Introduction:
Wearable technology is a term that includes smart glasses, optical head-mounted displays and other devices that can be worn and include computer and advanced electronic technologies, such as cameras, recorders or transmitters that may synchronize with other applications. These devices can provide access to the internet, stream live audio and video, take photos and/or record video, and track location. Wearable technology is considered a mobile device because of its portability. Other examples of mobile devices include laptops, Android, Windows or Apple devices and USB flash drives. Wearable technology is subject to the same laws, regulations and policies applicable to all other types of mobile devices and confidential information as described below. This document provides guidance about the use of wearable technology for clinical care, research, teaching or education and communication.
Confidential information:
Protecting confidential information is fundamental to UW Medicine’s mission. All University of Washington (UW) workforce members, including faculty, staff, trainees, volunteers and others who perform work for UW Medicine are personally responsible for ensuring the privacy and security of all patient data, student information, research data, and any other confidential, restricted or proprietary information to which they are given access.
Confidential information includes protected health information (PHI) and personally identifiable information (PII). Mobile devices, including smart glasses, may only be used to access, store or transmit PHI or PII if the device has encryption software enabled and it is password protected. If you use wearable technology to access, store, use or send PHI or PII for any purpose, the data must be encrypted in transmission and while it is at rest (i.e., saved/stored). UW Medicine Information Technology Services (ITS) provides guidance on mobile device encryption.
Confidential information may be stored on a UW Medicine-approved cloud application such as UW OneDrive for Business or other platforms that meet security requirements. Additional security controls may be required for the storage of ePHI in these platforms. UW Medicine ITS provides guidance regarding information security in the cloud and standards for cloud computing services.
See UW Medicine Compliance’s Patient Information Privacy Policies for additional information regarding the privacy and security of PHI.
Recording by UW Medicine healthcare professionals for clinical purposes only:
If you intend to record an encounter or procedure for treatment purposes only, you must use wearable technology that incorporates technology that makes the smart glasses or other form of technology HIPAA compliant. You may seek guidance from UW Medicine Compliance on whether the technology is HIPAA compliant. In addition:
- Inform the patient and others present at the onset of the encounter (since the actual recording may not be apparent). Limit your recording to the operation, procedure or wound itself. You do not need to obtain separate consent to record clinical encounters.
Recording or imaging for clinical use is included in the Care Agreement form and procedure images and recordings are considered part of treatment (for example, a colonoscopy) and do not require separate consent;
- Coordinate with health information management to ensure compliant maintenance, storage and access of these records; and
- If you cannot avoid including identifiable images of UW Medicine staff, inform them of the filming or recording. If staff express concern about being recorded, make a reasonable effort to accommodate their concerns.
See 102.G1 Digital Images and Audiovisual Recording in the UW Medicine Clinical Setting.
Using recordings for clinical training and educational purposes within UW Medicine:
You may also use smart glasses or similar wearable technology that is HIPAA compliant for medical education or training purposes in UW Medicine clinical entities where direct patient care is provided. In addition to the requirements listed above, the PHI must remain within UW Medicine and can only be shared with UW Medicine trainees. Only the minimum amount of PHI necessary to conduct the training may be used. If the identifying information is not necessary to the training, the patient’s name, medical record number, dates and any other information that could lead to the identification of the patient should be removed. For example, in a Grand Rounds presentation about a patient’s tumor, only include information relevant to the case.
Recording by patients or their family and guests:
Recording by patients and their family members or guests is governed by entity-based administrative policies and procedures and are intended to protect the privacy of both patients and staff. UW Medicine personnel may only be photographed or recorded with their permission and they have the right to refuse to be photographed or recorded by patients or their family and guests. The recording should not interfere with patient care and a staff member may ask that the recording be stopped at any time. A clinic or inpatient treatment site may prohibit the recording of active interventions by patients or their family and guests.
Applicable policies, laws and resources
- UW Medicine Patient Information Privacy and Security Policies
- HMC Operating Room (OR) Photography Policy
- Valley Medical Center (VMC) IT Policy 2.2.7 Mobile Device Use
- VMC Policy 2.2.11 Clinical Mobile Photography
- VMC Policy 2.7.2 Externally Hosted Services and Cloud-Based Systems
- UW Medical Center APOP Guidelines for Audio/Visual Recording by Patient/Family
- Revised Code of Washington 9.73.030 Intercepting, Recording or Divulging Private Communication – Consent Required – Exceptions
- It is unlawful to record a private conversation without first obtaining the consent of all the persons engaged in the conversation.
- UW Office of the Chief Information Security Officer Training Module – Mobile Devices and University Data
Education, training and external speaking engagements:
If you are using HIPAA compliant wearable technology to record a clinical procedure and it contains identifiable patient information (patient’s face, name or other identifying features) to be used for any of the following, you must first obtain the patient’s written authorization to record, use and disclose the information:
- Use for any purpose outside of UW Medicine, including teaching or education, professional presentation or publication.
- Use for any purpose within UW Medicine outside the immediate clinical setting, such as classroom teaching or research (see section on research below).
This patient authorization is different from the consent in the Care Agreement and must be separately obtained using the UH0324 Authorization to Use or Disclose Photography/Video Tape Form or an equivalent form. You should disclose only information expressly permitted by the authorization form and remove any identifying information that is not necessary or relevant to achieve the purpose of the disclosure.
There are additional requirements to keep in mind when participating in wearable technology education and training activities or speaking engagements:
- Some activities, such as presenting a guest lecture, delivering a paper or participating in an educational program for a non-profit professional association or society, or another college or university, are considered University and/or community service. These are not considered outside work and prior approval is not required unless the activity requires time away from the University. See UW Executive Order No. 57 for additional information.
- In accordance with the UW Outside Professional Work policy (which applies to faculty, librarians and other academic personnel), approval for travel away from the University should be sought from the appropriate supervisor. If you are speaking or presenting at a meeting that is sponsored by any other type of organization or entity, such as a commercial entity or trade organization, you must follow the applicable outside work policies: faculty or academic personnel and professional or classified staff. These policies require review and approval in advance of engaging in any outside work activities. UW School of Medicine (SoM) faculty must also comply with the Policy on Potential Financial Conflicts of Interest for Commercial and Non-Profit Entities which prohibits faculty from endorsing or appearing to endorse a company or its products or services, including by providing a testimonial or engaging in other activities that may be used for a company’s promotional, sales or marketing purposes. Helpful guidance on these subjects can also be found in the UW Medicine Compliance FAQs.
- If asked to speak publicly about your use of wearable technology in the context of clinical care at UW Medicine, or you are being interviewed, or know that an article will be written about you, consult and coordinate with UW Medicine Strategic Marketing & Communications at mediarelations@uw.edu or 206.543.3620.
- If your use of wearable technology includes audio recording and will occur in a UW Medicine clinical entity where direct patient care is provided, you must submit a form entitled “Request for Approval for use of Audio Recordings for Research, Education and Quality Improvement Purposes” to the clinical entity’s Chief Executive Officer or Executive Director (or delegate) prior to undertaking the audio recording activity.
Research:
Please be aware that using and/or recording with smart glasses or other wearable technology could be considered human subjects research that requires IRB approval. The UW Human Subjects Division (HSD) can help you determine whether you may be engaging in human subjects research. If your recording is for research purposes, or you are testing wearable technology and related software applications, and patients or others are involved, all policies applicable to human subjects research must be followed, including obtaining IRB review and approval in advance. Also, when identifiable information about individuals is incidentally captured, such as photos, these individuals could be considered “human subjects” even if they are not the focus of the test. If you think your use may fall within the definition of human subjects research, or if you have questions, please visit the UW HSD website or contact them by email at hsdinfo@uw.edu.
Other applicable policies:
- COMP.103 Use and Disclosure of Protected Health Information .
- U.S. Food and Drug Administration (FDA) Regulations: Wearable technologies may not in and of themselves be regulated by the FDA at this time, such as those that merely collect or transmit data. However, applications or apps (software programs that run on smartphones or other mobile communication devices) intended to diagnose, monitor, treat or alleviate disease are regulated by the FDA as a medical device. Check with the UW HSD to obtain guidance as to whether a planned use of a mobile application is governed by FDA regulations, and (separately) whether or not it is necessary to obtain an Investigational Device Exemption from the FDA.
Product evaluation or testing:
If asked to participate in an evaluation of technology or offered a “free” or discounted device or software for your use or testing, please contact UW Medicine Compliance at comply@uw.edu or 206.543.3098. Product evaluations may require review under various federal and state laws and organizational policies based on the circumstances. These include the federal Anti-Kickback Statute, Washington State Ethics in Public Service Act, SoM Conflict of Interest Policy (for faculty), UW outside work policies, human subjects regulations or UW/UW Medicine purchasing policies such as the UW Medicine Equipment and Product Evaluations Policy. See above section on research regarding testing of a mobile medical application.
Social media:
There may be occasions when photos and other recordings from wearable technology are posted to social media sites such as Facebook, TikTok, LinkedIn, Twitter, Instagram or others. You may not disclose any PHI on social media, whether it is a UW Medicine site or a personal site without proper authorization from the patient. The confidentiality of patient information must be maintained.
Additionally, unless you are serving as an approved, official spokesperson for UW Medicine, online communications are your personal opinions and do not reflect the opinion of UW Medicine or its affiliated entities. If you acknowledge your UW Medicine affiliation or are otherwise known or presumed to be affiliated with UW Medicine, you must include a disclaimer in your online communications indicating that you are not speaking officially on behalf of the organization. Examples of disclaimer language include:
- “The postings on this site are my own and do not represent the positions, strategies or opinions of my employer (or the UW and UW Medicine)”; or
- “This is a personal website, produced on my own time and solely reflects my personal opinions. Statements on this site do not represent the views or policies of my employer, past or present, or any other organization with which I may be affiliated. All content is copyrighted.”
For additional information and guidelines regarding use of wearable technology with social media, please see the COMP.303 Social Media Networking Policy and Guidelines.
Other applicable policies
Wearable technology guidance frequently asked questions (FAQs):
- Can smart glasses be used in a clinical setting?
If you are recording, storing, accessing or sending protected health information (PHI) or personally identifiable information (PII), you may use smart glasses or other wearable technology only if it has been determined to be HIPAA compliant by using encryption while the data is at rest and in transit. In certain circumstances, such as for use outside of the clinical or training setting, you must also obtain the patient’s permission to record and use the information.
If you are not using encryption software to assure the data on your device is encrypted both at rest and in transit, then you cannot use the device. Consult with UW Medicine IT Services guidance regarding secure data storage such as cloud computing services.
- Can I use smart glasses for telehealth or medical education or training within UW Medicine?
Yes, so long as smart glasses or other wearable technology being used is HIPAA compliant. If you are using smart glasses or a similar device in medical education or training outside of the clinical environment, and you are recording, storing, accessing or sending PHI or PII, the device used must be HIPAA compliant.
If your use of wearable technology for educational purposes includes an audio recording component and will occur in a UW Medicine clinical entity, you must submit a form entitled “Request for Approval for use of Audio Recordings for Research, Education and Quality Improvement Purposes” to the clinical entity’s Chief Executive Officer or Executive Director (or delegate) prior to undertaking the audio recording activity. See COMP.304 Audio Recordings in the UW Medicine Clinical Setting for Research, Education or Quality Improvement Purposes.
- Can patients or their family members and friends record me?
Yes, but only if you have given them your permission. You may refuse to be photographed or recorded by patients and their families or guests. Also, the recording must not interfere with patient care and staff can ask that the recording be stopped at any time.
- If a patient or a patient’s guest is recording me or our interaction in a clinical environment, does their recording device need to be HIPAA compliant? What limitations do we have on their recording?
No, because the patient or patient’s family and/or friends are not subject to HIPAA requirements. See above answer regarding the limitations on recordings by patients and their friends or families.
- Can I use wearable technology for human subjects research purposes?
Yes, you may use wearable technology for purposes that meet the definition of research with human subjects if you have Institutional Review Board approval and obtain the required consents. Depending on the type of information being recorded and sent, you may also need to meet UW Medicine patient privacy and security requirements, such as encrypting the data. If you think your use may fall within the definition of human subjects research, or if you have questions, please visit the UW HSD website or contact them by email at hsdinfo@uw.edu.
If your use of wearable technology for research purposes includes an audio recording component and will occur in a UW Medicine clinical entity, you must submit a form entitled “Request for Approval for use of Audio Recordings for Research, Education and Quality Improvement Purposes” to the clinical entity’s Chief Executive Officer or Executive Director (or delegate) prior to undertaking the audio recording activity. See COMP.304 Audio Recordings in the UW Medicine Clinical Setting for Research, Education or Quality Improvement Purposes.
- What can I post to Facebook or other social media?
You cannot post any PHI or PII to social media, whether personal or UW Medicine’s site, without the patient’s authorization. You must have the patient’s authorization to post information about the patient on a UW Medicine website or Facebook page. Even if you have the patient’s permission, posting patient information to your personal Facebook page or other social media is discouraged. Appropriate professional boundaries should be maintained. If you express any opinions in your posting, you must also state that they are your own. Please see the COMP.303 Social Media Networking Policy and Guidelines for best practices.