Health-related apps are widely available for smartphones and watches. There is no shortage of connected health-monitoring devices such as personal glucose and heart rate monitors.
These apps and devices read, track and record both health-related information and, by signing up for or registering the app or device, information that identifies the particular person using the app or device. Some of these apps and devices even interface with other apps or devices; for instance, syncing the calendar apps records histories like sleep cycles, heart rate or glucose levels or to forecast such as fertility cycles. The question then arises:
What protection do consumers have over the health and personal data generated by these relatively new apps and connected devices?”
The Federal Trade Commission (“FTC”) recently issued a policy statement addressing this issue and protection of the information gathered by these relatively new technologies.
Existing Framework
Privacy of health-related information gathered by providers of healthcare services or supplies — such as physician offices and pharmacies — has long been protected by the Health Insurance Portability and Accountability Act (“HIPAA”). HIPAA also contains provisions requiring healthcare providers to notify impacted individuals when HIPAA-protected data is breached or compromised and the FTC enforces those provisions.