Wearable health data: Who owns it and what you sacrifice for convenience
Your smartwatch's health data isn't protected by HIPAA—here's what that means.
ZDNET reports that over 560 million people now own smartwatches, but the U.S. lacks federal regulations around consumer health data from wearables. HIPAA does not cover data collected by wearables because they are not considered covered entities like healthcare providers. With over 20 states passing comprehensive privacy laws that vary, consumers must rely on complex terms of service. A 2025 analysis in npj Digital Medicine evaluated the privacy policies of 17 leading wearable manufacturers and found Google, Apple, and Polar had the lowest risk scores (strongest privacy protections), while companies can still sell data to third parties or suffer breaches.
- HIPAA does not cover health data collected by wearables like smartwatches or rings—only healthcare providers are covered.
- Over 560 million people own smartwatches globally, yet the U.S. lacks a federal privacy law for consumer health data.
- A 2025 study in npj Digital Medicine rated 17 wearable makers; Google, Apple, and Polar had the lowest privacy risk scores but no device is fully secure.
Why It Matters
Your health data is worth billions—without federal rules, you bear the burden of protecting it.