Wearables and mail-in lab tests put personal health data at risk
Jacqueline Stokes, a cybersecurity consultant, experimented with an over-the-counter genetic test, mailing samples to a lab. The Washington Post reports that when she went online to access test results, she realized that by tweaking the URL she could also read the results for thousands of other people. The Post reports there’s nothing officials can do about such breaches, because HIPAA only applies to health providers, insurers, and data clearinghouses and their partners. At-home genetics test results and data from wearables like Fitbit fall outside HIPAA’s purview (see “Your wearables might testify against you in a court of law”).
The Post reports that police used an AncestryDNA online genealogy database to look for possible murder suspects, finding a “very good match” that proved to be a false positive. Nevertheless the case “spooked genealogy aficionados,” and AncestryDNA pulled the database.
The Post quotes Erin Murphy, a professor at New York University School of Law, as saying, “When you publicly make available your genetic information, you essentially are signing a waiver to your past and future medical records.”
The Post also cites the hypothetical example of a woman who wears a fetal monitor under her clothes that talks to her cellphone. The data itself may be encrypted, but the presence of the fetal monitor itself my alert bystanders that the woman is pregnant and concerned about fetal health—information the woman may not care to share with strangers.
The Post article, by Charles Ornstein at ProPublica, comments on not-too-promising efforts to legally protect sensitive data that falls outside of HIPAA. Read the complete article here.