Consumers who use smartwatches and fitness rings currently lack federal health data protections, leaving their sensitive medical information governed primarily by individual company privacy policies rather than the Health Insurance Portability and Accountability Act (HIPAA). With over 560 million global users, experts like Jules Polonetsky of the Future of Privacy Forum warn that without federal standards, users must actively audit how their data is stored, shared, and monetized by device manufacturers.
Why HIPAA does not protect your wearable data
Many users mistakenly assume their fitness tracker data enjoys the same legal protections as medical records held by a doctor. According to the U.S. government, HIPAA only applies to “covered entities” like healthcare providers and insurance companies. Because most wearable manufacturers are considered consumer technology companies rather than medical providers, they fall outside these federal mandates. Caitlin Fennessy, vice president at the IAPP, notes that in the absence of federal law, a patchwork of state-level regulations and company-specific terms of service dictate how your sleep, heart rate, and fertility data are managed.

A 2025 analysis published in npj Digital Medicine evaluated 17 major wearable brands. It found that Google, Apple, and Polar currently maintain the lowest risk scores regarding data privacy, while Xiaomi, Wyze, and Huawei recorded higher risk scores based on transparency and data-sharing criteria.
How to identify if your data is being monetized
The most reliable indicator of how a company treats your data is its business model. Jules Polonetsky suggests that if a device or app is free, the user is likely the product. Companies that charge a premium for hardware and subscription services have a direct financial incentive to retain customers through trust, whereas “free” services often rely on third-party data sales, advertising, or insurance profiling to remain profitable. When shopping for a new device, look for clear, public-facing statements regarding end-to-end encryption and whether data remains on the device or moves to the cloud.

Practical steps to secure your health information
You can regain control over your digital footprint by performing regular audits of your connected accounts. Start by reviewing the privacy policy of your device manufacturer; if the document is too dense, use an AI chatbot to summarize the “data sharing” and “third-party” sections. Additionally, disconnect unused apps or gym equipment from your fitness profile. If you no longer use a specific smartwatch or ring, delete your account and associated health data entirely to prevent it from being exposed in future security breaches.
Pro Tip: Managing AI training settings
If you use AI-powered health apps to analyze your metrics, verify your settings to ensure your personal data is not being used to train company models. Most platforms allow you to toggle off “data training” or “model improvement” features in the privacy dashboard.
Frequently Asked Questions
- Is my fitness tracker data protected by HIPAA? No. Wearables are not considered “covered entities” under HIPAA, meaning they are not required to follow the same privacy rules as your doctor or hospital.
- Do state laws help protect my health data? Yes, to an extent. Over 20 states have passed comprehensive privacy laws that allow residents to access or delete their personal information, though these protections vary significantly by location.
- How can I tell if a company sells my data? Check the manufacturer’s privacy policy specifically for mentions of “third-party sharing” or “marketing.” If this information is not transparently disclosed, industry experts advise proceeding with caution.
- Should I delete data from old smartwatches? Yes. Deleting your data from unused devices minimizes your risk in the event of a company-wide data breach.
Are you concerned about how your wearable device handles your personal health metrics? Share your thoughts in the comments below or subscribe to our newsletter for more updates on digital privacy and consumer technology.
