Photo © TonyTaylorStock | Dreamstime.com
Wearable technology, recently listed among the top five fitness trends for 2026, just might be one of the biggest privacy risks out there, say lawmakers, who would like to see the data regulated under the Health Insurance Portability and Accountability Act of 1996 (HIPPAA) since many devices contain apps that collect large amounts of personally identifiable health information.
Wow. And you thought Alexa was creepy.
The wearable tech and app market has been growing explosively and that means a powerful lobby is at work; however, privacy laws have never been a bigger concern. To backtrack a little, HIPAA is a US federal law that establishes national standards to protect sensitive patient health information from being disclosed without the patient's consent.
Its main purposes are to protect the security and privacy of health information, make it easier for people to maintain health insurance between jobs, and standardize healthcare data to improve efficiency. It is why pharmacies ask you to stand a certain distance back while other clients are picking up or dropping off medication, and it’s why your doctor’s office requires patients to wait until they’re called on.
Now, patient advocates are taking aim at wearables, which for years have operated in a gray area.
According to Athlete Tech News, Senate Health, Education, Labor and Pensions Committee chair Bill Cassidy, M.D. (R-La.) has introduced the Health Information Privacy Reform Act, a bill that would bring new privacy standards to smartwatches, rings, trackers and health apps that currently fall outside HIPAA.
And, notes Cassidy, HIPAA has not kept pace with products that connect people to health insights without ever entering a medical setting. In fact, he and others who support the bill refer to the space wearables now operate as “the Wild West.”
Cassidy’s Health Information Privacy Reform Act continues his focus on private data. It requires health technologies not subject to HIPAA to disclose how consumer information is collected and shared. It also explores how to give consumers’ opportunities to share their health data to support future research and be compensated for their contributions. (Read the full bill text here.)
In fact, notes HIPPA Journal, “While the health data would be classed as protected health information (PHI) and be subject to HIPAA protections if it were collected by a healthcare provider, the health information collected by health apps, smartwatches, and other wearable devices is rarely protected by HIPAA or the HITECH Act of 2009, which applies to certified health information technologies.”
Yikes.
“Smartwatches and health apps change the way people manage their health. They’re helpful tools, but present new privacy concerns that didn’t exist when it was just a patient and a doctor in an exam room,” said Cassidy in a press release. “Let’s make sure that Americans’ data is secured and only collected and used with their consent.”
Squarely in the sights of lawmakers are fitness trackers like Whoop. Athlete Tech News notes that “in July, the U.S. Food and Drug Administration sent Whoop a warning letter stating that its Blood Pressure Insights feature is a medical device that lacks required marketing authorization under federal law. Whoop has disagreed with the interpretation and has defended Blood Pressure Insights as a wellness feature rather than a diagnostic tool.
Whoop’s more advanced features, such as ECG readings and blood pressure insights, are governed by medical device regulations, and the company says this data is stored separately and encrypted. Whoop has created a page that details how these regulated features are managed and how members can control their data.”
Oura, another device manufacturer, has entered the chat with reassurances its data remains private. Oura began its campaign following concerns raised on social media over the summer when the company announced a collaboration with data analytics firm Palantir on projects with the U.S. Department of Defense.
But it’s not just heart rate and blood pressure readings that has people in a lather, and it’s not just in the USA either. Sweden’s national security service said it was investigating reports that bodyguards accidentally exposed the private travel locations of high-profile officials, including the king and queen, after their running and cycling routes were publicly visible on the social fitness app Strava.
Wow. Talk about tracking.
And with the uptick of youth athletes who use wearable tech while out training, either at a gym, a track, a field or on a road (and who often post their routes on social media as bragging points), it’s easy to see why concerns are growing stateside as well.
About the Author
