What Do Self-Driving Cars and Your Heart Monitor Have in Common? The Same Questions About Cybersecurity.
Arent Fox partner Sarah Bruno recently published a very interesting alert on new privacy and cybersecurity challenges facing the automotive industry in the age of autonomous vehicles, syncing software, and wearable devices that interact with your vehicle. What does this have to do with the health care industry, you ask? Both the automotive industry and the health care industry are among the largest in the United States. And both industries are the focus of rapid technology development that raise similar, complicated questions about data privacy and security, especially as those technologies increasingly interact with each other.
For example, one company may be providing you a wearable, and another will be the manufacturer of the vehicle that syncs with it, and a third may be using the data to provide you with coupons for stores that are in close proximity to your car. The same wearable may also sync with your personal health record, which likewise interfaces with your heart monitor and your electronic medical record from the hospital. And so on.
As technologies in all facets of your life become more and more interconnected, complicated issues arise about data collection and sharing, and especially cybersecurity. Health information you have downloaded or synced to the wearable may not be protected by HIPAA (unless the wearable company is a covered entity or business associate), so the HIPAA restrictions on the sale and sharing of your health information for marketing purposes will not apply (although the company will still have to consider other obligations for notice, choice and consent, as applicable).
Even more worrisome, in our blog post last year we highlighted the susceptibility of medical devices to hacking. With the possible interconnection of healthcare technology with other technologies – like automotive technology – the hacking of one device could yield a wealth of information to the Bad Guys. For example, if the wearable we describe above gets hacked, the Bad Guys not only might know that you just got a new prescription for high cholesterol, they also may learn that you still drive to the donut shop every Saturday morning! Because hospitals and other health care providers are a common gateway for hackers, they will need to be more vigilant than ever, as their technology could open the door to the appropriation of other data.
As these technologies develop, unanswered privacy and security questions will push US regulators to revisit the breadth and depth of our current privacy and data security laws. Arent Fox’s Health Care group and Cybersecurity & Data Protection group will continue to monitor developments in health care technology and their potential impact on the industry. If you have any questions or need assistance on the topic covered here, please contact Sarah Bruno or Jade Kelly in our San Francisco office, Tom Jeffry in our Los Angeles office, Samuel Cohen in our Washington, DC office, or the Arent Fox professional who normally handles your matters.