Does HIPAA extend to wearables and medical devices?

Does HIPAA extend to wearables and medical devices?

If a medical device collects, stores, or transmits protected health information (PHI) to a Covered Entity or a Business associate, for example, glucose level tied to a person, then HIPAA rules will apply. Many modern medical devices, wearables, and the Internet of Medical Things (IoMT) devices now have built-in microprocessors and WiFi or Bluetooth that can store PHI data and transmit it to the cloud, that can be accessed by healthcare providers.

For instance, a Fitbit for personal use is not bound by HIPAA, but a Fitbit integrated with a corporate wellness program and tied to a Covered Entity or a Business Associate would be bound by HIPAA. In this case, Fitbit should have a Business Associate Agreement in place for this application.

A business associate contract, or business associate agreement, is a written arrangement that specifies each party’s responsibilities when it comes to PHI.

The contract must describe permitted and required PHI uses for the business associate, and also state that the business associate “will not use or further disclose the protected health information other than as permitted or required by the contract or as required by law.”

Want to keep on top of all the HIPAA compliance requirements? See how this HIPAA compliance software – HIPAA Ready can help.

What Is a HIPAA Business Associate Agreement (BAA)?

HIPAA Compliance Management Application

Reduce Administrative Burden

See all the information in a centralized space

Keep your team updated with regular information

Try Free Trial Now

How useful was this post?

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Skip to content