U.S. Senator and former state attorney general Amy Klobuchar publicly sent a letter to the department of Health and Human Services to urge guidance on the use of fitness trackers and other networked devices that capture personal data. Klobuchar’s request for guidance just weeks before the inauguration of a new administration likely signals an interest in pushing more aggressive regulations over the devices sold directly to consumers over health care.
Senator Klobuchar highlighted the Amazon Halo as an example of these highly aggressive devices. The Halo encourages users to take full-body pictures to measure the “body composition” of body fat and to record the wearer’s voice to provide a “voice analysis” for the user. Senator Klobuchar’s letter also reminded HHS over the concerns regarding Google’s purchase of Fitbit:
While new wearable fitness devices make it easier for people to monitor their own health, these devices give companies unprecedented access to personal and private data with limited oversight. The Halo enters the consumer market at a time where there are very few federal regulations in place to require privacy and security protections for consumer’s personal health data collected by these wearable fitness devices. This lack of federal guidance persists despite the fact that nearly one in five Americans use a smart watch or fitness tracker. Concerns over health data privacy became particularly relevant last year when Google bought Fitbit—a health tracking device company—and data privacy experts cautioned that current laws and regulations do little to hold Google and other companies accountable to adhere to basic privacy standards, notwithstanding these companies’ public claims that they safeguard users’ “privacy” and “security” and promises to never sell private health information to others. More must be done to ensure the privacy and security of health-related consumer devices.
Amazon acknowledges the privacy concerns. The FAQ explains that “speech samples are deleted automatically after being processed so no one ever hears them.” Although Halo provides privacy protections and user controls over the storage of the images and recordings, there are no regulations that would stop Amazon from amending those policies or deciding that the services need access to the devices for additional services.
Amazon has also released a Mickey Mouse edition Echo Wall Clock to extend the Echo/Alexa ecosystem into the baby’s room. Other devices from Fitbit, Apple, and others offer equally intrusive and unregulated products. Apple, for example, offers sleep monitors, posture trainers, scales, thermometers, glucose monitors, jump ropes, shoe inserts, and more. Soon every part of a person’s health care can be privately monitored.
Car insurance companies are now using collected devices to adjust automobile insurance policies. Without regulation, it is only a matter of time before insurance companies will do the same regarding health insurance.
In 2019, Klobuchar sponsored bipartisan legislation to give HHS regulatory authority over such devices in the Protecting Personal Health Data Act. The legislation called for regulations of personal health devices. Presently only the FTC has regulatory authority, and only to the extent that the devices violate the prohibition against unfair or deceptive acts or practices in or affecting commerce.