Friday, October 02, 2015

Private Fitbit Reporting for Duty

As we noted this past summer, the privacy challenges posed by folks using their FitBits (or similar exercise tracking devices) remain murky. One problem is that one doesn't necessarily know where the data will actually land, and whether or not that end-vendor (for lack of a better term) is a "HIPAA covered entity." The sticking point is defining just who (or what) is a "HIPAA covered entity."

The good news is that the situation recently became a bit less murky, at least for some folks:

"Fitbit announced it will enter into HIPAA business associate agreements with covered entity health plans and self-insured employers that will offer Fitbit’s wellness platform to employees and insured individuals."

So what does this mean in practice?

Basically, that FitBit will need to "implement the security controls required by the HIPAA Security Rule, but only with respect to data it is receiving from or collecting on behalf of covered entity health plans or healthcare providers."

So if your health plan includes FitBit-style tracking, then your info is likely  a bit more private than it has been. Of course, this applies only to FitBit users: if you're using some other similar device, you may want to do a little research on how your ostensibly private info is being treated.
blog comments powered by Disqus