Put mHealth data security, user privacy front and center

There's no denying it's an exciting time for wearables in the healthcare environment. From those early simplistic fitness bands to today's increasingly feature rich smart watches and smart clothing--as well as impending smart ear buds and ingestible wearables--wearable tracking and monitoring devices have come a long way in a short time. They likely are one of the first Internet of Things (IoT) technologies taking fast and deep root.

At the same time, concern regarding collection of user data and consumer privacy is growing. What's most disappointing is what isn't growing fast: real action on how best to securely collect user data, securely house it, protect the data from unauthorized access and protect a user's privacy.

While stakeholders both inside and outside the healthcare industry seems to be concerned about information security, no one seems to be taking point on privacy. Such inaction ultimately could stifle wearable and IoT development, as well as consumer adoption.

There is widespread agreement that the data wearables are collecting, all the information being monitored and tracked and all the insight being gleamed off a consumer's wearable must be protected and secured to avoid privacy invasion.

But while much of the security technology to make that happen exists, oftentimes it is not built into devices or even bolted on afterward. While some vendors, such as Apple, obviously are intent on ensuring data security, given ongoing discussions with the likes of the Federal Trade Commission (FTC), there are hundreds more not giving it a thought. And some device makers even brazenly dismiss the concerns by already sharing such data with third parties without user approval or awareness.

The other point many in the industry seem to agree on is that increased FTC regulatory action isn't necessarily an answer. I agree, to a point. But then I read an FTC report following a workshop in which a variety of stakeholders offered feedback and insight on data protection and security with IoT devices and I felt my head starting to spin.

Why? For one, I recall back in mid-2014 FTC Commissioner Julie Brill stating she was not interested in creating new laws for mHealth.

Then, the FTC staff report came out last week and the agency implied the following: stop collecting so much data, foster self-regulatory effort and enact data security and broad-based privacy legislation.

Stop right there. The one thing the mHealth tech movement doesn't need is more rhetoric, more confusion and more gray areas. And it's no surprise that even an FTC commissioner doesn't like his own agency's report. As sister publication FierceHealthIT reports: Daniel Castro, director of Information Technology & Innovation Foundation's Center for Data Innovation, calls the report "disheartening" for trying to "shoehorn old ideas on new technology."

I commend Castro for his extraordinarily polite description. It's time for the FTC to shred that report and try again before wearables and mHealth technology are forced to a grinding halt as consumers, patients, caregivers and providers stop embracing such technologies due to the lack of security and privacy protections. - Judy (@JudyMottl and @FierceHealthIT)