New regulations to increase health app privacy

May 9, 2024

The Federal Trade Commission (FTC) just announced new privacy requirements for health related mobile apps. This new rule, which will go into effect in 60 days, seeks to prevent digital health apps from sharing sensitive health information with technology or marketing companies. Makers of digital health apps will be required, like other health businesses, to inform the FTC and consumers if there is a privacy breach. This could include fitness-related data and health-related purchases.

The Markup, a nonprofit journalism outlet, reported early last year that engineers often embed existing software (called “pixels”) when they are designing apps, and that these pixels can transmit data from the user to various technology or marketing companies. They found that 49 of 50 direct-to-consumer digital health apps had such software, although many companies have removed this since that report. Some of these apps transmitted keystrokes, email addresses, and even prescriptions. You can check what data is being transmitted from your use of a website by using this tool.

Implications for employers:

-        Proper respect for privacy is critical for digital health vendors to earn trust from patients and from employer clients.

-        Employers can ask their digital vendors about the existence of pixels or other tracking software that could breach member privacy.

Thanks for reading.  You can find previous posts in the Employer Coverage archive

Please subscribe, “like” and suggest this newsletter to friends and colleagues. Thanks!

Illustration by Dall-E