A January 2015 report by the Federal Trade Commission (FTC) about the Internet of Things, which is an object’s ability to connect to the Internet for the purpose of sending and receiving data, highlights the need for updated HIPAA standards.
The report is based on the November 2013 FTC workshop, “The Internet of Things: Privacy and Security in a Connected World,” which was not initially geared toward healthcare. The report focused on security, notice, choice, and data minimization.
The report stated that general privacy legislation should focus on protecting customers’ data. During the workshop, participants pointed out that HIPAA is limited to protecting health information collected by certain covered entities. However, health applications increasingly gather data that is often unprotected by HIPAA. The FTC believes consumers should be aware of how their health information is used regardless of who collects it. The report calls for consistent standards that provide transparency about the use of protect health information regardless of who collects it.