Civil Case Uses Fitbit Data To Disprove Insurance Fraud

Lucas123 writes In what could presage an era of data from wearables being used in civil and criminal litigation cases, a Canadian attorney is using data collected by a Fitbit activity tracking wrist band to prove his client is not scamming an insurance company. The defendant's attorney normalized the data using an analytics platform that compares activity data with other wearables, offering a way to benchmark his client's health against a larger group of wearable owners. Legal and privacy experts say it's only a matter of time before wearable data will be used in criminal cases, as well, and the vendors will have little choice but to hand it over. "I do think that's coming down the pike. It's just a matter of time," said Neda Shakoori, an eDiscovery expert with the law firm of McManis Faulkner. Health privacy laws, such as HIPAA, don't cover wearables and those companies can be subpoenaed — just as Google and Microsoft have been for years.

Privacy means local storage

[HeckRuler]

vendors will have little choice but to hand it over.

One of the strongest arguments I have for why I want programs to work with local content.
HEY, your ad-driven phone app sends all it's data back to a central repository detailing almost every facet of my life. That's great, but I think I'll pass.

What's that? People want this data on other devices? Why do you think that means it has to go live out on a server somewhere? Have you never heard of sync?

Perhaps I'm just being paranoid here. There certainly doesn't look like there's rampant wide-spread abuse of this sort of data. Yet. But it's still the sort of thing that rubs me the wrong way.

Re: Privacy means local storage

[tysonedwards]

Local storage on a phone - devices that are small, visible, portable and valuable have a considerable market and as such lead to thefts - is a single point of failure where you can lose everything. Further, the industry average is to replace these devices every 18 months. There are mitigating strategies such as backup and resync approaches, but these create additional steps and introduce the likelihood of users losing their data. Hence why the idea of server side storage exists, as a means of making these device replacements easier and more transparent to users.

Does that come with potential privacy issues? Of course it does, but largely the market decided that they would rather the convenience of a "dumb terminal" that can be replaced and immediately behave just like their old one than the security of a fully local model. Until there are massive security breaches that hit *most* people, where these approaches to cloud data storage is shown directly at fault (and not those visible to most, but largely affecting celebrities only as was the case with Fappening or other similar events) then this type of thinking will continue and new services introduced that are more and more Internet-centric for tasks that ultimately don't need to be.

Memory limit and data durability

[tepples]

People want this data on other devices? Why do you think that means it has to go live out on a server somewhere? Have you never heard of sync?

I think the idea is that you still want to collect telemetry even if you're collecting more data than will fit in the device's memory. Or you still want your data to survive even if the device on which it was collected does not (see Malaysia Airlines Flight 370).

If you think about it...it goes beyond wearables.

[technomom]

"Even if medical privacy laws did cover data recorded by a Fitbit band, it wouldn't matter, Reitman said, because there's an exception to HIPAA for law enforcement queries, national security and many other legal requests." To me, this sound like even X-rays, EKG results, MRI or CAT scan results or even just doctor's notes could be at risk. So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league. You don't need a wearable for any of that.

Will activity of the cat and couch potato differ?

[Trachman]

The next time wrist band activity will be used as an evidence that someone does not go out and I lives only a passive live, that someone can buy a cat.

Use that wristband as cat's collar. In fact cat and sedentary people are almost indistinguishable, from computer's point of view.

So, what is next? Surveillance cameras corroborating that the disabled owner is truly sitting home. 365/24/7 surveillance and records prior to the potential insurance accident just to prove that in the past the owner was active and outdoorsy person?

Re:If you think about it...it goes beyond wearable

[sribe]

So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league.

Absolutely. Although they probably would NOT go for criminal charges, they would just sue for damages in civil court, in which case they could absolutely subpoena your medical records. Actually, it probably wouldn't even get that far, because they'd want the medical records BEFORE paying the claim, and if you didn't provide them, you wouldn't collect.

So, as suspect and hit at, Lucas123 seems to be completely confused about how HIPAA applies when there's a legal dispute over an insurance claim. Seriously, what numbskull thinks you can file an insurance claim and then claim medical privacy in order to avoid handing over data necessary to evaluate your claim???

Assault and battery

[tepples]

My wrist is not Malaysia Airlines flight 370.

I agree that a difference of scale exists. But it's still a noticeable loss if you get mugged and someone steals your smartwatch, smartphone, wallet, and other valuables, and you can't use your telemetry data against the mugger because the mugger stole the devices on which they were recorded.