Developers of consumer-driven health apps and tech can expect more stringent enforcement, as the Federal Trade Commission intends to update its Health Breach Notification Rule to clarify language around breach of security, user consent language and other functions.
The FTC voted unanimously May 18 to update the HBNR, in addition to issuing a policy statement on its intent to combat unfair or deceptive practices tied to the collection, use and marketing of consumers’ biometric information and technologies. The risk of biometric tech violations is directly tied to the exposure of the digital identity of consumers and their privacy.
The FTC vote followed a second enforcement action taken under the HBNR against themakersofPremom on May 17 to resolve a host of privacy allegations, including that the fertility app and its parent company, Easy Healthcare, deceived users by sharing their personal and health data with third parties.
In addition to a monetary penalty, the app developer is required to make a host of changes to its privacy and security program and inform users of the settlement with FTC.
The unauthorized disclosures were tied to Premom’s use of third-party software development kits (SDKs), which were among the concerns named during the May 18 hearing, as well as the proliferation of telehealth and health apps
“More and more companies are involved in the business of collecting health data, some of which fall outside the Health Insurance Portability and Accountability Act,” said Ben Wiseman, acting associate director for the division of privacy