Consumers are more tech-savvy and results-oriented than ever before, so perhaps it’s no surprise that wearables rank among the hottest forecasted fitness trends for 2017.

Yet a new American University study warns against the devices’ potentially unprecedented privacy risks.

In a report published Dec. 15, researchers with American University and the Center for Digital Democracy cited a lack of regulatory systems as the primary reason for why consumers’ personal health data could be compromised or potentially exploited by pharmaceutical companies.

Wearable technology has far exceeded simple heart-rate monitoring, with many devices now tracking sleep patterns, calorie intake and stress levels with the help of advanced biosensors. In the report, researchers note the lack of "adequate safeguards" between this data and the hyper-targeted mobile marketing efforts of "point-of-care" media companies who, together with some pharmacy chains, “have expanded their use of digital marketing techniques to reach and engage customers and to tap into new sources of data.”

The report highlights several such examples, including Walgreens’ Balance Rewards program from which customers earn perks when they purchase prescriptions. Additionally, Walgreens has partnered with major wearables players such as Fitbit, Jawbone, Runkeeper and Google Fit so as to reward customers when they “track their healthy habits,” including walking, weight management and regular blood pressure monitoring.

Wearables and mobile apps are increasingly responsible for generating and storing an individual’s health profile data, Indiana University law professor Nicolas Terry said in the report. However, these very devices blatantly fall outside the scope of the Health Insurance Portability and Accountability Act of 1996, which was, in part, intended to protect the confidentiality of healthcare information.

This directly conflicts with the United States’ general consensus concerning “health privacy exceptionalism," the report states, or the belief that health-related information deserves greater privacy protection.

“In short, big data can produce basically unprotected patient-level data that will serve as an effective proxy for HIPAA-protected data,” Terry said.

The Center for Digital Democracy summarized three of the report’s proposed solutions for how government and various institutions can ensure greater privacy protection:

  • Clear, enforceable standards for both the collection and use of information; 
  • Formal processes for assessing the benefits and risks of data use; and 
  • Stronger regulation of direct-to-consumer marketing by pharmaceutical companies.