Federal agencies release updated privacy guide for health app developers

Federal agencies release updated privacy guide for health app developers

Several federal government agencies have released an updated “trail guide” that aims to help health app developers understand which privacy laws and regulations apply to their technology.

The Mobile Health Apps Tool was produced by the Federal Trade Commission as well as the Office of the National Coordinator for Health Information Technology, the Food and Drug Administration and the Office for Civil Rights under the Department of Health and Human Services.

It allows developers whose apps will collect, share, use or maintain health information to determine what federal laws apply and what agencies oversee various aspects of mobile health tech. The laws included are:

  • Health Insurance Portability and Accountability Act (HIPAA) privacy, security and breach notification rules.

  • The Federal Food, Drug and Cosmetic Act (FD&C Act).

  • The 21st Century Cures Act’s health IT and information blocking provisions and ONC’s Cures Act Final Rule (including the ONC Health IT Certification Program).

  • The Federal Trade Commission Act (FTC Act) and the FTC’s health breach notification rule.

  • Children’s Online Privacy Protection Act (COPPA).

The tool lays out different questions for developers to determine their role, such as, “Do consumers need a prescription to access your app?” or “Do you enable electronic health information exchange among more than two unaffiliated parties?”

“We recognize the important role health technology developers have in helping enable and establish trust in the adoption and use of mobile technology,” ONC’s Kathryn Marchesini and Rachel Nelson wrote in a blog post

“Building information privacy and security protections into mobile technology from the start makes privacy and security the default setting embedded in the overall design and development of the technology and business practices (sometimes referred to as privacy or security by design). This provides some assurance to users that the information is secure and will be used and disclosed only as expected or approved.”


There are hundreds of thousands of digital health apps available to consumers, and a recent survey by the American Medical Association found more physicians see digital health tools as an advantage for patient care. 

However, there are concerns about user privacy and security. In the wake of the Supreme Court decision that overturned Roe v. Wade, some privacy experts argued data collected in period-tracking or fertility apps could be used against consumers in states where abortion is now restricted.

A recent report by the Mozilla Foundation analyzed 25 reproductive health apps and wearable devices. It found some apps collected a significant amount of personal information, made it difficult for consumers to figure out how their data would be used, and had poor privacy and security standards.

Leave a Reply