BOSTON – Technology like smartwatches, smart rings and apps and websites can help you keep up with you health or fitness goals. They can be that extra push you need on your fitness journey, or important to monitor your health – but this could come at a cost.
Unlike doctors and other medical professionals, according to Consumers’ Checkbook, many of these medical apps, websites and devices you’re using don’t have to keep your health information confidential.
But what about HIPAA laws? HIPAA, the Health Insurance Portability and Accountability Act, protects your sensitive medical information if you’re working directly with a medical professional. But in general, it does not cover:
- Data collected from searches done on your phone or on the web.
- Information you provide to a website or app that aren’t affiliated with your medical provider.
- Health data generated by your phone, smartwatches and other wearable tech, unless that technology is provided by a HIPAA-covered entity.
This means your information that is being collected by apps you download will likely be shared and sold to companies or private data brokers, which consumer expert Kevin Brasler of Consumers’ Checkbook said is largely unregulated. You can “opt out” of sharing but you’ll have to read through their terms and conditions first. And Brasler said, more often than not, these “privacy policies” and agreements are tough to understand.
“A big problem is that recently, the [Federal Trade Commission] sued and fined several large apps for not doing what they promised. For not keeping their customers’ private medical information private. They were sharing that data with others and largely without their own customers’ consent,” Brasler told WBZ TV.
In February, the FTC took action against Good Rx for not telling customers their personal health information was being shared on Facebook, Google and other companies. The FTC had similar lawsuits in March with BetterHelp and in May with an ovulation tracking app called Premom.
So, how can you protect yourself? Only use devices, apps or websites that are completely covered by HIPAA regulations. To check to see if that’s the case, look for two things in the privacy policy:
- A “notice of privacy practices” (a detailed list of your rights under HIPAA)
- How you can exercise those rights
Thanks for reading CBS NEWS.
Create your free account or log in
for more features.
link