Consumer advocates are calling for new
regulations for mobile health apps and wearables that can collect health-related information.
"Privacy, security, and consumer-protection policies for the connected-health market should be
held to a much higher standard than those established for most other areas of the digital marketplace," advocates say in the new 66-page report, "Health Wearable Devices in the Big Data Era."
The report, written by American University's Kathryn
Montgomery and the Center for Digital Democracy's Jeff Chester and Katharina Kopp, calls for a host of new privacy rules. Among others, the authors propose that companies obtain consumers' affirmative
consent before collecting or using data collected from health wearables.
"Because of their capacity to collect and use large amounts of personal data -- and, in particular, sensitive health
data -- this new generation of digital tools brings with it a host of privacy, security, and other risks," they write.
"Biosensors will routinely be able to capture not only an individual's
heart rate, but also brain activity, moods, and emotions. These data can, in turn, be combined with personal information from other sources -- including health-care providers and drug companies --
raising such potential harms as discriminatory profiling, manipulative marketing, and data breaches."
The groups note that companies manufacturing wearables often aren't bound by federal laws
regarding medical privacy.
"Many consumers may think that their personal health information is protected by federal laws, such as the Health Insurance Portability and Accountability Act
(HIPAA). But that law applies only to medical facilities, insurance companies, pharmacies, and other so-called 'covered entities'," the authors write.
Several months ago, the industry-funded
think tank Future of Privacy Forum put out a separate report about wearables and data collection. That organization argues that not all data collected by health-related wearables needs to be subject
to the same privacy rules.
"The stringent privacy, security, and safety requirements appropriate for medical devices and medical data would render many commercial fitness devices impractical
for everyday consumers," the Future of Privacy Forum said in its
report. "At the same time, it would be a mistake to treat wellness data as if it were generic personal information without any sensitivity."