Wearable technology is a term that includes smart glasses, optical head-mounted displays and other devices that can be worn and include computer and advanced electronic technologies, such as cameras, recorders or transmitters that may synchronize with other applications. These devices can provide access to the internet, stream live audio and video, take photos and/or record video, and track location. Wearable technology is considered a mobile device because of its portability. Other examples of mobile devices include laptops, Android, Windows or Apple devices and USB flash drives. Wearable technology is subject to the same laws, regulations and policies applicable to all other types of mobile devices and confidential information as described below. This document provides guidance about the use of wearable technology for clinical care, research, teaching or education and communication.
Protecting confidential information is fundamental to UW Medicine’s mission. All University of Washington (UW) workforce members, including faculty, staff, trainees, volunteers and others who perform work for UW Medicine are personally responsible for ensuring the privacy and security of all patient data, student information, research data, and any other confidential, restricted or proprietary information to which they are given access. Confidential information includes protected health information (PHI) and personally identifiable information (PII). Do not use a mobile device to access, store or transmit PHI or PII unless the device has encryption software enabled and is password protected. If you use wearable technology to access, store, use or send PHI or PII for any purpose, the data must be encrypted in transmission and while it is at rest (i.e. saved/stored).
Current versions of smart glasses do not provide for encrypted transmission, storage or back-up and should not be used for those activities, unless they are used with an encryption product, such as Pristine EyeSight that enables smart glasses and other forms of wearable technology to be Health Insurance Portability and Accountability Act (HIPAA) compliant. UW Medicine Information Technology Services (ITS) provides guidance on mobile device encryption.
Confidential information may be stored on a UW Medicine-approved cloud application such as UW OneDrive for Business or other platforms that meet security requirements. UW Medicine ITS provides guidance regarding information security in the cloud.
Recording by UW Medicine healthcare professionals for clinical purposes only:
If you intend to record an encounter or procedure for treatment purposes only, you must use wearable technology that incorporates technology that makes the smart glasses or other form of wearable technology HIPAA compliant. You may seek guidance from UW Medicine Compliance on whether the technology is HIPAA compliant. In addition:
- Inform the patient and others present at the onset of the encounter (since the actual recording may not be apparent). Limit your recording to the operation, procedure or wound itself. You do not need to obtain separate consent to record clinical encounters. Recording or imaging for clinical use is included in the Care Agreement form and procedure images and recordings are considered part of treatment (for example, a colonoscopy) and do not require separate consent;
- Coordinate with health information management to ensure compliant maintenance, storage and access of these records; and
- If you cannot avoid including identifiable images of UW Medicine staff, inform them of the filming or recording. If staff express concern about being recorded, make a reasonable effort to accommodate their concerns.
Using recordings for clinical training and educational purposes within UW Medicine:
You may also use smart glasses or similar wearable technology that is HIPAA compliant for medical education or training purposes in the clinical setting within UW Medicine. In addition to the requirements listed above, the PHI must remain within UW Medicine and can only be shared with UW Medicine trainees. Only the minimum amount of PHI necessary to conduct the training may be used. If the identifying information is not necessary to the training, the patient’s name, medical record number, dates and any other information that could lead to the identification of the patient should be removed. For example, in a Grand Rounds presentation about a patient’s tumor, only include information relevant to the case.
Recording by patients or their family and guests:
Patients and their family members or guests may not photograph, film or record other patients or staff without permission. UW Medicine personnel have the right to refuse to be photographed or recorded by patients or their family and guests. The recording cannot interfere with patient care and a staff member may ask that the recording be stopped at any time. A clinic or inpatient treatment site may prohibit the recording of active interventions by patients or their family and guests.
102.G1 Use and Disclosure of PHI in Patient Audio/Video Recordings, Photographs, & Digital Images, also contains cross references to UW Medicine Patient Information Security Policies, Standards and Guidance and other applicable policies. Please review all of these references prior to using any wearable technology.
Other applicable policies, laws and resources:
- UW Medicine Compliance Policy COMP.002 Compliance Education and Outreach
- UW Medicine Compliance Policy COMP.102 Safeguarding the Privacy and Security of Protected Health Information
- UW Medicine Patient Information Security Policies
- Harborview Medical Center (HMC) APOP Photography, Media, Legal Filming and Reporting 30.2
- HMC Operating Room (OR) Photography Policy
- Valley Medical Center (VMC) IT Policy 2.2.7 Mobile Devices
- VMC Patient Photography, Videotaping & Other Imagery Policy
- VMC Policy 2.7.2 Externally Hosted (Cloud Based) Services
- UW Medical Center APOP Guidelines for Audio/Visual Recording by Patient/Family
- Revised Code of Washington 9.73.030 Intercepting, Recording or Divulging Private Communication – Consent Required – Exceptions
- It is unlawful to record a private conversation without first obtaining the consent of all the persons engaged in the conversation.
- UW Office of the Chief Information Security Officer Training Module – Mobile Devices and University Data
Education, training and external speaking engagements:
If you are using HIPAA compliant wearable technology to record a clinical procedure and it contains identifiable patient information (patient’s face, name or other identifying features) to be used for any of the following, you must first obtain the patient’s written authorization to record, use and disclose the information:
- Use for any purpose outside of UW Medicine, including teaching or education, professional presentation or publication.
- Use for any purpose within UW Medicine outside the immediate clinical setting, such as classroom teaching or research (see section on research below).
This patient authorization is different from the consent in the Care Agreement and must be separately obtained using the UH0324 Authorization to Use or Disclose Photography/Video Tape Form or an equivalent form. You should disclose only the minimum amount of information necessary and remove any identifying information that is not necessary or relevant.
There are additional requirements to keep in mind when participating in wearable technology education and training activities or speaking engagements:
- Presenting a guest lecture, delivering a paper or participating in an educational program for a non-profit professional association or society, or another college or university, is considered University and/or community service. This is not considered outside work and prior approval is not required unless the activity requires time away from the University.
- In accordance with the University’s outside professional work policy, approval for travel away from the University should be sought from the appropriate supervisor. If you are speaking or presenting at a meeting that is sponsored by any other type of organization or entity, such as a commercial entity or trade organization, you must follow the applicable outside work policies: faculty or academic personnel andprofessional or classified staff. These policies require approval in advance. Additionally, School of Medicine (SoM) faculty must submit an annual report of their outside activities. For more information, please see SoM Outside Work. SoM faculty must also comply with the Policy on Potential Financial Conflicts of Interest for Commercial and Non-Profit Entities which prohibits faculty from endorsing, providing a testimonial or participating in marketing for a manufacturer. Helpful guidance on these subjects can also be found in the UW Medicine Compliance FAQs.
- If asked to speak publicly about your use of wearable technology in the context of clinical care at UW Medicine, or you are being interviewed, or know that an article will be written about you, consult and coordinate with UW Medicine Strategic Marketing & Communications at 206.543.3620.
Please be aware that using and/or recording with smart glasses or other wearable technology could be considered human subjects research that requires IRB approval. The UW Human Subjects Division (HSD) can help you determine whether you may be engaging in human subjects research. If your recording is for research purposes, or you are testing wearable technology and related software applications, and patients or others are involved, all policies applicable to human subjects research must be followed, including obtaining IRB review and approval in advance. Also, when identifiable information about individuals is incidentally captured, such as photos, these individuals could be considered “human subjects” even if they are not the focus of the test. If you think your use may fall within the definition of human subjects research, or if you have questions, please visit the UW HSD website or contact them by email at firstname.lastname@example.org.
Other applicable policies:
- COMP.103 Use and Disclosure of Protected Health Information .
- U.S. Food and Drug Administration (FDA) Regulations: Wearable technologies may not in and of themselves be regulated by the FDA at this time, such as those that merely collect or transmit data. However, applications or apps (software programs that run on smartphones or other mobile communication devices) intended to diagnose, monitor, treat or alleviate disease are regulated by the FDA as a medical device. Check with the UW HSD to obtain guidance as to whether a planned use of a mobile application is governed by FDA regulations, and (separately) whether or not it is necessary to obtain an Investigational Device Exemption from the FDA.
Product evaluation or testing:
If asked to participate in an evaluation of technology or offered a “free” or discounted device or software for your use or testing, please contact UW Medicine Compliance at email@example.com or 206.543.3098. Product evaluations may require review under various federal and state laws and organizational policies based on the circumstances. These include the federal Anti-Kickback Statute, Washington State Anti-Rebate Statute, Washington State ethics law, SoM Conflict of Interest Policy (for faculty), UW outside work policies, human subjects regulations and/or purchasing policies. See above section on research regarding testing of a mobile medical application.
There may be occasions when photos and other recordings from wearable technology are posted to social media sites such as Facebook, LinkedIn, Twitter, Google+ and Instagram or others. You may not disclose any PHI on social media, whether it is a UW Medicine site or a personal site without proper authorization from the patient. The confidentiality of patient information must be maintained.
Additionally, unless you are serving as an approved, official spokesperson for UW Medicine, online communications are your personal opinions and do not reflect the opinion of UW Medicine or its affiliated entities. If you acknowledge your UW Medicine affiliation or are otherwise known or presumed to be affiliated with UW Medicine, you must include a disclaimer in your online communications indicating that you are not speaking officially on behalf of the organization. Examples of disclaimer language include:
- “The postings on this site are my own and do not represent the positions, strategies or opinions of my employer (or the UW and UW Medicine)”; or
- “This is a personal website, produced on my own time and solely reflects my personal opinions. Statements on this site do not represent the views or policies of my employer, past or present, or any other organization with which I may be affiliated. All content is copyrighted.”
For additional information and guidelines regarding use of wearable technology with social media, please see the COMP.303 Social Media Networking Policy and Guidelines.
Other applicable policies:
- Northwest Hospital & Medical Center Social Networking Policy and Guidelines
- VMC Social Networking Policy and Guidelines
- VMC Use of E-mail and Electronic Communications
- UW Neighborhood Clinics Policy Hrpol043 Email, Internet and Information Technology
- Airlift Northwest (ALNW) Policy 1211 HIPAA Internet Access and Use
- ALNW Policy 5000 Electronic Communications
- Family Educational Rights and Privacy Act for Faculty and Staff