Slashdot Mirror
Civil Case Uses Fitbit Data To Disprove Insurance Fraud
Lucas123 writes In what could presage an era of data from wearables being used in civil and criminal litigation cases, a Canadian attorney is using data collected by a Fitbit activity tracking wrist band to prove his client is not scamming an insurance company. The defendant's attorney normalized the data using an analytics platform that compares activity data with other wearables, offering a way to benchmark his client's health against a larger group of wearable owners. Legal and privacy experts say it's only a matter of time before wearable data will be used in criminal cases, as well, and the vendors will have little choice but to hand it over. "I do think that's coming down the pike. It's just a matter of time," said Neda Shakoori, an eDiscovery expert with the law firm of McManis Faulkner. Health privacy laws, such as HIPAA, don't cover wearables and those companies can be subpoenaed — just as Google and Microsoft have been for years.
vendors will have little choice but to hand it over.
One of the strongest arguments I have for why I want programs to work with local content.
HEY, your ad-driven phone app sends all it's data back to a central repository detailing almost every facet of my life. That's great, but I think I'll pass.
What's that? People want this data on other devices? Why do you think that means it has to go live out on a server somewhere? Have you never heard of sync?
Perhaps I'm just being paranoid here. There certainly doesn't look like there's rampant wide-spread abuse of this sort of data. Yet. But it's still the sort of thing that rubs me the wrong way.
People want this data on other devices? Why do you think that means it has to go live out on a server somewhere? Have you never heard of sync?
I think the idea is that you still want to collect telemetry even if you're collecting more data than will fit in the device's memory. Or you still want your data to survive even if the device on which it was collected does not (see Malaysia Airlines Flight 370).
>> doesn't look like there's rampant wide-spread abuse of this sort of data. Yet.
But there could be. Many IoT company's privacy policies seem to be just a cut/paste of their wide-open web privacy policies. For example, take a look at Lowe's IRIS system. According to the legalese, I think they might be able to scan your home video feeds to look for products you might want...
http://iotsecuritylab.com/iot-...
"Even if medical privacy laws did cover data recorded by a Fitbit band, it wouldn't matter, Reitman said, because there's an exception to HIPAA for law enforcement queries, national security and many other legal requests." To me, this sound like even X-rays, EKG results, MRI or CAT scan results or even just doctor's notes could be at risk. So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league. You don't need a wearable for any of that.
The next time wrist band activity will be used as an evidence that someone does not go out and I lives only a passive live, that someone can buy a cat.
Use that wristband as cat's collar. In fact cat and sedentary people are almost indistinguishable, from computer's point of view.
So, what is next? Surveillance cameras corroborating that the disabled owner is truly sitting home. 365/24/7 surveillance and records prior to the potential insurance accident just to prove that in the past the owner was active and outdoorsy person?
Sure, except for the 20 minutes a day that otherwise sedentary "person" goes insane and starts playing with their blinds, and running under their tables and beds. It'll raise some other concerns, to say the least.
>Use that wristband as cat's collar. In fact cat and sedentary people are almost indistinguishable, from computer's point of view.
Sounds like you've met my cat. I just threw away a cat tree because she was too lazy to use it.
In fact cat and sedentary people are almost indistinguishable, from computer's point of view.
Cats are nocturnal. They're sedentary during the16 hours a day you watch them, then stalk to house all night looking for bugs to torture. I'm pretty sure a computer can figure out the difference between diurnal and nocturnal.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league.
Absolutely. Although they probably would NOT go for criminal charges, they would just sue for damages in civil court, in which case they could absolutely subpoena your medical records. Actually, it probably wouldn't even get that far, because they'd want the medical records BEFORE paying the claim, and if you didn't provide them, you wouldn't collect.
So, as suspect and hit at, Lucas123 seems to be completely confused about how HIPAA applies when there's a legal dispute over an insurance claim. Seriously, what numbskull thinks you can file an insurance claim and then claim medical privacy in order to avoid handing over data necessary to evaluate your claim???
To me, this sound like even X-rays, EKG results, MRI or CAT scan results or even just doctor's notes could be at risk. So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league.
Ummm, no.
1. Law enforcement has no role to play here, this is a simple contractual issue between you and the insurance company. (unless law enforcement is charging you with insurance fraud, but that's a different story)
2. A court order to produce documents is quite difference from a law enforcement request to produce documents.
3. Medical records (generally speaking) aren't legally privileged the way conversations with your lawyer are legally privileged.
4. It is perfectly reasonable for your insurance company to verify your claim that you broke your ankle. Insurance policies normally have clauses saying that the insurance company can examine the medical records pertaining to your claim as part of the adjudication process.
In fact cat and sedentary people are almost indistinguishable, from computer's point of view.
Cats are nocturnal. They're sedentary during the16 hours a day you watch them, then stalk to house all night looking for bugs to torture. I'm pretty sure a computer can figure out the difference between diurnal and nocturnal.
Domestic cats are not nocturnal. Sure; they are up at night, but they are also up during the day.
Many of us are nocturnal now too thanks to MMOs and the interwebs!
I don't like the Guilty Until Proven Innocent mentality. However, since some people are insistent on doing away with the basics of our legal system I do like the fact that my Wii FitMeter could be used to prove my general whereabouts since it records altitude information thought the day. I can easily see in my daily logs when I come home, and leave for work because there are substantial hills on the path. I'm fairly confident that between my phone and FitMeter I could prove my whereabouts with absolute certainty. Since I'm also pinned in a IT room in the back with only one other coworker who doesn't come in till 10, and leaves at 3ish I wouldn't have a provable alibi between 8 to 10 and 3 to 5 without my devices. I don't like having to do that, but since some people insist on Guilty Until Proven Innocent I'm happy that my devices do this.
My wrist is not Malaysia Airlines flight 370.
I agree that a difference of scale exists. But it's still a noticeable loss if you get mugged and someone steals your smartwatch, smartphone, wallet, and other valuables, and you can't use your telemetry data against the mugger because the mugger stole the devices on which they were recorded.
Not relevant, but why does slashdot deals have to use disqus? I'm not interested in one company like disqus collecting my opinions across multiple sites.
Yes, this especially covers HIPAA covered health records, anything can be found under discovery
I have mod points and I am not afraid to use them
First the Dumb: HIPPA is US, this is Canadian lawsuit.
Second and more importantly never record anything you don't want somebody else's lawyer holding up in court.
As a nocturnal human (DSPS sucks), I can vouch that the family cat sleeps all night like everyone else except me. Unless move near the food bowel. Then it stares at me for 10 minutes trying to get food, then gives up and goes back to sleep.
Seriously, what numbskull thinks you can file an insurance claim and then claim medical privacy in order to avoid handing over data necessary to evaluate your claim???
I think the fitbit issue is a bit different, though, since it's not clear that it constitutes a 'medical record' that you'd expect your insurance company to have access to. An insurance company demanding access to fitbit records feels a little more like if they demanded access to your home movies. Sure, there may be some relevant information there, but it was information gathered by yourself for personal reasons which may not be strictly 'medical'. Besides, I would hope there'd be a legal challenge against using it as evidence, unless they can verify that the patient was actually wearing it, that the results are relevant to the case, and that the data collected is reliable.
Use that wristband as cat's collar. In fact cat and sedentary people are almost indistinguishable, from computer's point of view.
If another cat came to the window or back door, our cat would run about 200 miles an hour to hiss and yell at the other cat. This would not look very sedentary.
But yeah, most of the time our cat would be a good simulation of a sedentary person.
There's one big problem with trying to use fitbit data. There's no way to prove that the device was actually attached to a person that is allegedly producing the data. Six months down the road, the witness (alleged wearer) won't remember what he had for dinner, let alone what was on his person. Add to that motives to lie (and people do that on the stand in spite of the penalties) and you have a data source that won't prove anything in most cases.
Besides, who the hell cares whether or not I was moving at any particular time during the day? Can't my level of activity already be determined from my phone, where I eat and what kind of shoes I buy? My privacy isn't being invaded in any substantial way even if these companies release my data. Sheesh!
I think the fitbit issue is a bit different, though, since it's not clear that it constitutes a 'medical record' that you'd expect your insurance company to have access to.
It is different. But consider that an insurance company can hire a private detective to follow you and record your activities, check on your Facebook page, subpoena your health club records or your ski lift tracking data...
Besides, I would hope there'd be a legal challenge against using it as evidence, unless they can verify that the patient was actually wearing it, that the results are relevant to the case, and that the data collected is reliable.
Yes, your attorney can raise every one of those issues.
It is different. But consider that an insurance company can hire a private detective to follow you and record your activities, check on your Facebook page, subpoena your health club records or your ski lift tracking data...
Yes, and that's really my only point. A subpoena asking for fitbit records should be thought of more like a subpoena for health club records, and not the same as your insurance company asking for medical records from your doctor.
Apps SHOULD locally encrypt the data before sending it elsewhere. Encryption that requires you to open it, encryption that has not got backdoors.
Then when lawyers request it, they are boned. Depending on your country, that is, and the possibility of the obligatory wrench (xkcd).
This sig intentionally left blank.
Note that this is HIS lawyer who is submitting the FitBit records, NOT the insurance company. The insurance company says his claim is fraudulent, and HE is saying no it isn't, my FitBit data proves it.
Looking at your Fitbit data, we can only conclude that you're a sadistic bastard.
So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league.
If an insurance company thinks you're lying about a disability claim, they aren't going to bother with law enforcement or medical records or some dubious fitness app. They'll hire a $300/day private investigator to follow you around for a few days and get photos of you at the golf course. He'll be checking all of your social media, he's probably going to be in your credit and phone records as well, via legal gray areas. If it's a worker's comp claim, they'll have him tail you until the day you go back to work. Insurance will happily pay a PI $10K a month to follow a suspected fraudster on a $100K claim. They only have to win that bet one out of ten times to break even.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
From what I've seen, the PI investigation is almost "standard", almost every person is followed and taped for every worker's comp claim that might go over a thousand dollars. A good friend of mine did that kind of work for awhile; he sat in a van for hours at a time waiting to film someone; very tedious and boring PLUS you can't jump out for a pee break so...he finally had to give up the job after getting too many traffic tickets from running red lights, speeding, etc, chasing people around. The best scammer he busted was a "disabled" hockey player who had moved down from another state and was playing here again, he got him to sign a pennant and presented it (along with film of him on the ice playing) in court. A gf of mine was filmed too but she really was injured but it was SUPER FREAKY to see film of me carrying in groceries, even when we knew during that time we might be filmed.
Get another cat, then they'll fight over the tree.
far better than my cat, who likes to find pipe cleaners and YELL at them like she's just brought home a mouse for her kittens. I use them holding various wires out of the way, and if I leave even a two-inch long piece she will carry it all over meowing at the top of her lungs. 3:00PM, 3:00 AM, whenever she finds it.
Note that this is HIS lawyer who is submitting the FitBit records, NOT the insurance company. The insurance company says his claim is fraudulent, and HE is saying no it isn't, my FitBit data proves it.
I think the insurance company will respond by asking him to prove the veracity of the data, and they it wasn't someone else wearing it. Usually the insurance company has valid reason when they legally challenge a claim, even if it's just a disgruntled boss claiming there is fraud. It'll be ironic isfthe insurance company pulls out the guys tweets or facebook posts, or cell phone tracking data - all things that most people don't even consider.
I'm waiting for the lawsuit where the insurance company produces cell phone tracking data showing the owner was traveling at 7 mph down this trail that is not passable by bike. They must have been jogging, but this claim says he has difficulty walking.
Don't try this if your cat wanders the neighborhood, peering in windows and visiting underage children....
Why should I have to upload that video to some third-party service instead of my own server?
Because the profitable majority of people aren't among the demographic that reads Slashdot. These people are unwilling:
The Slashdot demographic is an edge case, and the economies of scale associated with mass production and technical support tend to disfavor products targeted to edge cases.
If you could find a decent standalone GPS app for a cellphone, it would trivially do this job without uploading. You'll want one with a card slot.
A mugger who takes the phone also takes the card in it. And if your device is boot-looped, such as your LG, the evidence is likely encrypted on the internal flash with no way of recovering it.
Anyway, having recorded a video to an Android phone, you can upload it to your own server
How many less-technical people are willing to set up such a server rather than subscribing to an integrated third-party service? If most people actually had their "own server", then something federated like GNU social would have taken off instead of Facebook.
Depending on the accuracy being perched in impossible locations for hours. Since disabled people don't sleep on top of the refrigerator.
So am I, because I AM THE BATMAN.
My first program:
Hell Segmentation fault
I wanted to get more information about why she was being accused of insurance fraud in the first place, and why the wearables would be relevant.
The answer (for those who don't want to search) is that she is a personal trainer, and she was injured. She is claiming that her injury prevented her from working. The insurance company is calling that a fraudulent claim.
My opinion is that she is innocent. I am a little surprised they need the fitbit data at all, but more evidence is usually better.
Also, the fitbit data is data that she posted publicly, so, while I am worried about losing my privacy, I think we are making mountains out of molehills about this case. This is sort of like police using facebook to catch a criminal, not like police getting access to my email.
I understand I'm not always the most eloquent and well spoken.
And neither am I.
or the thing is acting like a blackbox (which fitbit is not)
The featured article implies that Fitbit is in fact being used as a black box, despite not originally having been intended so.
Over the Internet? Can you seriously not connect to your computer over the Internet?
Not if your computer's Internet connection doesn't allow incoming connections, whether because of CGNAT applied by your home ISP, because of a "no servers" clause in your home ISP's terms of service, or because it is in suspend mode to save electric power.
Or you can occasionally walk within the range of your home's wifi and a program syncs your phone's data to your computer, bypassing your ISP.
That works for the Fitbit's original intended use but not for the black box use described in the featured article.
What ISPs NAT?
Wikipedia's article about carrier-grade NAT states that it's more likely to be deployed by ISPs in countries most affected by IPv4 address exhaustion. Were you looking for actual ISP names? If so, I could do more research for you.
Or, rent a VM for next to nothing a month.
Correct me if I'm wrong, but you appear to imply that most people would be willing to take the time==money to learn to administer a VPS. I disagree.
They can always offer the use of their server for people with no other options or who just don't care.
In other words, the vast majority.