Wearable electronics have become increasingly popular over the past few years. From smartwatches and fitness trackers to Google Glass and more, there's a growing trend towards the use of these functional devices. While wearable electronics such as this are undeniably fun and convenience to use, many professionals in the healthcare industry question whether or not they violate the Health Insurance Portability and Accountability Act (HIPAA).
If you keep up with the Allpoint Compliance blog, you're probably well aware of the general principle behind HIPAA. Originally created in 1996, it consists of several Rules, most of which aim to protect the privacy of healthcare patients. Healthcare facilities and other covered entities are required to follow these Rules, and failure to do so may result in a citation or other consequences handed down by the Department of Health and Human Services (HHS).
So, are wearable electronics a violation of HIPAA? If you read through HIPAA's lengthy Security and Privacy Rules, you won't find any specific information pertaining to wearable electronics. Don't let this fool you into thinking it's OK to wear an electronic device while working, though, as covered entities are still required to abide by the laws set forth by HIPAA.
Conflicts between wearable electronics and HIPAA usually occur when the device is use to store Protected Health Information (PHI). For instance, a nurse may make a note on patients' conditions and room numbers on their device. HIPAA doesn't specifically prohibit the use of wearable electronics for purposes such as this, but the covered entity must implement meaningful and appropriate safeguards to ensure the data is protected from unauthorized use or access. Going back to the example mentioned above, if the nurse fails to implement these safeguards, the practice could be found in violation of HIPAA.
Another problem that arises with the use of wearable electronics is the potential for the device to become lost or stolen. If a nurse carries their device home, there's a chance he or she may lose it. As long as the device contains doesn't contain PHI, this shouldn't be a problem. But if the device contains Protected Health Information, it may conflict with HIPAA.
The bottom line is that covered entities need to err on the side of caution when allowing workers to use wearable electronics. Sure, these devices are fun and innovative way to store data, but they can also pose a security risk.