Federal Trade Commission (FTC) new rule on health data includes fitness apps and trackers
New regulations by the FTC on mobile apps is increasing and app developers should take heed.
This Modern Healthcare article (membership required) summarizes the September 15th, 2021clarification by the FTC that mobile app data is covered by the FTC Breach Notification Rule even if your app is not specifically regulated under HIPAA.
The Rule mandates that mobile app developers must notify users of a data breach. Bear in mind, this breach notification rule was first promulgated in 2009 but has NEVER been enforced by the FTC.
The September 15th statement seems to mark a change of course for the FTC in regards to their enforcement activity
The decade since the Rule was promulgated has seen an explosion of personal health apps and fitness trackers; all of which are likely covered under the Rule.
Check out our comprehensive post on HIPAA and mobile app data.
Is YOUR app covered under the Rule?
To see if your app is covered under either HIPAA or the 2009 Breach Notification Rule, use this simple interactive tool to discover any liability you may face.
Is there need for this new Rule?
The FTC is responding to a sea change in the marketplace with new revelations coming out all the time of how vulnerable the public is to app data security and privacy breaches.
For example, developers who make opioid treatment apps have already run afoul of the new rule, according to this TechCrunch article.
An independent investigation by the security team at ExpressVPN of 10 Android opioid treatment apps with over 180,000 user downloads demonstrated widespread and serious security and privacy issues.
User data was hacked from these 10 apps by the ExpressVPN team.
From this, and other media sources, the FTC has taken note and intends to take action against mobile app developers.
This FTC press release actually ‘warns’ app developers of running afoul of the new rule.
The September 15th Statement of the Commission of the FTC sounds slightly less ominous by offering ‘guidance’ to app developers and how they can comply with the new rule.
How can developers comply with the new rule?
A legal ‘safe harbor’ exists when your customers sign a media release that allows you to use the app data for marketing purposes.
The WOW Promoter app contains the media release within the app itself which allows the app End User (clinics and hospitals) to use the clients’ data (video testimonials on social media) for marketing purposes.
Follow these FTC ‘best practice guidelines’ to ensure that your app only collects personal health data that you actually need and that, once collected, you are protecting that data.
What are the risk of NOT complying with the the New Rule?
Ominously, the September 15th letter from the FTC ends with this foreboding statement:
“The Commission intends to bring actions to enforce the Rule consistent with this Policy Statement.
Violations of the Rule face civil penalties of $43,792 per violation per day.”
Again, since the Rule has NOT been enforced since 2009, the extent and severity of any FTC actions will warrant close observation.
Get the free app – save time and $$
If you are an influencer who deals face-to-face with people, like a dentist or a real estate agent, you can become an online influencer using short, testimonial videos on popular social platforms.
We can show you how.
Do you like all the hosting and posting?
All the hashtags, hypertext links and tech-y stuff?
If not, just let the WOW Promoter app do it for you – for free!