I interviewed a 72-year-old retired accountant who had turned off his smart glucose monitor. He explained that he “didn't know who was looking at” his blood sugar data.
The man was no stranger to technology—he had successfully used computers for decades in his career. He was sane. But when it came to his medical device, he couldn't find clear answers about where his data went, who could access it, or how to manage it. The instructions were tight and privacy settings were buried in several menus. So, he made what seemed like the safest choice: unplugging it. This decision meant abandoning real-time mode. glucose monitoring what his doctor recommended.
healthcare Internet of Things (Internet of Things) market projected will exceed $289 billion by 2028, with seniors making up the bulk of users. These devices include fall detectors, medication reminders, glucose monitors, heart rate trackers and other tools to help you live an independent life. However, the gap between adoption and adoption is widening. According to AARP poll34% of adults over 50 cite privacy as a major barrier to health technology adoption. These are millions of people who could benefit from monitoring tools, but avoid them because they don't feel safe.
In my research at the Ritchie School of Engineering and Computer Science at the University of Denver, I surveyed 22 older adults and conducted in-depth interviews with nine participants who use health monitoring devices. The results revealed a critical engineering flaw: 82% understood safety concepts such as two-factor authentication And encryptionhowever, only 14% felt confident in their privacy when using these devices. In my research, I also assessed 28 healthcare apps aimed at older adults and found that 79% lacked basic breach notification protocols.
One participant told me: “I know there is encryptionbut I don't know if that's really enough to protect my data.” Another said: “The thought of my health data Falling into the wrong hands is very alarming. I'm especially worried identity theft or my information will be used for fraud.”
This is not a problem of user knowledge; this is an engineering problem. We've created systems that require technical expertise to operate safely, and then transferred them to people who are tackling complex health problems while coping with age-related changes in vision, cognition and dexterity.
Gap measurement
To quantify the problems with privacy settings transparency, I developed Risk assessment Framework (PRAF), a tool that evaluates healthcare applications across five critical domains.
First, the regulatory compliance area evaluates whether applications explicitly state compliance Health insurance Portability and Liability Law (HIPAA), General Data Protection Regulation (GDPR) or other data protection standards. Simply claiming compliance is not enough—they must provide verifiable evidence.
Secondly, security mechanisms The domain evaluates the implementation of encryption, access control, and most importantly, breach notification protocols that alert users when their data may be compromised. Thirdly, in ease of use And availability In this area, the tool tests whether privacy interfaces are readable and easy to navigate for people with age-related visual or cognitive changes. Fourth, data minimization techniques evaluate whether applications only collect necessary information and clearly specify retention periods. Finally, transparency in sharing data with third parties assesses whether users can easily understand who has access to their data and why.
When I applied PRAF to 28 health apps commonly used by older adults, the results revealed system gaps. Only 25% explicitly stated HIPAA compliance and only 18% mentioned GDPR compliance. Most alarmingly, in 79% of cases there were no breach notification protocols, meaning users may never know if their data was compromised. The average readability of the privacy policy reached the 12th grade level, although research shows that the average reading level of older adults is at the 8th grade level.. No apps have included accessibility features in their privacy interfaces.
Consider what happens when an older person opens a regular health app. They are faced with a multi-page privacy policy, full of legal jargon about “data controllers” and “processing purposes,” followed by settings scattered across multiple menus. One participant told me, “The instructions are hard to understand, the font is too small, and it's overwhelming.” Another explained: “I don't feel informed enough about how my data is collected, stored and shared. Most of these companies seem to be profit-driven and they don't make it easy for users to understand what's happening with their data.”
When security requires manuals that people cannot read, two results follow: they either ignore security altogether, leaving themselves vulnerable, or they abandon the technology entirely, losing its health benefits.
Engineering for Privacy
We need to treat trust as a technical specification, not a marketing promise. Based on my research and the specific barriers older people face, three approaches can be identified to address the root causes of mistrust.
The first approach is adaptive security defaults. Instead of requiring users to navigate complex configuration menus, devices should come with preconfigured recommendations that automatically adapt to data sensitivity and device type. The fall detection system does not require the same settings as the fall detection system. continuous glucose monitor. This approach is based on the principle of “security by default” in systems engineering.
Biometric or voice authentication can replace passwords that are easily forgotten or written down. The key is to eliminate the burden of expertise while maintaining strong protection. As one participant put it: “Simplified security settings, better educational resourcesand more intuitive user interfaces it will be useful.”
The second approach is real-time transparency.. Users won't have to dig through settings to see where their data goes. Instead, notification systems should display every data access or exchange event in plain language. For example: “Your doctor accessed your heart rate data at 2:00 p.m. to prepare for an upcoming appointment.” A single dashboard should summarize information about who has access and why.
This solves a problem that came up repeatedly in my interviews: users want to know who is seeing their data and why. The engineering challenge here is not about technical complexity, but about developing interfaces that convey technical realities in a language that everyone can understand. Such systems already exist in other areas; banking apps, for example, send immediate notifications for every transaction. The same principle applies to healthcare data, where the stakes are arguably higher.
The third approach is invisible security updates. Manual patching creates windows of vulnerabilities. Automatic and seamless updates should be standard on any device that processes status data, coupled with a simple status indicator so users can confirm protection at a glance. As one participant said: “The biggest problem we have as elderly people The problem is that we don't remember our passwords… New technology is beyond the ability of older people to cope with it.” Automating updates removes a significant source of worry and risk.
What's at stake
We can continue to build IoT in healthcare the way we do: fast, feature-rich, and fundamentally secure. Or we can design systems that are transparent, secure and easy to use. Trust is not something you advertise with slogans or legal disclaimers. This is what you build, line by line, into the code itself. For seniors who rely on technology to maintain independence, engineering solutions like these make more sense than any new feature we could add. Everyone disabled glucose monitorevery fall detector abandoned, every health app removed due to confusion or fear, represents not just a lost sale, but a missed opportunity to support someone's health and independence.
The healthcare IoT privacy challenge goes beyond fixing existing systems. It requires rethinking how we communicate privacy. My current research builds on these results using the AI-driven Data Helper, a system that uses large language models translate detailed legal privacy policies into short, accurate, and accessible summaries for seniors. By making data practices transparent and measurable, this approach aims to turn compliance into understanding and trust, thereby promoting the next generation of trustworthy digital health systems.
Articles from your site
Related articles on the Internet
