fb-pixelHealth wearables raise new privacy concerns - The Boston Globe Skip to main content

Health wearables raise new privacy concerns

Hailed as the future of preventive care, wearable health devices allow doctors to keep closer tabs on the health of patients as they go about their daily routines.

But as health systems consider these medical-grade devices, hoping to lower costs associated with hospital readmissions, they have also raised concerns about potential security risks to patients and to the hospitals connected with them.

Doctors who champion wearables believe the disruptive devices can chip away at the costs of chronic care — which are responsible for 86 percent of the nation’s $2.7 trillion in health care spending — and help keep patients out of hospitals. However, these clinical wearables add a new wrinkle of security risk for health systems nationwide on top of the 112 million patient records missing, stolen, or improperly disclosed in 2015.


“You want to guarantee patient data is protected,” said Jeff Chester, executive director of the Center for Digital Democracy, a nonprofit watchdog group focused on consumer protection and privacy issues. “That’s a goal [that has] not yet been accomplished.”

Wearables that are developed specifically for clinical use, instead of simple activity tracking like Fitbits, fall under the purview of HIPAA, the medical privacy law. And as patients transmit data from outside hospitals — from coffee shops, their homes, or other places with potentially unsecured connections — Jack Malloy, Henry Ford Health System vice president of information technology, believes wearables will remain “among the things that keep us up at night.”

“Any device that connects to our network has to have some authentication method,” Malloy said. “If a hacker got that, there’s a potential to get into our network and insert malware.”

Malloy thinks hospitals must consider wearables in their broader cybersecurity strategies, ensuring the devices are encrypted, connected to a secure VPN network, and entering a hospital data network through a single point of entry. Neil Gomes, chief digital officer at Jefferson Health, says tech staffers should vet wearable vendors before they’re given contracts for clinical use. That process could go so far as to have tech specialists hack those devices to test their vulnerabilities to a cyberattack — or even shift some legal responsibilities to vendors.


“The security is often managed by the vendors,” Gomes said. “If you don’t hold them responsible, you won’t know what protections they’ll offer.”

VitalConnect, a company that developed a wearable patch being used at Brigham and Women’s Hospital in Boston, uses a secure device to transmit data. Johanna Beckmen, VitalConnect’s vice president of marketing, says Brigham doctors send patients home wearing the patch on their chest. The device’s embedded biosensor measures heart rate, skin temperature, body posture, and other metrics — and can deliver real-time data through what the company describes on its website as an “open, scalable and highly secure cloud.”

“We’re dealing with health info that’s sensitive,” Beckmen said. “You don’t want it getting into the wrong hands as we put more and more data into the cloud. We have to keep on top of that.”

Dr. Rami Kahwash, a Richard M. Ross Heart Hospital cardiologist who’s testing a vest that monitors patients with heart failure, hasn’t seen any security threats during clinical trials, as data got sent from inside patient homes to a secured website accessible in the hospital.

But Chester, who studies privacy issues concerning wearables, said hospitals are starting to consider incorporating this kind of data into electronic health records. And he thinks that choice could result in “unintended consequences” that potentially compromise patients’ full medical information unless strong privacy safeguards are in place.


Gomes has operated cautiously knowing many patients may not realize the freedom of being untethered from in-hospital monitoring also comes with risks.

He’s adopted a cautious approach at Jefferson Health toward embracing new sensors — even though it may hinder the immediate adoption of wearables. But he says it’s necessary to protect patients.

“[Wearable] data could save lives,” Gomes concedes. “But the privacy of data is important, too. We have to make sure that trust isn’t violated.”

Max Blau can be reached at max.blau at statnews.com. Follow him on Twitter @maxblau.