As Wearable Health Devices and Apps Increase, So Do Consumer Health Data Concerns

After a slow entrance on the health and well-being scene, Fitbits, smartwatches and other wearable devices that track consumer health data are starting to take off. One in six consumers say they use wearable devices to track their heart rates, sleep patterns, and activity levels. Consumer use of wearable technology is also more consistent and more engaged than in the past. Today, 73 percent say that they use their wearable devices consistently, which is higher than in past studies.

It’s also not just consumers who are using wearable technology to track their health. Physicians are also beginning to use wearable devices with their patients to help them track chronic medical conditions, such as monitoring a diabetic’s blood sugar levels.

However, the features that make mobile and wearable devices so enticing—the ability to collect and analyze consumer health data in real time—also raise serious concerns about health data and privacy protection. With the capacity to collect and use large amounts of personal data—especially sensitive health data—this new generation of digital tools brings with it a host of privacy, security, and other risks.

Many consumers think that federal laws, such as HIPAA, protect their health data. However, HIPAA applies only to medical facilities, insurance companies, pharmacies, and other so-called “covered entities.” There are many loopholes in the system that allow patient data to be used by companies and institutions outside of the healthcare system.

A study released by the Center for Digital Democracy and the School of Communication at American University found that Americans “face a growing loss of their most sensitive information” through health wearable devices. While the report noted that the consequences of hacks for noninvasive wearables such as fitness trackers or smartwatches are lower than other types of connected medical devices, a well-coordinated cyber-attack could still lead to patient health data being compromised, lost, or distorted. An example of this type of cyber attack is the recent hacking of the fitness tracking app Strava, which revealed the location of U.S. soldiers in war-torn areas of Syria and Iraq.

A more common concern, however, is the lack of privacy protections for consumer health data by non-healthcare companies. For example, Ovis, a fertility and pregnancy app, collects highly personal data from consumers, such as menstrual cycles or sexual activity, according to Health Affairs. Yet, while the data clearly meets the definition of individually identifiable health information, because no HIPAA-defined covered entities are involved in that data collection or management, the data is not legally considered protected health information.

And Ovis isn’t an outlier. Many apps focused on the health and wellness space collect end-user data and aren’t required to comply with HIPAA. A recent study published in BMJ found that 79 percent of health apps routinely shared user data, but were far from transparent about the practice.

Now, though, consumers are becoming more aware of and concerned about how their privacy is being affected by poor data privacy practices. In our own data privacy survey of more than 1,000 consumers on their relationship with brands, we found that 97% of all consumers are somewhat or very concerned about protecting their personal data. What’s more, 85% won’t forgive a company’s misuse of data, even if they previously trusted the brand. Consumer health data, being so personal, only makes misuses of data worse.

Rather than look at consumer concerns as an obstacle, companies should view it as an opportunity to build data privacy into their customer experience. Consumers continue to say they want personalized experiences and are willing to share their data for better personalization. Forty-three percent of consumers in our survey said they’d provide detailed data about themselves to a brand for a discount, and another 32% said they would share data for exclusive benefits.

Companies that build their experiences around consumer health data should prioritize building greater consumer trust. Studies show that investing in privacy around consumer data makes great financial sense. According to research by Edleman, 82% of US consumers say they will “continue to buy a brand they trust, even if another brand suddenly becomes hot and trendy.” They also will pay more and continue buying a product from a trusted brand even if competitor reviews are better.

This level of trust only comes with transparency into the ways data is being collected and used. As consumers come to realize the value of their data and the risks associated with handing over too much to untrustworthy companies, the way to allay consumer fears is by pulling back the curtain of data use. This happens when you inform consumers when—and more importantly—why data is being collected at the point of collection. Use human language, not legalese. Communicate how the data improves the customer’s experience. Explain how you’re taking steps to protect it: is data encrypted, stored only on the device, or kept from third-party vendors? Tell your consumers.

Of course, companies also need to be in control of their data from the point of collection forward. This is where many struggle.

Managing consumer health data to meet customer privacy expectations and a growing list of data privacy regulations aimed at helping to protect consumer personal data can be a challenge for many consumer healthcare companies. Luckily, there are technologies, such as a Customer Data Platform (CDP), that can help. In our CDP data study, more than 60% of companies saw CDPs as a critical piece of their compliance with future privacy regulations.

A secure and comprehensive CDP can help meet regulations like GDPR, CCPA, and HIPAA. It can also make it easier for companies to allow consumers to manage their data by giving them the ability to opt-in or out of sharing their data. But the biggest benefit is that a CDP for most companies is that it can enable critical important elements of data privacy compliance while still enabling the use of consumer data to personalize marketing communications and provide a better consumer experience.

Taking control of customer data through a CDP as part of a broader customer data strategy makes a lot of sense for consumer healthcare companies, whether or not they’re subject to HIPAA. See how a data-first CDP can form the cornerstone of a secure customer data supply chain today with a tailored demo!