Wearables and other remote patient monitoring tools have expanded patient care beyond the walls of brick-and-mortar clinics.  

Even as these devices have widened access, however, the "internet of healthy things" has also meant more potential privacy issues, explained experts in a HIMSS21 Global Conference Digital session available on demand this week.  

Connected Health Initiative Senior Policy Counsel Brian Scarpelli believes that the virtual care environment is here to stay.  

"The COVID-19 pandemic has done a little bit of a shocking fast-forward there in the uptake," he said.  

As exciting as advancements have been, however, Joy Pritts, fellow at the Innovators Network Foundation and former chief privacy officer at the Office of the National Coordinator for Health IT, raised concerns about virtual care technology outpacing privacy protection policies.

Pritts noted that HIPAA is quite broad – but it doesn't apply to the entirety of health IoT.  

A diabetes monitor prescribed by a doctor is covered by HIPAA, she explained, but an online therapist who is not associated with your health plan or provider, and who only takes credit cards, is not.  

"They're not doing the transactions that are necessary to bring them within the scope of HIPAA," she said.  

Fitness trackers, meanwhile, are a gray area.  

"Sometimes, you'll have the same kind of device, and they'll have a special program they'll run … where the fitness tracker is offered on behalf of the health plan, and so it becomes covered by HIPAA," she said.  

Overall, the current privacy landscape is a patchwork of various regulations on both a state and federal level.   

For instance, the Federal Trade Commission may step in to take action where HIPAA cannot, Scarpelli pointed out.   

Still, "almost all these laws … require that personal information be adequately secured," said Pritts.  

The panelists cited the increasing value of health data as a commodity, with connected devices posing a tempting target for bad actors.  

"Nothing's more dynamic than the criminals and nation-state-backed hackers," said Scarpelli.

"It just seems like it can't get any worse," he continued.

"There's money in this for people to make, and not just in neutral ways," agreed Pritts.  

In order to address some of those issues, Pritts said the scope is broadening as to what is considered identifiable information. A device's IP information, for example, is increasingly being recognized as a way to pinpoint someone's identity.  

Scarpelli and Pritts encouraged viewers to get involved with policy development by monitoring proposed changes to statutes and keeping ahead of trends with respect to regulation.

"You can also, yourself, advocate," said Scarpelli. "The policymakers desperately need to hear from the real practitioners out there."  

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.