Takeaways
- Wearable devices collect extensive personal data, including health metrics and location, which are often shared with third parties.
- HIPAA protections do not typically cover data collected by consumer wearable devices, leaving data vulnerable to use by manufacturers, advertisers, and data brokers.
- Stronger federal data privacy legislation is necessary to protect consumer health data collected by wearable technology.
- Consumers should take proactive steps, including reviewing privacy policies and adjusting settings, to safeguard their wearable tech data.
Are you wearing a smartwatch, fitness tracker, or smart ring? Do you use these devices to record health-related data? Do you know who has access to your data and how they use it?
In this era of digital health and always-on connectivity, wearable technology offers powerful tools for monitoring personal health, tracking fitness goals, and even managing chronic diseases. And the market for wearable technology devices has grown substantially in recent years, from $20 billion in 2015 to $109.3 billion in 2023.
However, the increased use of these innovative devices also raises urgent questions about data privacy. As consumers embrace wearable tech, many are unaware of how their personal data is collected, shared, and used, or whether they’re protected at all under existing laws such as the Health Insurance Portability and Accountability Act (HIPAA).
What Information Does Wearable Tech Collect?
Wearable devices, which include everything from the Apple Watch and the Oura Ring to smart contact lenses and glucose monitors, may collect a vast array of sensitive information in real time, including:
- Biometric data. Heart rate, blood oxygen levels, body temperature, sleep patterns, and more.
- Location data. GPS tracking and movement patterns.
- Lifestyle data. Step counts, activity levels, diet logs, and stress levels.
- Health indicators. Menstrual cycle tracking, irregular heartbeat notifications, and other health metrics.
This data, when aggregated, can paint a detailed picture of your daily life, habits, and health status. The granularity of these data points makes them particularly valuable, not only to users and health care providers, but also to advertisers, insurers, and data brokers.
Who Really Owns the Data?
Though users of wearable devices may believe they control their own health information, the reality is more complicated. The companies that manufacture these devices and operate the associated apps often include broad data-sharing permissions in their terms of service. Many users agree to these terms without fully understanding the extent to which their data may be shared with third-party advertisers or business partners, analyzed using artificial intelligence for market profiling, or sold to data brokers for purposes unrelated to health.
Does HIPAA Protect Your Wearable Technology Data?
HIPAA was enacted in 1996 to protect patients’ sensitive health information. However, its protections only apply to “covered entities,” such as health care providers, health plans, health care clearinghouses, and their business associates.
This means that most consumer wearable companies, like Fitbit, Apple, Oura, and Garmin, are not covered by HIPAA, unless they are working directly with a health care professional or insurer on your behalf. As a result, if you wear a fitness tracker that logs your heart rate and sleep cycles, and that information is stored in the cloud or shared with third-party apps, they may not be subject to HIPAA protections.
Even when wearable electronics are prescribed or used as part of a medical treatment plan, HIPAA may only cover certain aspects of the data transmission. The boundary between what’s protected and what’s not can be murky, and often tilted in favor of corporate interests.
A Need for Stronger Consumer Protections
In the absence of comprehensive federal data privacy legislation in the United States, wearable users are left with a patchwork of protections. Some state laws, such as the California Consumer Privacy Act (CCPA) and Illinois’ Biometric Information Privacy Act (BIPA), provide more robust rights, such as the ability to access, delete, or opt out of the sale of personal information. However, these protections are not consistent nationwide, and many consumers may not even know they apply.
You may purposely choose to authorize sharing of the data in the health apps and wearable devices you use so that your health care provider can access it and add it to your medical records. The health care provider must then comply with HIPAA regulations. Notably, a company that provides medical supplies such as glucose monitors reached a settlement agreement earlier this year with the U.S. Department of Health and Human Services to resolve alleged violations of HIPAA rules.
Best Practices for Protecting Your Privacy
Until clearer regulations are enacted, you should take proactive steps to protect your data, including the following:
- Read the privacy policies and terms of service. Look for clauses about data sharing with third parties and consult an attorney if you need clarification.
- Adjust your privacy settings. Many apps allow you to limit location sharing or disable third-party access.
- Avoid unnecessary permissions. Don’t connect your wearable to platforms or services you don’t trust.
- Consider using offline modes. Some devices offer data storage without syncing to the cloud.
- Stay informed. Pay attention to news about data breaches or privacy scandals involving wearable companies.
The Future of Data Privacy and Health Rights
As wearable technology becomes more sophisticated, and more deeply integrated into health care systems, the need for stronger legal protections is clear. Expanding HIPAA coverage or enacting new, comprehensive federal privacy laws could help ensure that consumers retain control over their most intimate health data.
In the meantime, you should remain cautious and educated about how your personal information is being used and who ultimately benefits from it.
A HIPAA form is an important part of a comprehensive estate plan. Contact your estate planning attorney to learn about how this and other estate planning documents can help you keep your personal information and other assets safe.