Whether it’s medication management apps, wearables or other sensors and gadgets that track a senior’s daily activities, technology can be a huge help. But what if you learned that your favorite health tech companies are sharing your senior parent’s most sensitive information?
This article comes to us from Andrea Needham at Eldersday.org.
Protecting Seniors’ Personal Health Information in the Age of Technology
Whether it’s medication management apps, wearables that promote physical activity, or sensors and gadgets that track a senior’s daily activities, technology can be a huge help when it comes to caring for an aging parent. But what if you learned that your favorite health tech companies are sharing your senior parent’s most sensitive information?
While people young and old are embracing health-based technology like wearables and health apps, many don’t realize that the private information they share with tech companies aren’t all that private after all. That’s because unlike your doctor, your app developer or social media site isn’t obligated to comply with HIPAA, the well-known health privacy act.
If that concerns you, here’s what you need to know.
Who Is and Isn’t Required to Protect My Personal Health Information?
- According to The Department of Health and Human Services, the entities that must adhere to HIPAA regulations include health plans, healthcare providers, healthcare clearinghouses, in addition to businesses associated with these covered entities. Read more.
- There are numerous organizations that “have access to their records and don’t need anyone’s consent to do so” … “In fact, there are dozens of individuals and organizations that are legally allowed to access our medical records for a variety of reasons, either by request or by purchase. In some cases, we provide permission for their access. In others, permission isn’t necessary. In still other cases, we provide permission without even realizing we’ve done so,” states VeryWell Health. Read more.
- Huffington Post: “Here’s the reality of life as a wearable device owner: There’s no doctor/patient privacy or patient privacy or any privacy for that matter. Monitoring your health and collecting data is like publishing your own medical autobiography online,” Mark Weinstein, Leading Privacy Advocate, CEO of MeWe.
Why Should I Be Worried?
- “Medical records contain a wide range of information, including your name, address, phone number, Social Security number, emergency contact information, and more. In the hands of identity thieves, this information can be used to open bank, credit card, and loan accounts or to get identity documents such as passports and driver’s licenses. In some cases, thieves have used stolen identities to get access to controlled substances, which led to the identity theft victims being investigated for the crime,” states Pinnacle Care. Read more.
- “The complexity and sheer volume of the data ecosystem mean that patient privacy and data security are among the most pressing issues facing organizations trying to bring healthcare data together … To empower this ecosystem in the face of its complexity, the industry will need to take steps to ensure that the right data ends up in the right hands at the right time,” says Datavant. Read more.
How Can I Protect Myself?
“Do your research before you buy. Devices become smart because they collect a lot of personal data. While collecting data isn’t necessarily a bad thing, you should know about what types of data these devices collect, how it’s stored and protected, if it is shared with third parties, and the policies or protections regarding data breaches,” recommends Norton LifeLock.
- To keep protected health information safe at the doctor’s office, USAToday recommends asking about a medical provider’s data security practices and whether health information is double encrypted. If not, consumers may want to find a provider with better data security practices.
What Medical Practices Can Do to Protect My Personal Information
- Health IT Security: “We need to make sure that we have appropriate business associate and other data use agreements in place for purposes of the arrangement, and then ensure that appropriate security safeguards regarding the maintenance, use, and transmission of that data exists,” according to Ropes & Gray Partner Tim McCrystal.
“Some of the innovative partnerships that are now being undertaken require independent HIPAA Privacy and Security analyses at the time that they’re implemented to the extent that the information is not de-identified fully in accordance with HIPAA.” Read more.
- “Experts recommend that healthcare organizations perform risk assessment sessions on a regular basis to determine the vulnerabilities of their systems. By identifying weak links within their data security systems, healthcare organizations can effectively fix any issues before they arise. HIPAA compliance rules mandate for healthcare organizations to conduct a security risk assessment annually or as changes to electronic systems occur,” explains The Doctor Weighs In. Read more.
As convenient as they may be, for many people, the privacy risks of health-based technology simply aren’t worth the benefits. It’s up to you to decide if you’re comfortable using health tech to care for a senior loved one. If you do, be sure to educate yourself about the type of information that’s being shared and the best ways to protect your loved one’s personal health information from unauthorized access.
Image via Pexels