Consumer fitness devices and company-sponsored wellness programs that use them pose a "whole different level of security and privacy concern," Stephen Cobb, senior security researcher at ESET, tells HealthcareInfoSecurity.com.
"A lot of the data is fairly benign, but the architecture within which these devices operate--there are apps that talk to them, there is data that is transmitted and stored and some sort of portal though which you go and access your information--it introduces multiple points where potentially sensitive, private information could be intercepted and stolen," he says in the interview.
Cobb says he's not too concerned about data at rest on these devices or data shared through smartphones, but it becomes more vulnerable when it's stored in the cloud or in a database. He cites the breach at toy maker Vetch as an example of a company not adequately protecting information on servers.
The Federal Trade Commission, Department of Health and Human Services and Food and Drug Administration are all looking at the status of data collected and transmitted through these devices, Cobbs adds, and he does see vendors working toward providing HIPAA-compliant devices. However, regulation could limit how these devices are used.
"Once you move from a sort of informal wellness program to a doctor-enrolled supervised healthcare project, then the rules change considerably," he says.
Consumers are showing interest in wearable devices, but health wearables must be engaging, interoperable and intelligent if they are to succeed, according to a recent PwC report.
Providers and payers must focus on security before allowing data exchange from patient and consumer devices, Suzanne Widup, a senior analyst with Verizon, said previously.
To learn more:
- listen to the interview