Prepared or not, Roe v. Wade leak or not, well being app builders are on discover. Those who accumulate delicate private data, equivalent to reproductive information, should rigorously navigate each federal and state legal guidelines. These legal guidelines are frequently in flux and warrant ongoing monitoring.
Final September, I wrote in regards to the FTC’s Coverage Assertion on imposing the Well being Breach Notification Rule. This adopted a weblog I posted about Flo Well being’s breach and failure to promptly notify its thousands and thousands of feminine customers that it allowed their private and uniquely delicate well being data for use by third events, together with Google and Fb, for their very own functions, together with promoting.
Yesterday, the California Legal professional Normal Rob Bonta issued a press launch stating:
“The Confidentiality of Medical Data Act (CMIA) applies to cell apps that are designed to retailer medical data, together with some fertility trackers, and establishes privateness protections that transcend federal regulation. In immediately’s alert, Legal professional Normal Bonta urges well being apps to undertake sturdy safety and privateness measures to defend reproductive well being data. At a minimal, these apps ought to assess the dangers related to accumulating and sustaining abortion-related data that may very well be leveraged in opposition to individuals searching for to train their healthcare rights.”
Shopper-facing well being apps that aren’t topic to HIPAA as enterprise associates should adjust to CMIA in the event that they accumulate data of California shoppers, and apps which are topic to HIPAA should adjust to any opposite and extra stringent CMIA privateness and safety necessities.
Lastly, Legal professional Normal Bonta identified that even when CMIA doesn’t apply to sure apps, different California legal guidelines (such because the California Shopper Privateness Act) might apply and provide information rights and protections.
Well being app builders should perceive not solely which information privateness and safety legal guidelines apply, however how the character and sensitivity of the information should dictate privateness and safety design. If they don’t, they threat scrutiny in what doubtless will likely be a intently watched space of knowledge privateness for years to return.
If in case you have any questions on how greatest to deal with the reproductive information you obtain and/or create as a vendor, or the applicability of HIPAA or state information and privateness legal guidelines to your organization, please contact me at email@example.com.