Using Technology to Age Better, but is Your Data Privacy at Risk?
Don’t expect HIPAA privacy laws to cover everything.September 28th, 2022
By Andrea Needham
Medication apps, fitness trackers, smartwatches and voice-activated assistants like Alexa and Siri can be a great help to seniors aging in place as well as to their caregivers. However, while using health-based technology has its benefits, it also comes with drawbacks, particularly when it comes to data privacy. That’s because the same laws that protect patient privacy at the doctor’s office don’t apply to health information consumers shared with tech companies through apps, wearable devices, and other health-based technology. Scary, right? Let’s look at the bigger picture.
Who is, isn’t required to protect my personal health information?
“HIPAA does not apply to all health data. It depends on who collects or maintains the data and the relationships with HIPAA-covered entities or business associates,” Academy Health explains. “Generally, HIPAA applies to health data collected or maintained by those in the traditional health care space, including health plans and most health care providers (such as doctors, hospitals, pharmacies, and labs) as well as those doing business on behalf of these entities,” Read more.
“Now, just because you’re developing a health app does not necessarily mean you need to be HIPAA compliant. An app like Runkeeper, or Fitbit, for example, where you’re inputting data to chart your own health and fitness goals, wouldn’t need to be HIPAA compliant.” Read more.
“[HIPAA] regulations only apply to those apps that transmit PHI (like medical records or appointment dates) to or on behalf of covered entities or their business associates, and generally would not include “health” apps designed for use solely by individuals.” Read more.
“Health app developers routinely, and legally, share consumer data with third-parties in exchange for services that enhance the user’s experience … or to monetize the app,” according to one study. “Little transparency exists around third-party data sharing, and health apps routinely fail to provide privacy assurances, despite collecting and transmitting multiple forms of personal and identifying information.” Read more.
“Patients generally don’t know that their most personal information – what diseases they test positive for, what surgeries they have had – is the stuff of multibillion-dollar business. But although the data is nominally stripped of personally identifying information, data miners and brokers are working tirelessly to aggregate detailed dossiers on individual patients.” Read more
“When Google or Facebook combine its troves of non-health-related consumer data with highly sensitive medical data, it creates digital health profiles with no external validation of accuracy, without consumers’ consent or ability to opt out. As tech companies move into health care, these digital profiles will become part of our medical records, with the potential to shape the care we receive, the resources we can access, and the bill we pay at the end.” Read more.
“It’s hard to prevent apps from collecting data because there are few legal limitations on doing so,” Consumer Reports explains. But to reduce the risk their information is shared without their consent, consumers can read privacy policies, familiarize themselves with privacy settings, and choose their apps and devices wisely. Read more.
“The next thing to look into and consider with regard to healthcare cybersecurity is installing firewalls. Firewalls are a device that monitors incoming and outgoing traffic and can detect unauthorized devices attempting to bypass it. If it detects an unauthorized device, it will deny it entry into the system.” Read more.
“Devices become smart because they collect a lot of personal data. While collecting data isn’t necessarily a bad thing, you should know about what types of data these devices collect, how it’s stored and protected, if it is shared with third parties, and the policies or protections regarding data breaches.” Read more.
“All companies who have a compliance obligation must remember that the point of HIPAA compliance is to impose a certain level of security,” states Tracy Reed, CEO of Copolitco. “Security is the ultimate goal, not necessarily compliance. Compliance comes as a result of having a good security program. Being compliant does not mean you are secure; it merely means you have ‘checked the boxes.’” Read more.
Some seniors aren’t savvy about the ways that technology can put their personal information at risk. For that reason, it’s incumbent upon caregivers and loved ones to vet health-based technology thoroughly before adding it to their caregiving toolkit. While technology can be a great asset for senior caregiving, it’s important to be informed so you fully understand the trade-offs of introducing technology into your health care.
(Andrea Needham is the creator and editor at Elders Day. A lifelong writer, she created her website to share information and resources with other seniors who love living it up as they age.)