FTC Commissioner calls for more data security in health apps, devices

By Jonah Comstock
July 24, 2014
09:42 am
Share

FTC Julie BrillAt a Tech in Policy event sponsored by Washington, D.C. newspaper The Hill, FTC Commissioner Julie Brill made it clear that the FTC is aware of recent concerns about health app data privacy and security and is looking into new ways to police the industry.

"The law is, on some level, always going to lag behind technology," she said. "Technology is moving at lightning speed. Our job at the commission is to try to instill in communities like the app community [and] like the developer community -- with respect to platforms [and] with respect to new technological systems -- that there are fundamental consumer protection rules that need to apply and that they need to think about as they move forward at lightning speed."

Brill identified some of the same concerns that have come to light lately in documents like the California Healthcare Foundation's recently published report on health data privacy; namely, that patient health data is being collected in consumer spaces that fall outside of the domain of HIPAA, allowing third parties to access the data and sell it to data brokers.

"We did a study of about 12 devices and apps and it turned out about 76 entities were receiving information off these apps and devices," Brill said. "And it wasn’t just things like UDID [the iPhone's unique identifier] and geolocation and whatnot. That was being collected, but it was also information about the consumer’s health. One was a pregnancy app and it was the time in which the woman was ovulating, and it was being collected by third parties."

The commissioner said that the FTC needs to step in on the level of data collection, rather than just concerning itself with how third parties use that data, because that is what consumers are concerned about. That said, she also elaborated on ways in which those third parties might use the data that could be especially problematic.

"Sometimes its used for marketing, which some people consider to be relatively benign, but sometimes these profiles might be used for more important decisions about consumers," she said. "For instance, are they a trustworthy customer? Should the company do business with them? And if that information is flowing for those sorts of purposes, I believe and the commission believes that consumers need many more tools and there needs to be much more transparency around that enterprise."

Brill was joined on stage by Morgan Reed, Executive Director of The App Association, who asserted that regulation needed to be done in a way that wouldn't limit the positive medical outcomes that can come from patients sharing self-tracking data with their doctors. Brill agreed, but pushed back on the difference between that and problematic data collection.

"That’s a completely consented to environment you’re talking about and I don’t think anyone’s trying to stop that from happening," Brill replied. "I think the concern is when it’s not just your clinician who’s seeing that information, because before it gets to your clinician, it gets outside of HIPAA, outside of that silo. Instead what we’re seeing is information through a third party communicating that you have diabetes, you have high blood pressure, and this is some information that goes into a profile about you. I think that’s a critical distinction between when you’re in a trusted environment and when you’re outside one, and your example is precisely what I’m talking about. It’s very sensitive health information. That information is going to be highly sensitive and we need to be very cognizant of how that environment is structured."

Tags: 
Federal Trade Commission, FTC, health data privacy, health data security, Julie Brill, Morgan Reed, The App Association

More regional news

Blood test lab illustration

Scopio Labs gains De Novo clearance for AI bone marrow analysis software and more FDA clearances

By
Trevor Dermody
April 25, 2024
A HaptX Glove

Old Dominion University, HaptX, Georgia Tech receive grant for VR for the visually impaired

By
Trevor Dermody
April 25, 2024
Person sitting on a couch holding a coffee cup while talking to a telehealth provider on their computer

Women's virtual care clinic Midi Health raises $60M

By
Jessica Hagen
April 24, 2024
Share

Top Story

Blood test lab illustration
Scopio Labs gains De Novo clearance for AI bone marrow analysis software and more FDA clearances

Editor's Pick

Q&A: The status of the White House-led CancerX initiative
Amazon's One Medical announces three new partnerships
Philips receives $60M from Bill and Melinda Gates Foundation for AI tech
VR mental health platform XRHealth blasts off with NASA
Jolly Good develops palliative care VR training module and more briefs
Walmart Health signs care coordination agreements with Florida health system, insurer

More Stories

A HaptX Glove
Old Dominion University, HaptX, Georgia Tech receive grant for VR for the visually impaired
Person sitting on a couch holding a coffee cup while talking to a telehealth provider on their computer
Women's virtual care clinic Midi Health raises $60M
Scientist in a lab wearing safety goggles while putting something in a beaker
AI-enabled drug discovery company Xaira launches with $1B
Group of three people on left, two people shaking hands in middle, three people standing behind office chairs on right
GenAI company Alaffia Health raises $10M and more digital health fundings
Smartphone in person's hand
Nutrition app MyFitnessPal announces tools for GLP-1 medication support
Healthcare provider sitting at a desk in the clinical setting while looking at a computer
Cohere Health expands partnership with Humana
Person using a virtual reality headset with their arms extended above their head
FDA launches extended reality-enabled initiative for home healthcare
Person sitting down while looking at a computer with a telehealth provider on the screen
Headspace launches direct-to-consumer mental health coaching