Consumer advocates are calling for new regulations for mobile health apps and wearables that can collect health-related information.
"Privacy, security, and consumer-protection policies for the connected-health market should be held to a much higher standard than those established for most other areas of the digital marketplace," advocates say in the new 66-page report, "Health Wearable Devices in the Big Data Era."
The report, written by American University's Kathryn Montgomery and the Center for Digital Democracy's Jeff Chester and Katharina Kopp, calls for a host of new privacy rules. Among others, the authors propose that companies obtain consumers' affirmative consent before collecting or using data collected from health wearables.
"Because of their capacity to collect and use large amounts of personal data -- and, in particular, sensitive health data -- this new generation of digital tools brings with it a host of privacy, security, and other risks," they write.
"Biosensors will routinely be able to capture not only an individual's heart rate, but also brain activity, moods, and emotions. These data can, in turn, be combined with personal information from other sources -- including health-care providers and drug companies -- raising such potential harms as discriminatory profiling, manipulative marketing, and data breaches."
The groups note that companies manufacturing wearables often aren't bound by federal laws regarding medical privacy.
"Many consumers may think that their personal health information is protected by federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA). But that law applies only to medical facilities, insurance companies, pharmacies, and other so-called 'covered entities'," the authors write.
Several months ago, the industry-funded think tank Future of Privacy Forum put out a separate report about wearables and data collection. That organization argues that not all data collected by health-related wearables needs to be subject to the same privacy rules.
"The stringent privacy, security, and safety requirements appropriate for medical devices and medical data would render many commercial fitness devices impractical for everyday consumers," the Future of Privacy Forum said in its report. "At the same time, it would be a mistake to treat wellness data as if it were generic personal information without any sensitivity."