CSOonline reported that most IoT (Internet of Things) wearable companies that collection personal data “don’t carefully anonymize health-related data have effectively acquired what’s known as electronic Protected Health Information (ePHI), ‘which puts you squarely in the HIPAA world.’” The March 29, 2017 report entitled “10 security risks of wearables” included these 10 security risks, many of which include HIPAA concerns:
1. Wearable security is a legitimate concern
2. In the scheme of things, wearable security may not be a huge concern
3. It’s important to anonymize data
4. Segregate wearables on a different network
5. Do your due diligence
6. Educate users
7. Limit access to employee fitness and wellness data
8. Get a clear picture of everything connecting to the enterprise network
9. Require multi-factor authentication
10. Prepare for security and privacy risks, especially in the short-term
This should not come as any big surprise, what will IoT companies do deal with this HIPAA risk?