Now even the fitness tracker you wear on your wrist is compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Fitbit’s Corporate Wellness team is one of the fastest growing sectors of the company, and Fitbit voluntarily took this “proactive step” to implement a HIPAA compliance program so that it could broaden the company’s ability to work with all different types of employers who seek to implement wellness programs in the workplace.
While Fitbit Wellness does not currently receive protected health information (PHI) as defined and regulated under HIPAA, Fitbit underwent a third-party audit for HIPAA compliance, and will now be able to sign HIPAA Business Associate Agreements with covered entities, including self-insured employers, health plans, and corporate wellness organizations. Fitbit Wellness Vice President and General Manager, Amy Donough, said, “HIPAA compliance is very specific to how data is being used, and specifically around PHI and health information. That’s not the data we share or create today, but it will become important as we continue to grow.”
Additionally, Fitbit Wellness obtains employee permission to share Fitbit data such as steps and active minutes with their employers prior to any disclosure.
One of the largest employers that will be working with Fitbit Wellness is Target Corp., which will offer Fitbits to its 335,000 employees across the country to encourage health and wellness and host fitness competitions among its employees. While it is a bit comforting to know that Fitbit finally recognizes the sensitivity of the information it collects (even if it isn’t PHI quite yet), we continue to watch the wearable device market for its privacy and security practices as more and more data is collected and disclosed.