Resource Center / Infographics / Privacy Resources for Digital Health Data
Privacy Resources for Digital Health Data
This resource provides a list of curated content that organizations can consider when increasing protections for products and services that process digital health data.
Last updated: June 2023
Contributors:
This resource provides a list of curated content, including frameworks and guidance organizations can consider when increasing protections for products and services that collect, use and/or sell digital health data.
The proliferation of mobile health applications has sparked a renewed interest in privacy protection. In the U.S., recent discussions focused on digital health data outside the scope of the Health Insurance Portability and Accountability Act. For more on this topic, see Privacy and digital health data: The femtech challenge. In addition to the risk of a data breach, health data and other relevant data, including geolocation, purchase history and search history, collected and generated through mobile apps may be shared with third party vendors, analytics companies and law enforcement. In 2021, only 47% of respondents to a U.S. consumer survey reported trusting online services, including apps, to protect their personal data. In the wake of Dobbs v. Jackson Women’s Health Organization, users are even more concerned about privacy protections for their digital data on mobile health apps and wearable tech.
The IAPP additionally hosts a Health Privacy topic page in the Resource Center, which regularly updates with the latest relevant content.
What your users may do to address digital health data privacy concerns
Users with privacy concerns for their digital health data who download and use apps and fitness trackers that collect and store digital health data may refer to the following resources for additional privacy guidance.
Before downloading an app or using a product/service
- Review this consumer product guide explaining data collection, security and transfer practices of apps and smart devices.
- Read this article for privacy assessments of reproductive health apps.
- Review information and guides from software companies like Apple and Android, for help understanding app store privacy ratings and nutrition labels.
- Read this guidance from the Department of Health and Human Services to learn about geolocation tracking on mobile apps.
While using an app, service or product
- Read this article to learn how ad blockers and browser extensions provide greater privacy protections when searching for health data or other sensitive information. This article on incognito mode provides further guidance.
- Check this list for encrypted messaging apps to use for private conversations.
- Take these actions to protect reproductive health data. Review this step-by-step guide to enable secure access for a popular fertility tracking app.
- Read this explanation of the Global Privacy Control to opt out of tracking.
After deleting san app or halting use of a product/service
- See if your state recognizes consumers’ “right to delete.”
- See if your state recognizes universal opt-out requests: California, Virginia, Colorado, and Montana.
- Follow these steps to request a company delete your personal data.
Here’s what you can do to protect digital health data
The following is a nonexhaustive list of third-party resources, frameworks and guidance organizations can consider when increasing protections for products and services that collect, use and/or sell digital health data.
To conduct data assessments
- Review this guide to the EU General Data Protection Regulation from the French data protection agency, the Commission nationale de l’informatique et des libertés.
- Read the final Proposed Consumer Privacy Framework for Health Data from the Center for Democracy and Technology and eHealth Initiative.
- Download the HHS’ Security Risk Assessment tool for Health Insurance Portability and Accountability Act-covered entities and business associates to determine whether any protected health information could be at risk.
To understand your organization's data and its use
- Learn the principle of data minimization from the U.K. Information Commissioner’s Office.
- Take these steps to protect health data for technology companies. Health care entities can also take steps to mitigate risk.
- Learn the best practices for data retention policies.
- Gain a better understanding of the impact of user trust from this report.
To familiarize your organization with sector-specific laws and regulations
- Review the Federal Trade Commission’s key considerations for health app developers. This interactive tool provides further guidance.
- Read the HHS’ incidental disclosure precautions.
- Learn about the FTC’s Health Breach Notification Rule.