FTC, HHS Update Mobile Health App Data Privacy Compliance Tool

The Federal Trade Commission (FTC) and HHS updated their Mobile Health App Interactive Tool, designed to help mobile health app developers understand which data privacy laws apply to their apps.

The FTC collaborated with the HHS Office for Civil Rights (OCR), the HHS Office of the National Coordinator for Health Information Technology (ONC), and the Food and Drug Administration (FDA) to create and update the tool.

“This tool is for anyone developing a mobile app that will access, collect, share, use, or maintain information related to an individual consumer’s health, such as information related to diagnosis, treatment, fitness, wellness, or addiction,” the FTC stated.

For example, apps that help patients manage chronic diseases, view their medical records or health insurance claims, or track fitness all have data privacy implications that must be considered by developers.

Using the tool, developers can learn more about the variety of laws that may apply to them, such as the FTC Act, HIPAA, the Federal Food, Drug, and Cosmetic (FD&C) Act, and the FTC’s Health Breach Notification Rule.

“The guidance tool asks developers a series of high-level questions about the nature of their app, including about its function, the data it collects, and the services it provides to users,” HHS explained.

“Based on the developer’s answers to those questions, the guidance tool will point the app developer toward detailed information about certain federal laws that might apply to the app.”

The tool asks developers specific questions, such as, “[d]o you enable electronic health information exchange among more than two unaffiliated parties?” and provides detailed guidance on which laws apply if the developer answers “yes” or “no.”

The FTC specifically states that the tool “is not offering legal advice and is provided for informational purposes only.”

“Using this tool isn’t required by federal law and can’t guarantee compliance with applicable federal requirements,” the FTC explained.

“Instead, it’s meant to give you a snapshot of potential compliance obligations and point you to educational materials and best practices for delivering safe, accurate services while safeguarding the privacy and security of consumer information.”

The tool can help developers navigate the patchwork of different laws that may apply to them and ensure that any sensitive health information is protected accordingly.