Governance

alt text

Governance

Governance in cybersecurity refers to the overall management and direction of an organization's information security program.

Risk Management

alt text

Risk Management

Risk management is the process of identifying, assessing, and prioritizing potential risks to an organization and implementing measures to mitigate or minimize those risks.

Compliance

alt text

Compliance

Compliance in cybersecurity refers to the process of adhering to industry standards, regulations, laws, and policies related to information security and data privacy.

How Health Apps and Wearable Tech Put Your Medical Info at Risk — and What to Do About It

Spread the love

How Health Apps and Wearable Tech Put Your Medical Info at Risk — and What to Do About It

Digital health wearables

Photo via Pexels

 

These days, most of us use some form of a health-related app, and many of us enjoy the benefits a smartwatch brings. We can track our workouts and progress in real-time, and we can even stay in touch with work and receive instant notifications. The convenience of tracking our efforts through apps and smartwatches certainly makes it easy to stay on point with our health. However, do you know how all of your information is being stored and used?

 

Although many medical establishments follow HIPAA guidelines when it comes to protecting consumer information, those regulations don’t always extend to fitness apps and smart tech. Here’s what you need to know:

 

Why Should Consumers Care?

  • Cyber security can’t be taken lightly because it can expose sensitive information and expose the company to lawsuits, “as in the case of the Tandem Diabetes Care Data Breach, where a hacker gained access to an employee email account. The company did not have proper security measures in place and did not have anyone test these measures. People were able to steal personal information, and now there is a class-action lawsuit in place against them for this.”

 

  • “The Federal HIPAA Security Rule requires health service providers to protect electronic health records (EHR) using proper physical and electronic safeguards to ensure the safety of health information,” notes CISecurity.org. “Breaches of over 500 records, whether due to a hacking incident, accidental disclosure, lost or stolen devices, or unauthorized internal access, must be reported.”

 

Are My Wearable Devices Putting Me at Risk?

 

  • “A study released by the Center for Digital Democracy and the School of Communication at American University revealed that the health privacy regulatory system in the United Stated doesn’t provide consumers the protection they might expect when it comes to wearables. The study also found that Americans “face a growing loss of their most sensitive information” through health wearable devices,” explains Wearable Technologies.

 

  • “If a wearable device is provided to a patient by a HIPAA-covered entity, the data the device collects, records, and transmits must be secured at all times. If the same device is provided by a non-HIPAA-covered entity, personal data collected by the device will not necessarily be protected to the same standards.”

 

What Can I Do to Protect Myself?

 

  • The Parallax: “Regularly monitor your accounts and information for suspicious activity —not just immediately following a breach, but also for the foreseeable future.”

 

  • “There is an obligation on users to see what type of information is out there on themselves,” Joe Jerome, an attorney on the privacy and data team at the Center for Democracy & Technology, tells Experian. “You have to be proactive. It’s unfair to users, but it’s the world we live in.”

 

What if My Information was Compromised?

 

Here’s what to do:

 

  1. Report a Medical Data Breach (U.S. Department of Health and Human Services)
  2. Report Medical Identity Theft (FTC)
  3. What to Do After a Data Breach (Credit Karma)

If you’re unsure whether your info is protected, start by asking yourself the questions listed above. If you suspect your medical information has been compromised, play it safe by contacting the FTC and notifying all three credit bureaus. Remember, there’s no foolproof way to prevent a data breach, even if a company is HITRUST-certified and follows HIPAA guidelines. As a consumer, you’ll need to monitor your credit and your medical records to safeguard your information.

 

Article written and submitted by, Lance Cody-Valdez

Add a Comment

Your email address will not be published. Required fields are marked *