You rely on your fitness tracker to count your steps, monitor your sleep, and keep tabs on your heart rate. This data feels personal—after all, it’s about your body. But here’s a critical question: when this highly sensitive health information leaves your wrist and enters the cloud, how secure is it, really?
The surprising answer for millions of users is: not very secure, at least not under the current law.
For decades, the bedrock of health data security in the U.S. has been the Health Insurance Portability and Accountability Act, better known as HIPAA. HIPAA is powerful, but its protections were designed for a time when health information was exchanged solely between a doctor, a hospital, or an insurance company—the traditional provider-patient interaction.
Today, that model is obsolete.
The Rise of Wellness Data and the Legal Blind Spot
With smartwatches, ring monitors, and a sprawling ecosystem of fitness and wellness applications, a vast amount of highly personal “wellness data” is being generated every second. This includes everything from your precise step count and vital statistics to how well you’re complying with a medical regimen.
Because the companies that create these devices and apps are generally not considered “covered entities” under HIPAA, the intimate data they collect—the data that charts your health journey—falls into a massive legal gray area. It can be collected, used, and potentially sold without the same rigorous privacy safeguards applied to a doctor’s chart.
This is the exact regulatory gap that lawmakers are now attempting to close.
A Legislative Effort to Restore Control
Recently, the Health Information Privacy Reform Act was introduced in the Senate, acknowledging the failure of existing law to keep up with modern consumer technology. The bill aims to update privacy and cybersecurity provisions to account for the massive popularity of wearables and health apps.
The core of the proposed legislation is a powerful step toward granting consumers control over their own digital bodies. It would require providers of this “digital technology that generates wellness data” to meet two crucial requirements:
- Transparency: Inform customers explicitly that their generated data is not currently covered by HIPAA’s established privacy protections.
- Opt-Out: Offer the individual an opportunity to opt out of the generation or collection of that wellness data.
This legislation is a critical step, finally mandating informed consent and opt-out options for step counts and vital stats. But this issue is a microcosm of a larger problem: the default state of the internet is surveillance. Whether it’s your heart rate monitor or the websites you visit, companies are often collecting and monetizing data that should be yours alone.
This is why we created Incognito Browser for Android, the best free privacy browser. Just as you should have the power to opt-out of sharing sensitive health data, you should have a reliable, no-cost way to browse the mobile web without trackers and history logs that monitor your every click. We believe protecting your personal information should be the default, not an afterthought.
What You Need to Know
The intention of this regulatory push is clear: Americans’ private health data must be secured and collected only with their consent. Fitness apps and wearables are helpful tools that empower users to manage their health, but they also present new privacy concerns that simply didn’t exist when healthcare was confined to an exam room.
The definition of “wellness data”—which includes things as mundane as step counts and as sensitive as medical regimen compliance—underscores how much information is currently flowing unregulated.
Whether or not this specific bill becomes law, the conversation highlights a fundamental truth: You must be vigilant about your entire digital footprint. Until federal regulations catch up with technological innovation, it remains imperative that users understand exactly what data is being collected from them, how it’s being used, and what options they have to stop it.
Take the time to examine the privacy settings on all your digital devices, and demand the transparency and control you deserve over all your personal information—health, browsing, and beyond.
