On September 15, 2021, the Federal Trade Commission (FTC) issued a policy statement affirming that developers of health apps and other connected devices and their service providers must comply with the Health Breach Notification Rule, 16 C.F.R. Part 318.
You need to understand the implication of this policy statement by the FTC. What does it mean for your privacy? Does it mean that our privacy hasn’t always been protected? To answer all these questions, you’ll need to understand what the rule is, and why the FTC made this statement at this point.
Understand the Health Breach Notification Rule
Health Breach Notification Rule provides that “vendors of personal health records (“PHR”) and PHR-related entities must notify U.S. consumers and the FTC, and, in some cases, the media, if there has been a breach of unsecured identifiable health information, or face civil penalties for violations”. Information covered under the rule is electronic personal health records provided by or on behalf of an individual, and that identifies the individual.
According to the statement, a privacy breach also includes sharing a customer's health information without authorization.
Why the FTC Issued the Policy Statement
The Health Breach Notification Rule has been in operation for over a decade, so why is the FTC releasing this policy statement now? When you look at the COVID-19 induced surge in the number of health apps downloads, you'll understand why this rule is critical now. What does it mean for your privacy?
Many Americans use apps for various health reasons — track diseases, medical consultation, diagnosis, medication, fitness, sleep, diet, fertility, and mental health. Many of these apps capture sensitive health data. FTC's privacy policy seeks to protect consumers from unauthorized access to their health information.
There’s a real danger that your health information may not be adequately protected by some health apps. A security report revealed that a database containing over 61 million records related to health and fitness tracking devices including Fitbit, Apple Healthkit, and GoogleFit was left unprotected online.
Why You Should Be Concerned About Your Health Data
Some companies that own health apps collect information to sell them even when they say they won’t. While some companies may not have such ill intentions, they may lack the resources or tools to secure your data, especially if they are a startup. This is why you need to check the privacy policy of any health app you're using to understand how they intend to use and protect your data.
Privacy by Design
At RxLess, we understand how important it is to ensure any information you share with us is adequately secured. One guiding principle in our privacy policy is to collect as little information as possible. This is why you don't need to provide any personal information to use our offers. And when we collect any information about you, we will never share, sell, or disclose it other than to help you use our services. Our privacy page provides more details on how we use any information we collect from you.
