Health app makers are on notice amid FTC data rule refresh, but some privacy experts say the regulator has gone too far
By Kate Kaye
The Federal Trade Commission never applied an old rule governing the privacy and security of health data. Now that the agency has vowed to get tough on enforcing it against mobile health apps, some legal and privacy experts siding with tech businesses say it’s a convoluted approach that already is causing confusion.
The FTC is broadening its restrictions on the privacy and security of data as it pertains to mobile health apps.
The FTC voted during a Sept. 15 meeting to apply the Health Breach Notification Rule to connected health apps and other tech used to monitor health, such as fitness trackers, fertility and period-tracking apps, mental health apps — or apps that help people quit smoking. The rule requires companies that have experienced a breach of health-related data to notify the FTC and those affected by the breach. The goal is to get the agency’s enforcement of the existing rule caught up with the ways people manage their physical and mental health today and align it with how the data reflecting their health is handled. No companies have been charged by the FTC under the rule.
“The health breach notification rule needs a bit of a refresh,” said Pam Dixon, executive director of World Privacy Forum, a non-profit group that has conducted research on health data privacy and breaches.
Previous FTC guidance indicated the rule was applicable only in a narrow set of circumstances related to personal health record vendors and firms that provide services to those companies. But times have changed, and the agency is taking a more aggressive approach to interpreting the rule to meet the health tech industry where it is today — much more evolved than it was in 2009 when the FTC first offered guidance on how it would apply the rule.
“Today we are hoping to clarify that the health breach notification rule applies to connected health apps and similar technologies,” said FTC chairwoman Lina Khan during the meeting. As justification for shifting how the rule is applied, she pointed to the commodification of sensitive health information that app developers often disseminate to monetize their apps through targeted advertising and by building other products from large volumes of data. She said evolving the way in which the rule is applied to encompass modern technologies is a “logical interpretation.”
Khan put her proverbial foot down when introducing the policy shift. “The commission should not hesitate to seek significant penalties against developers of health apps and other technologies that ignore its requirements,” she said. Companies found in violation could be slapped with civil penalties of …read more
Source:: Digiday
Author: Aaron
Related Articles
Kill Your Algorithm: Listen to the new podcast featuring tales from a more fearsome FTC
By Kate Kaye Kill Your Algorithm is a two-part Digiday podcast special exploring the implications of a more aggressive Federal Trade Commission. Sometimes referred to…
Digital Medical Companies Funnel Patient Data To Facebook For Advertising
By Adam Getty Images A new study shows how websites and apps gather people’s sensitive health-related information, sometimes without consent, and channel it to the…
The Rapid Acceleration of Digital Health
By Sarah Evans The COVID pandemic of 2020 has had a drastic and lasting effect on the way we operate in the healthcare sector. Whether…
Blockchain and Health [Infographic]
By Sarah Evans During the pandemic, there was a rise in remote doctors appointments, also known as telehealth. This option was appealing due to the…
Social Media Continues To Affect The Health Of College Students
By Adam Teens can suffer from mental illness from excessive social media usage getty The rise of smartphones has led to “Text Neck Syndrome”, where…