Senior Communications Manager
Kirk Nahra Discusses Data Privacy Related to Wearable Fitness Devices
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted by Washington Lawyer in its December cover story exploring the data privacy issues involving the latest health-surveillance tools and mobile fitness applications that allow consumers to track their own blood pressure, glucose levels, heart rate, and sleep patterns.
Medical data generated by doctors, hospitals, or clinicians is covered by the Health Insurance Portability and Accountability Act (HIPAA), which limits access to patient health records and punishes those who violate those protections, according to the article. However, information generated by fitness trackers, smartphones, and mobile applications is not covered by HIPAA regulations.
“There’s a huge debate right now about what to do with all this health care information that’s being gathered outside of the existing HIPAA regulatory structure,” said Mr. Nahra. “There’s an increasing consensus that we do something and no consensus on what we do.”
“Information we would normally think of as health information is getting collected and analyzed outside the normal hospital and doctor’s office settings,” Mr. Nahra added. “It doesn’t necessarily mean the companies in this business are doing bad things with the data, but they could.”
Mr. Nahra pointed out that when the HIPAA rules were written, the health care industry was defined by law in a certain way; however that is changing. “You could change HIPAA to have it cover all health information regardless of where it’s coming from. Right now, it has to come from the right place for it to be health information and protected.”