Fitbit Privacy or Lack Thereof – Exposing Sexual Activity of Its Users

Well, privacy rears its ugly head in healthcare again. I don’t want to treat a person’s privacy lightly, but I must admit that I kind of had to laugh at the breach I’m about to tell you about. I think you’ll see why.

I first read about this privacy breach on this Techcrunch article (They originally found it on nextWeb). Here’s a quote from the Techcrunch article:

Yikes. Users of fitness and calorie tracker Fitbit may need to be more careful when creating a profile on the site. The sexual activity of many of the users of the company’s tracker and online platform can be found in Google Search results, meaning that these users’ profiles are public and searchable.

I’ve been a big fan of Fitbit and other devices like that which are trying to track a person’s health and fitness. I think there’s a real market for these devices, but this is a pretty ugly misstep for Fitbit. Although, a search for sexual activity and FitBit isn’t returning results any more. Here’s the Fitbit blog post which details the steps they’ve taken to secure their users profiles. Seems like a reasonable and a smart response to the privacy issue.

Before I go any farther, we should be clear that this isn’t a HIPAA violation. The patient put their information online and agreed to have that information out there. We could argue how much they really agreed to have their profile public, but I’m quite sure that Fitbit would be fine in a HIPAA lawsuit. However, that doesn’t mean they’re not taking the hit for poor decisions.

What can future healthcare app and device companies learn from the Privacy issues at Fitbit?

1. Default healthcare profiles to private. Allow the user to opt in to make it public. Some might want it public, but no company should assume it should be public. This isn’t Facebook.

2. Consider more granular privacy controls. I may want part of my profile public, but part private (ie. sexual activity in a fitness application).

3. Be aware of what you allow search engines to index. There’s a whole category of hackers called Google Hackers. They use Google to find sensitive information like the story above. It’s amazing the power of Google hacking.

Some suggestions to e-patients that put their health data online:

1. Be careful about what information you’re putting online.

2. Check out where the information you put online will be available. Is it private? Is it public? Is it partially public? Can search engines see it?

There’s little doubt that more and more healthcare information is going to be put online by patients. We’re going to see more and more privacy issues like the one mentioned above. This incident will do little to deter this trend. However, hopefully it can serve as a learning experience for Fitbit and other healthcare companies that are entering this new world of online health information.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

2 Comments

  • People have way too much faith in the internet.

    Are you telling me that in order to count every calorie burned, people are inputting their sexual activity?

    I wonder if they also use a stop watch with a lap counter to be extra specific.

  • People’s faith in the internet is just growing. Indeed that’s exactly what they’ve done on the FitBit website and was exposed in their public profile.

    They don’t use a stop watch and lap counter, because the FitBit device actually times all of that stuff for them and uploads it to the website for them. Much faster to get your health data online.

Click here to post a comment
   

Categories