Earlier this year, NFL quarterback Aaron Rodgers told a group of reporters that he could not discuss his vaccination status with them because the Health Insurance Portability and Accountability Act (HIPAA) prevented him from discussing his health information with others. Although Rogers is one of the most accurate passers in the NFL, his understanding of the laws in place to protect health information was not very accurate.

Like many Americans, Aaron Rodgers was confused about how HIPAA protects health information. The HIPAA Privacy Rule protects your patient information when you share it with a covered entity. Covered entities include physicians, hospitals, pharmacies, insurance companies, etc. HIPAA does not prevent others from asking for health information.

Although the example above involves personal health information, the same scenario applies to banking information, school records (regulated by the Family Educational Rights and Privacy Act), or any other personal identifiable information that can be used by a criminal. In fact, we often share our information with organizations, groups, and individuals with no legal obligation to protect it or keep it private.

One of the most common ways that we share our information is by adding apps to our mobile and Internet of Things (IoT) devices. While helpful, many apps are designed to gather your data. For example, a 2020 study found that 88% of health apps on the Google Play store were designed to harvest user information. So, what can you do? First, review the privacy policies for every app you install to see what the developer is doing to protect your information. Second, be wary of anything that is free. If an app is free, that probably means you are the product, and your information is being collected and shared/sold.

Data Privacy Week (January 24-28, 2022) is an excellent time to inventory who has access to your information. Review the apps on your mobile and IoT devices to see which ones are collecting your information. Health apps usually collect information that includes heart rate, activity, weight, blood pressure, pregnancy, mental health/mood, menstrual cycle, and medications. Other apps may gather your full name, date of birth, physical location, email address, and much more.

You may not have concerns about sharing  your data in exchange for a free app, or you may decide not to share certain types of data to protect the privacy of your personal information. Reviewing the data you share puts you in control.

Marcelo dos Santos, data security analyst for the Governance, Risk & Compliance team in the Information Security Office, contributed to this article.

More information

Data Privacy Week (January 24-28, 2022) helps spread awareness about online privacy and educates citizens on how to manage their personal information and keep it secure. Data Privacy Week also encourages businesses to respect data and be more transparent about how they collect and use customer data.

For more information about Data Privacy Week, visit Stay Safe Online. While you’re there, consider learning how to manage your privacy settings.

Learn more about the University of Utah's privacy statement and the University of Utah Health’s patient privacy practices. You can also read more in this Node 4 article about how the U protects your privacy and personal data.

 

Node 4 Search