Got a fitness tracker? If not, perhaps there is one coming to you soon, under the proverbial Christmas tree. According to Gartner, more than 130 million of these devices got shipped out in the past two years. I get why too. They’re amazing little gadgets. According to Fitbit, you can use their devices to count the steps you take, measure the distances you travel, track the calories you burn. You can measure how long you sleep, your sleep quality, your heart rate. Want to talk sex? You can measure that too (the fitness aspect and not the size). Add it all up, and you get a huge amount of useful medical information. Here’s the wake-up call: None of it’s private. It’s available to everyone and anyone through a public online search.
If you’re wearing your fitness tracker now, you might want to check to see if your heart rate is going up. Here’s the reality of life as a wearable device owner: There’s no doctor/patient privacy or patient privacy or any privacy for that matter. Monitoring your health and collecting data is like publishing your own medical autobiography online.
How is that even possible? It doesn’t make sense. These devices come with privacy statements. There are federal laws that protect our medical information. Why isn’t our government slamming down the hammer on this crime? The reason is because it’s not a crime. These fitness trackers get a free pass from federal regulation and privacy protection.
The Health Insurance Portability and Accountability Act, better known as HIPAA, made all these rules about protecting the privacy of our medical information. Medical companies, hospitals, and doctors have to jump over all these hurdles today to ensure they’re meeting strict security standards. That’s great. The problem is HIPAA was written in 1996, way before anyone was building fitness devices that store data on the Internet. As the Washington Post accurately pointed out, these devices don’t fall under the jurisdiction of HIPAA. That law only covers patient information kept by health providers, insurers, and data clearinghouses. Gadgets don’t make the cut.
Okay, but what about the Food and Drug Administration (FDA)? Surely its Federal Food, Drug, and Cosmetic (FD&C) Act, which devotes an entire chapter to drugs and devices, lays down the law. Nope. According to its general policy, neither it nor the Center for Devices and Radiological Health currently or plan to examine if these devices, categorized as low-risk general wellness products, comply with the FD&C Act and implementing regulations. The only way a device gets the once-over is if it pertains to a specific disease or medical condition.
So here’s what happens as a result. As far back as 2011, some owners of Fitbit exercise sensors noticed that their sexual activity details, such as duration and the effort involved was being publicly shared by default. I mean if you’re into that sort of thing, then go in peace. The majority of us however, would like to keep that information under the sheets. Sure, Fitbit closed a loophole in their data to prevent further sexual leakage, but the holes are really much bigger.
Here’s another issue. In certain cases, the government or legal institution could request your fitness tracker information and then use it against you in a court of law. That’s what happened to Chris Bucchere, a San Francisco cyclist who struck and killed an elderly pedestrian. Bucchere was charged with felony vehicular manslaughter, carrying a potential penalty of six years in prison. Prosecutors obtained his data from his GPS-enabled fitness tracker to show he’d been speeding before the accident. Bucchere’s self-monitoring became a piece of evidence against himself due to a lack of privacy. This is not to condone Bucchere — clearly he committed a crime — rather this just illustrates one example of surprising use cases for what you might think is harmless personal data.
Look, I am in no way indicting the technology itself. I think these fitness trackers are good for our individual health. They could even help in the big picture with diseases. The issue is that the technology has exceeded the law supposedly regulating it. Anyone can get information off of your device and it’s legal, unless you go through the steps of blocking it. That is wrong. Our government needs to update the law to protect our information drawn from these devices. Until such a time, I will admire products such as Fitbits from afar. Any closer and I could become an open book that I never wanted anyone to read.
In closing, as I mentioned, these neat little devices are hard to resist. Luckily, a good bike ride, swim, or workout 4-5 times a week, and an old-fashioned (not Web-connected) pedometer or heart monitor gives me all the data I need to stay fit. Have a great holiday and remember, New Year’s resolutions that include fitness goals just need one more thing to come true… action (not a Fitbit). Don’t look to be inspired first — instead, buckle down and take action first, get your workouts scheduled and follow through with them. The cool thing is that if you start with the discipline of scheduling and taking action, that great feeling of inspiration will surely come based on the results you are already achieving. And leave your Fitbit in the box.