Ensuring data privacy while using wearable fitness devices


Many people manage their health and wellness without the help of a healthcare provider by using wearable technologies like smartwatches, fitness trackers, and medical devices like pulse oximeters.

These wearable smart devices, typically worn close to the skin, can track, analyze, and transmit personal data, including medical, biological, and exercise data. They can also carry out basic computing tasks and provide various services, such as continuous monitoring of vital signs, sleep monitoring, weight loss coaching, and fertility insights, through online apps that can be purchased or downloaded for free.

Daily physical activities, behaviors, and physiological and biochemical parameters can all be continuously monitored. Personal health-related data can be gathered at home, at work, and while participating in sports to track one’s health or to give a healthcare provider or care team more information.

Are wearables secure?

Wearables gather, send, and process user personal data, raising concerns about who has access to it all. To fully grasp the implications of data privacy, it is advisable to read the manufacturers and any supporting online app(s) privacy policies before using a wearable.

Some questions a privacy policy can answer include the following:

  1. Can my information be shared or sold without my knowledge or permission?
  2. Can I delete or block access to my data?
  3. Can I transfer my data elsewhere if I stop using the app/device?

It’s important to remember that when used for personal, self-health tracking, wearables, and any accompanying online apps are typically exempt from compliance with federal laws (like HIPAA) that protect your health information7. When a wearable is provided by your healthcare provider directly, and information is sent to their electronic health record system, HIPAA does apply.

The Trusted Connectivity Alliance states that several technical, logistical, and security requirements must be met by wearable technology. Wearable medical equipment should have security features and privacy protections to safeguard the data it collects, stores, and transmits. Manufacturers of devices should maximize user convenience and flexibility at the same time. Wearable technology should:

  • Have flexible and/or standalone connectivity, with standalone connectivity being a key consideration,
  • Protect the privacy of the sensitive, high-value user data they collate, store, and transmit,
  • Protect the integrity and accuracy of user data that is stored and transmitted,
  • Ensure the integrity and authenticity of the software/firmware through malware protection,
  • Ensure end-user convenience and flexibility by allowing them to manage mobile subscriptions across multiple devices, and
  • Provide ways to protect stored data in case the device is lost or stolen.

Tips to safeguard your data

  • To function or provide a service to you, wearables and online apps might collect or access unused data (e.g., does your nutrition app need access to your phone contacts?). You might want to check the settings on your device or app and disable unused permissions for your contact list, camera, storage, location, and microphone.
  • Sensitive information-containing push notifications from wearables and online apps may be sent to your phone turn on “Do Not Disturb” mode or disable notifications to reduce the chance that other people will see these notifications.
  • Remove unnecessary data from wearables before resetting them to factory settings, disconnect them from synced accounts and devices (like your smartphone) if you plan to give them away or sell them.
  • Lock devices with a passcode, including smartwatches, smartphones, and other gadgets.
  • Install mobile security software to protect a smartphone from viruses and malware, just like you would for a workstation, to make it harder for thieves to access information if a device is lost or stolen.
  • Exercise caution when downloading apps. Avoid using third-party apps, advise consumers (e.g., apps not purchased through a trusted or managed application distribution store). Viruses, worms, and other harmful software can be found in apps. App users should be cautious of those that request unneeded “permissions”
  • Verify the privacy settings on any apps that collect personal data and limit the shared information. Consumers should also restrict app-to-app sharing.
  • Limit location permissions.
  • Use caution when signing into apps using social network accounts.
  • Keep the software and firmware on your phone, mobile apps, and wearable medical technology updated.
  • Prevent storing private data on your mobile device, such as passwords or social security numbers.
  • Watch out for “shoulder surfers” and other forms of social engineering. Observation is a typical method of information theft. Customers should exercise caution when entering sensitive information and in general.
  • Use specialized software or the method recommended by the manufacturer to wipe your mobile device before donating, selling, or trading it.
  • Enable settings that deter theft. If a mobile device is lost or stolen, some features allow the user to remotely wipe the device.
  • Watch out for mobile phishing. Avoid clicking on links and attachments in emails and texts, especially from unknown senders use public Wi-Fi connections with caution.
  • Enable data encryption (data-at-rest protection) and use two-factor authentication or security keys to access network services and applications. Public Wi-Fi access points might not promote appropriate security measures, and using public Wi-Fi access points might expose sensitive data.