Federal agencies release updated privacy guide for health app developers

Several federal government agencies have released an updated “tracking guide” that aims to help health app developers understand which privacy laws and regulations apply to their technology.

The Mobile health apps tool was produced by the Federal Trade Commission as well as the Office of the National Coordinator of Health Information Technology, the Food and Drug Administration, and the Department of Health and Human Services Office for Civil Rights.

It allows developers whose apps will collect, share, use, or retain health information to determine which federal laws apply and which agencies oversee various aspects of mHealth technology. The laws included are:

  • Health Insurance Portability and Accountability Act (HIPAA) breach notification, privacy, and security policies.

  • The Federal Food, Drug and Cosmetic Act (FD&C Act).

  • The health informatics and information blocking provisions of the 21st Century Cures Act and the ONC Cures Act Final Rule (including the ONC Health).

  • The Federal Trade Commission Act (FTC Act) and the FTC Health Damage Notification Rule.

  • Children’s Online Privacy Protection Act (COPPA).

The tool asks developers different questions to determine their role, for example: “Do consumers need a prescription to access your app?” or “Do you enable electronic exchange of health information between more than two unaffiliated parties?”

“We recognize the important role that health technology developers play in helping to enable and build trust in the adoption and use of mobile technology,” ONC’s Kathryn Marchesini and Rachel Nelson wrote in a statement. blog post.

“Building privacy and information security protections into mobile technology from the outset makes privacy and security the default setting built into the overall design and development of technology and business practices (sometimes referred to as privacy or security by design). This provides some assurance to users that information is secure and will only be used and disclosed as intended or approved.”


There are hundreds of thousands of digital health apps available to consumers, and a recent American Medical Association survey found that more physicians view digital health tools as a benefit to patient care.

However, there are concerns about user privacy and security. Following the Supreme Court’s decision that overturned Roe v. Wade, some privacy experts have argued that data collected from period-tracking or fertility apps could be used against consumers in states where abortion is now restricted.

A recent report from the Mozilla Foundation analyzed 25 reproductive health apps and wearables. He found that some apps collected a significant amount of personal information, made it difficult for consumers to understand how their data would be used, and had poor privacy and security standards.

Leave a Reply

Your email address will not be published. Required fields are marked *