A blog for doctors in the US has highlighted the potential data security risks to the medical profession, as more and more wearable health devices become commonplace.

In the eye health field, innovations include devices such as continuous intraocular pressure (IOP) monitoring contact lenses. The blog, Physician Sense, published by MDLinx, pointed out that when wearable devices gathered data, it had to be stored in accordance with data security regulations.

Last year fitness and nutrition tracking app MyFitnessPal was breached, exposing names, e-mail addresses and passwords of 150 million users. The same year, fitness app Strava revealed the locations of US military personnel on secret bases, MDLinx said, adding the black market value of data makes wearable devices prime targets.

American healthcare legal expert Linda Malek told MDLinx doctors who have partnered with wearable companies are responsible for protecting the privacy of patient data.

“If the physician is the one who recommends the wearable to the patient, or is facilitating or interfacing with the wearable company, and is accessing the health data generated by the wearable, there is a HIPAA (US Health Insurance Portability and Accountability Act) implication,” she says.

The legal implications differ when a patient is independently choosing to give data from their wearable to a doctor. “Here, the HIPAA implication may be different because the patient is offering her own health data to her doctor, presumably to assist in her treatment,” Malek says.

She recommends getting written authorisation for digital information exchange, and abiding by local regulations. Doctors should also consult with their own attorneys before prescribing, or selling, wearables, or saving information in practice databases taken from wearable devices, she told MDLinx.