The FTC Wants To Rein In Your Health App’s Privacy Problems

Home Technology The FTC Wants To Rein In Your Health App’s Privacy Problems
The FTC Wants To Rein In Your Health App’s Privacy Problems
Image for article titled The FTC Wants To Rein In Your Health App's Privacy Problems
Photo: Paul J. Richards (Getty Images)

The Federal Trade Commission put health apps on notice this week with a brand new policy statement aimed at protecting the sometimes super-sensitive data that they collect from their users. In a 3-2 vote held on Wednesday, the Commission agreed to clarify a decade-old rule in order to mandate that these apps—and any high-tech device handling medical data—needs to notify users in cases where their data gets disclosed without their permission.


The new policy will be tacked onto the Health Breach Notification Rule that the FTC first passed back in 2009, which mandated that any vendor handling personal health records and related intel, like, say, a hospital, needs to notify both its patients and the Commission as soon as they learn about a breach on their systems. In the 12 years since that policy went into effect, we’ve seen plenty of hospitals hacked, and—thankfully!—many of them fessing up when they notice patient’s data being breached.

At the same time, we’ve seen the booming world of health tech spawn apps and wearables that largely skirt these sorts of disclosure rules because, well, they were passed at a time before that kind of tech was possible. Now that it is, there are plenty of players who aren’t afraid to slip through loopholes in our current data privacy laws in order to profit from our personal medical details.

Hopefully, the FTC’s new order will have these players thinking twice. “Digital apps are routinely caught playing fast and loose with user data, leaving users’ sensitive health information susceptible to hacks and breaches,” said Commission Chair, Lina Kahn in a Wednesday statement on the new ruling. And she’s right: one recent study from the British Medical Journal pointed out some of the “serious problems” for patient privacy currently found in hundreds of medical apps. In some cases, this meant that the apps came embedded with covert third-party trackers; in others, this meant that they were sending patient data via unencrypted channels. Overall, the researchers behind the study noted that whatever data the average health-centric app was collecting “often exceeded what is publicly disclosed by app developers.”