Is your Fitbit data covered by HIPAA? It depends upon where you got it (kind of). If you go to the store and pick up a Fitbit on your own, the data it generates is governed by the user agreement that you click through (which I’m sure everyone read carefully). If your health plan or employer, through its self-funded health plan, provided you with the fitbit and will receive the data from the device, then it’s subject to HIPAA.
I said “kind of” earlier because you could technically buy your own device and then share the data with the health plan, which would trigger HIPAA compliance. For a number of years, Fitbit avoided HIPAA compliance by not engaging in data sharing with health plans or healthcare providers. In a turn of events this week, Fitbit announced it will enter into HIPAA business associate agreements with covered entity health plans and self-insured employers that will offer Fitbit’s wellness platform to employees and insured individuals.
Read more on JDSupra.