WASHINGTON -- Smartwatches are expected to be some of the hottest gifts this holiday season. One in six Americans now wears one.
The wearables can do everything from monitoring your heart rate, to your blood pressure, the quality of your sleep, and even keep track of your weight and what you eat.
But there’s one thing your smartwatch and health app can’t track: What happens with all of the information your wearable collects about you?
It's a question U.S. Sen. Bill Cassidy, a Republican from Louisiana, is asking. Through a new bill, he's working to stop companies from selling or trading the information that's collected by smartwatches, health apps and other gadgets.
"People are beginning to realize that our medical data, which we thought was ours, is now being shared with many,” Cassidy said. “And we're not quite sure where it's being shared."
If passed, the legislation would direct Health and Human Services to create privacy rules for tech companies.
The Health Insurance Portability and Accountability Act, or HIPAA, protects medical information and how it is shared. But HIPAA became law before smartwatches were invented, so HIPAA doesn’t protect health data recorded on personal devices.
It’s something that many Americans don’t realize.
"That should not happen," Cassidy said. "When we hit accept on that privacy agreement, I'm not sure that's clear to anybody."
Cassidy pointed out that employers could get and then use health information when they decide to hire or even insure an employee. He said those are just two reasons he’s introducing the legislation.
If it becomes law, your health data recorded on your smartwatch would be protected just like a visit to your doctor is protected. It would also give the U.S. Department of Health and Human Services the power to enforce the protection.
The reason this is happening how is because Google announced it reached a deal to buy Fitbit. The company makes activity trackers and wearable technology. The deal would give Google access to any information collected by Fitbits.
Google argues the deal would improve patient care.
It's true, that in certain cases, wearables have improved patient care. They can motivate people to work out and exercise. There are also all kinds of reports and studies about things wearables have identified, like irregular heartbeats in a medical study.
Some health experts worry general, wide-ranging agreements to sale or trade personal health information outweigh those benefits. They say it could even violate health privacy laws. Others say the deals are perfectly legal.
Cassidy isn’t sold on the legality.
"It's not just me. A lot of folks in health IT after the Ascension/Google deal came out said, 'Yeah, it's within the letter of the law, but we need to update,'" Cassidy said.
Cassidy has the legislation he's proposing on his website, if you’d like to read more about it.
Until lawmakers decide how to handle the issue, we're working for you to make sure your data is as safe as possible.
Know what’s being collected
The first key when it comes to wearables and personal data is to know what kind of information your device or app collects. Some trackers only log the number of steps you take. Others are much more advanced. They can track things like specific heart rates and the quality of your sleep.
Basically, the "smarter" your device, the more sensors it will have. The more sensors, the more data it will collect.
Think about it. If your wearable collects and reports only the number of steps you take, without identifying your name, age or location, you may not be concerned.
But what if it collects information like your schedule, locations and routes your run, and then shares that information on social media? Or what if it’s your child being tracked with the smartwatch?
It may become a little more of an issue for you.
Know where the data is stored
Older devices may simply keep the information stored on the tracker. If you know where the tracker is, you know where your data is located.
But wearables keep evolving.
If you have the latest smartwatch, it’s likely sending your data to an app. Once the information hits the app, it is out of your hands. It may then be analyzed and possibly shared.
Read the agreement
Read what you’re agreeing to in the user agreement.
Yes, it’s long and yes, the print is tiny. But, you don’t know what the company plans to do with your information if you don’t take time to read the information.
Then make your decision. If you question something in the agreement, the wearable may not be the right one for you.
This is one of the easiest ways to keep your information secure. It does take an extra step and a little extra time, however.
When you log in, a code will be generated. That code will then be sent to your phone or email. When you enter the code, you will verify your identity.
The idea is that if someone gets a hold of your wearable, they won’t be able to get any information from it without a second device where the code is sent.