How Safe Is Your Fitbit Data?


So-called health wearables are everywhere these days, from iPhones that record health-care data to step counting devices like the Fitbit. While millions of pieces of health-care data are being collected and stored on a daily basis, most of it is outside the purview of federal privacy and security laws.

The boom in digital health-care data is a growing privacy risk, and federal law is likely to change in the near future to regulate its use, Nan Halstead, a health privacy and security attorney with Reed Smith LLP in Washington, told me. Expanding the scope of federal health-care privacy and security laws could force companies like Fitbit to increase their spending on compliance efforts.

Fitbit sold 2.2 million devices in the first quarter of 2018 and has 25 million active users, while Apple sold 52.2 million iPhones in the second quarter of fiscal year 2018.

Any future federal law will almost certainly focus on consumer protection and could use a Health Insurance Portability and Accountability Act framework, Halstead said. Halstead said it was doubtful that HIPAA itself would be expanded to include new digital health-care technologies, as the law is too ingrained with the claims submission process and wouldn’t fit in well with the new technologies.

Newly created health-care data isn’t entirely unregulated, Halstead said, pointing to state law. The Federal Trade Commission also provides some regulation, but it’s limited by the scope of the agency’s jurisdiction, Iliana Peters, a health-care attorney with Polsinelli PC in Washington, told me.

HIPAA may be expanded at some point to cover more of the health-care sector, but it’s more likely that Congress and state legislatures will work to implement more robust protections for consumer health-care data, Peters said.

Read my story here.

Stay on top of new developments in health law and regulation, and learn more, by signing up for a free trial to Bloomberg Law.