the things that are monitored by wearable technology are already sold as data points between companies outside the healthcare realm, and in many cases are publically available with an online search.  In fact, these data are not protected by HIPAA, or event the Food, Drug, and Cosmetic Act that covers many medical devices. Wearable technologies that are commercially available are considered low-risk, general wellness products and data may be used within the constructs of the privacy statement agreed upon by the company and user (required to use the product).  There are, however, wearable devices that are classified as medical devices such as Dexcom ContinuousGlucose Monitoring system and federal law protects data from these products. The question going forward (especially for applications created to monitor chronic disease on commercially available technologies), is what standards will be set by regulatory bodies, and adopted by industry, to protect the confidential information regarding health in a way that does not impede the data farming that regularly takes place in the tech world.

Companies that make wearable technologies such as Fitbit and Dexcom need to adhere to HIPAA level privacy standards for patient information transmitted on their devices. Dexcom, which makes technology specific to glucose monitoring, should already be doing this. However, publically available technologies such as Fitbit likely do not. The FDA should have a division dedicated to auditing any company that handles patient information to ensure compliance. In this way, patient information that may be collected, stored, or transmitted on these devices will be handled in a way that protects individuals using these devices for management of chronic disease. If companies do not comply, their intellectual property should be forfeit if another company makes a similar model for the exclusive purpose of patient care.