By Myrle Croasdale

Infrared tracking technology now is adding to the data-privacy discussion.

A Johns Hopkins University clinical and engineering team recently released a study that used detailed patient-mobility data to predict lengths of stay, the level of care patients needed when discharged and the likelihood of them being readmitted within 30 days.

The infrared real-time location system allowed researchers to capture 19 mobility measurements per patient, including number of walks, distance, duration and speed of each event.

This detailed information led to an improved risk-prediction model, the study said, along with the potential to identify at-risk patients and develop interventions to improve their outcomes.

While a plus for patient health, what does location tracking mean for patient privacy?

“My sense is that it is very significant, but it’s very early,” Pam Dixon, executive director of the World Privacy Forum (WPF) in San Diego, Calif., told Digital Privacy News.  

Patient data is protected by the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), she said, and health-care providers are experienced at managing it.

But the privacy threat would be if such precise tracking was carried out on a global scale, Dixon said, and if the medical data was moved out of a health-care setting.

Personal health information that a person shares with a technology company through a wellness app, for instance, is not protected by HIPAA, according to the U.S. Department of Health and Human Services (HHS).

“It is very significant, but it’s very early.”

Pam Dixon, World Privacy Forum

How the Study Worked

In the Johns Hopkins research, detailed in a March report, patients wore a badge that emitted an infrared signal, which was detected by ceiling sensors spaced 6 feet apart.

When the sensors detected a badge signal, they transmitted the badge’s identification number, sensor location and a timestamp to a server.

The infrared-tracking system relies on a physical structure. According to Midmark Corp., the manufacturer, the Johns Hopkins installation included more than 4,000 badges and 5,100 sensors in 20 buildings.

“In this case, this is very limited to a hospital setting or controlled-care environment,” said Daniel O’Neill, an executive in the digital health and health-care technology industry. “The hardware doesn’t easily translate outside the building.” 

He explained that HIPAA covered medical data that resided with a health plan or medical clinic, but health-related information captured by a tech firm and stored on its servers was not. 

“Data collected in a health-care setting has a much firmer privacy protection, not like consumer apps,” O’Neill told Digital Privacy News. “That’s a wild west.”

“Data collected in a health-care setting has a much firmer privacy protection, not like consumer apps.”

Daniel O’Neill, digital health and health-care technology executive.

Collecting Data Through Apps

Technology firms generally collect health data, like heart rate and steps, through wellness apps and smart devices, like an Apple watch.

But their terms-of-use agreements often allow the companies to share the data with third parties, like advertisers or software vendors.

In contrast to the smaller-scale tracking of an infrared system, Bluetooth technology — for instance — creates the possibility of global tracking systems, WPF’s Dixon said.

Singapore is using a COVID-19 tracking app among its population, and Google and Apple Inc. said last month that they would develop a coronavirus contact-tracing platform.

With the COVID-19 pandemic, the U.S. government has waived enforcement penalties for failing to comply with some HIPAA patient-privacy provisions, which makes Bluetooth GPS tracking generally feasible here in the United States.

Johns Hopkins’ use of tracking data, which remains protected by HIPAA, is part of the institution’s precision-medicine effort.

Under HIPAA protection, the infrared patient-location system demonstrates data’s potential to make medical care more effective, according to the institution.

In the study, the infrared patient-location system allowed data to be collected and analyzed in real time, which meant the patient’s walking statistics could be uploaded to an electronic medical record or smartphone.

Patients could use the information to track progress and set goals.

In addition, the real-time data could identify patients who aren’t doing well — and doctors could tailor care accordingly.

“If that system was scaled up for all employers or the government to track you,” Dixon told Digital Privacy News, “there would be a risk if medical data is involved.”

Myrle Croasdale is a Minnesota writer.

Sources (all external links):

• Midmark.com: Real-Time Location System 
• Midmark.com: The Johns Hopkins Hospital Enterprise Case Study 
• ScienceDaily.com: Device that tracks location of nurses re-purposed to record patient mobility
• JAMANetwork.com: Assessment of Patient Ambulation Profiles to Predict Hospital Readmission, Discharge Location, and Length of Stay in a Cardiac Surgery Progressive Care Unit
• Health Affairs Blog: Rethinking Patient Data Privacy In The Era Of Digital Health
• HHS.gov: Personal Health Records and the HIPAA privacy rule