Sens. Bill Cassidy, M.D., (R-Louisiana) and Jacky Rosen, (D-Nevada) introduced the Stop Marketing And Revealing The Wearables And Trackers Consumer Health (Smartwatch) Data Act. The new law will make sure that no health information obtained through health apps, fitness trackers and smartwatches will be sold or shared without the consent of the consumer.
The Health Insurance Portability and Accountability Act (HIPAA) is applicable to all health information that HIPAA-covered entities and their business associates collect, store, keep, or transmit. Health apps, fitness trackers and wearable devices collect, store and transmit the same health information, which could be shared or sold without authorization. Consumers do not have control over the persons that could access their health information. The new law seeks to deal with that privacy issue.
The bill forbids transmitting, selling, sharing, or accessing any non-anonymized consumer health data or other personally identifiable health data that is collected, documented, or obtained from individual consumer devices to domestic data brokers, other local or foreign except if with consumer’s consent.
Consumer devices refer to equipment, applications or software programs, or mechanism with the principal feature or capability to collect, keep, or transfer consumer health data.
The Smartwatch Data Act covers data regarding the health standing of a person, personal biometric data, and kinesthetic data obtained directly by means of sensors or manually inputted by consumers into apps. The Smartwatch Data Act will handle all health information obtained by using apps, trackers and wearable devices as protected health information (PHI).
There have been demands for HIPAA to extend its coverage to application developers and wearable device companies that collect, hold, maintain, process, or transfer consumer health data. The Smartwatch Data Act is not a HIPAA extension to cover these businesses, rather the law applies to the information itself. The bill calls on the HHS’ Office for Civil Rights, the primary enforcer of HIPAA compliance to also enforce the Smartwatch Data Act. Noncompliance with the Smartwatch Data Act will have the same penalties as those for HIPAA violations.
The law was presented after the news about Google’s partnership with Ascension, the second biggest healthcare provider in the U.S., that gave Google access to 50 million Americans’ health data. That collaboration brought up several questions regarding the privacy of health data.
HIPAA law covers the data passed by Ascension to Google, but it does not cover fitness tracker data at this time. Google expects to partner with fitness tracker company Fitbit in 2020 and there is concern about the way Google is going to use personal health information obtained by means of Fitbit devices. The Smartwatch Data Act can help make sure that consumers have a say on the use of their health data.