{"id":1805,"date":"2018-09-11T21:15:18","date_gmt":"2018-09-12T02:15:18","guid":{"rendered":"http:\/\/blogs.luc.edu\/compliance\/?p=1805"},"modified":"2018-09-11T21:15:18","modified_gmt":"2018-09-12T02:15:18","slug":"is-your-fitness-tracker-violating-your-privacy-rights","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/compliance\/?p=1805","title":{"rendered":"Is Your Fitness Tracker Violating Your Privacy Rights?"},"content":{"rendered":"<p><em>Jessica Sweeb<\/em><br \/>\n<em>Associate Editor<\/em><br \/>\n<em>Loyola University Chicago School of Law, JD 2019<\/em><\/p>\n<p>An increasing number of companies are providing fitness trackers for their employees as a part of their benefits package. The use of fitness trackers has been steadily growing over the past few years, and is predicted to hit a shipment size of <a href=\"https:\/\/www.forbes.com\/sites\/paullamkin\/2017\/06\/22\/wearable-tech-market-to-double-by-2021\/#53729a42d8f3\">240.1 million devices by 2021<\/a>. Even though the popularity of these fitness trackers has boomed, their compliancy with HIPAA has not kept up with them as quickly. A few companies that make fitness trackers have become HIPAA compliant, such as Fitbit and Apple. However, some companies have remained silent as to whether they are or plan on becoming compliant. While fitness trackers have been shown to have an overall positive effect in corporate wellness programs, corporations should remain up to date with how to keep their employees\u2019 health information secure as well as ensure that the fitness tracker that they are providing is HIPAA compliant.<!--more--><\/p>\n<p><strong>Fitness trackers and their role in the corporate office<\/strong><\/p>\n<p>Starting in 2006 through 2013, companies such as Fitbit, Google, and Nike have released their own version of wearable fitness trackers. Certain companies, Fitbit in particular, began to accumulate large name companies as clients to sell their fitness trackers to. Target, one of Fitbit\u2019s clients, <a href=\"https:\/\/www.fastcompany.com\/3058462\/how-fitbit-became-the-next-big-thing-in-corporate-wellness\">announced<\/a> in 2016 that it would provide 335,000 trackers to its American employees.<\/p>\n<p>Corporations have begun to implement corporate wellness programs, some of which include the use of fitness trackers, to help their employees adopt a healthier and more active lifestyle. Corporations may also be driven by the amount of money they can potentially save if their employees are more active. A 2010 study conducted by Duke University <a href=\"https:\/\/globalhealth.duke.edu\/media\/news\/obese-workers-cost-workplace-more-medical-expenses-absenteeism\">showed<\/a> that obesity has cost American businesses a total of $73.1 billion due to medical expenses as well as being absent from work.<\/p>\n<p>As of 2017, around <a href=\"https:\/\/www.shrm.org\/hr-today\/trends-and-forecasting\/research-and-surveys\/Documents\/2017%20Employee%20Benefits%20Report.pdf\">eight percent<\/a> of companies that participated in the Society for Human Management survey had provided fitness trackers to their employees, including IBM. IBM provided Fitbit trackers to 40,000 of their employees and established multiple wellness programs. Since then, IBM reported that roughly 96% of the employees that received Fitbit trackers tracked their health data, including daily meals. Additionally, after the company implemented a step challenge, it found the employees that participated reached more than twice as many steps as those who did not participate in the challenge.<\/p>\n<p>Fitness trackers have <a href=\"https:\/\/core.ac.uk\/download\/pdf\/77239902.pdf\">shown<\/a> to be an overall welcomed and successful addition to corporate wellness programs. They increase employee well-being, boost morale, and reduce insurance premiums. Despite this, corporations may have not considered that these trackers may put their employees\u2019 health information at risk.<\/p>\n<p><strong>Fitness trackers, health data, and privacy concerns<\/strong><\/p>\n<p>Fitness trackers are able to track a wide variety of health data, including heart rate, sleep patterns, calories burned, and even <a href=\"https:\/\/www.businessinsider.com\/blood-sugar-tracking-device-diet-health-fitbit-sano-diabetes-weight-loss-2018-1\">glucose levels<\/a>. Though this makes the consumer\u2019s life easier, these trackers may not be completely HIPAA compliant, leaving the consumer\u2019s health information vulnerable to being hacked, stolen, or sold.<\/p>\n<p>Among other things, the <a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/laws-regulations\/index.html\">HIPAA Privacy Rule<\/a> covers protected health information (PHI) \u2013 which is defined by the U.S. Human Health and Human Services (HHS) as \u201c \u2018individually identifiable health information\u2019 held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.\u201d This rule applies to fitness trackers and the health information they collect when the information integrates with a consumer\u2019s healthcare organization\u2019s information or with the consumer\u2019s electronic health record.<\/p>\n<p>Though Fitbit became HIPAA compliant in September 2015, it <a href=\"https:\/\/www.mobihealthnews.com\/43412\/fitbit-files-for-ipo-sold-nearly-11-million-fitness-devices-in-2014\">sold<\/a> nearly eleven million fitness trackers in 2014 \u2013 meaning that for almost a year, consumers\u2019 health information was left completely unprotected. With an increasing number of corporations giving fitness trackers to its employees, it\u2019s important for both employers and employees to be aware of the privacy risks associated with them if the employee sends their tracker\u2019s information to their healthcare provider.<\/p>\n<p><strong>\u00a0How companies can help protect their employees<\/strong><\/p>\n<p>Companies can help keep their employees\u2019 privacy information protected by making sure that the employee understands the privacy risks associated with using a fitness tracker. Employees also should recognize exactly what health information the company is tracking and keeping for themselves, and what they plan to do with it. Companies could hold informational sessions in order to inform their wellness program-enrolled employees about fitness trackers. The sessions may explain what information is collected by fitness trackers, how they are beneficial, and the measures the corporation is taking to protect the health information. It\u2019s good practice for the corporation to be completely transparent if their employees inquire about how their health information is being stored and how it will be utilized.<\/p>\n<p>Providing fitness trackers in corporate wellness programs to help employees stay healthy has been found to be highly effective. Corporations should keep distributing the trackers \u2013 as long as the employees are fully informed and aware of the privacy risks associated with them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An increasing number of companies are providing fitness trackers for their employees as a part of their benefits package. The use of fitness trackers has been steadily growing over the past few years, and is predicted to hit a shipment size of 240.1 million devices by 2021. Even though the popularity of these fitness trackers has boomed, their compliancy with HIPAA has not kept up with them as quickly. A few companies that make fitness trackers have become HIPAA compliant, such as Fitbit and Apple. However, some companies have remained silent as to whether they are or plan on becoming compliant. While fitness trackers have been shown to have an overall positive effect in corporate wellness programs, corporations should remain up to date with how to keep their employees\u2019 health information secure as well as ensure that the fitness tracker that they are providing is HIPAA compliant.<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[56],"tags":[715,1623],"class_list":["post-1805","post","type-post","status-publish","format-standard","hentry","category-hipaa-health-information","tag-employment","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/1805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1805"}],"version-history":[{"count":0,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/1805\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}