Privacy Resources for Digital Health Data
This resource provides a list of curated content that organizations can consider when increasing protections for products and services that process digital health data.
Published:
Last updated:
Contributors:
Amy Olivero
Associate in Cybersecurity and Privacy Practice
WilmerHale
Anokhy Desai
CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP
Privacy Counsel
This resource provides a list of curated content, including frameworks and guidance organizations can consider when increasing protections for products and services that collect, use and/or sell digital health data.
The proliferation of mobile health applications has sparked a renewed interest in privacy protection. In the U.S., recent discussions focused on digital health data outside the scope of the Health Insurance Portability and Accountability Act. In addition to the risk of a data breach, health data and other relevant data, including geolocation, purchase history and search history, collected and generated through mobile apps may be shared with third party vendors, analytics companies and law enforcement. In 2021, only 47% of respondents to a U.S. consumer survey reported trusting online services, including apps, to protect their personal data. In the wake of Dobbs v. Jackson Women’s Health Organization, users are even more concerned about privacy protections for their digital data on mobile health apps and wearable tech.
The IAPP additionally published an article, Privacy and digital health data: The femtech challenge, and a white paper, Health care privacy on the ground.
What your users may do to address digital health data privacy concerns
Users with privacy concerns for their digital health data who download and use apps and fitness trackers that collect and store digital health data may refer to the following resources for additional privacy guidance.
- Review this consumer product guide explaining data collection, security and transfer practices of apps and smart devices.
- Read this article for privacy assessments of reproductive health apps.
- Review information and guides from software companies like Apple and Android, for help understanding app store privacy ratings and nutrition labels.
- Read this guidance from the Department of Health and Human Services to learn about geolocation tracking on mobile apps.
- Read this article to learn how ad blockers and browser extensions provide greater privacy protections when searching for health data or other sensitive information. This article on incognito mode provides further guidance.
- Check this list for encrypted messaging apps to use for private conversations.
- Take these actions to protect reproductive health data. Review this step-by-step guide to enable secure access for a popular fertility tracking app.
- Read this explanation of the Global Privacy Control to opt out of tracking.
Here’s what you can do to protect digital health data
The following is a non-exhaustive list of third-party resources, frameworks and guidance organizations can consider when increasing protections for products and services that collect, use and/or sell digital health data.
- Review this guide to the EU General Data Protection Regulation from the French data protection agency, the Commission nationale de l’informatique et des libertés.
- Read the final Proposed Consumer Privacy Framework for Health Data from the Center for Democracy and Technology and eHealth Initiative.
- Download the HHS’ Security Risk Assessment tool for Health Insurance Portability and Accountability Act-covered entities and business associates to determine whether any protected health information could be at risk.
- Learn the principle of data minimization from the U.K. Information Commissioner’s Office.
- Take these steps to protect health data for technology companies. Health care entities can also take steps to mitigate risk.
- Learn the best practices for data retention policies.
- Gain a better understanding of the impact of user trust from this report.
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Submit for CPEsContributors:
Amy Olivero
Associate in Cybersecurity and Privacy Practice
WilmerHale
Anokhy Desai
CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP
Privacy Counsel
Tags:
