Well being information from interval monitoring apps isn’t coated by HIPAA

HIPAA applies to coated entities, corresponding to healthcare suppliers that conduct digital transactions, however to not most rule-tracking apps present in an app retailer.

After a leaked Supreme Court docket draft opinion on Roe v. Wade who recommended that the courtroom might overturn the choice that federally protects the proper to abortion in the USA, Elizabeth C. McLaughlinlawyer, activist and writer, and Eva Galperinwho’s director of cybersecurity on the Digital Frontier Basis (EFF), a nonprofit digital rights group, mentioned on social media that folks ought to take away period-tracking apps from their telephones.

McLaughlin and Galperin warned that non-public well being information shared on these apps might probably be used towards folks in search of abortions if Roe v. Wade was to be canceled.

Google analysis and a few the news point out that many individuals wonder if well being information from period-tracking apps is roofed by the Health Insurance Portability and Accountability Act 1996broadly often known as HIPAA.


Is well being information from period-tracking apps protected by HIPAA?



It's wrong.

No, well being information from just about all interval monitoring apps isn’t protected by HIPAA.

If an individual receives an app as a part of their well being plan, healthcare supplier, or insurance coverage firm, corresponding to some variations of the Ovia Well being app, it might fall below HIPAA.


HIPAA is a federal regulation that created nationwide requirements to guard delicate affected person well being info from being shared with out the affected person’s consent or data, in line with the Facilities for Illness Management and Prevention (CDC).

A spokesperson for the US Division of Well being and Human Providers (HHS) instructed VERIFY in an e mail that HIPAA rules “solely applies to Coated Entities and, to some extent, their enterprise associates.” Covered entities embody well being plans and well being care suppliers that conduct commonplace digital transactions, corresponding to digital insurance coverage billing.

Pam Dixon, founder and govt director of the World Privateness Discussion board, a nonprofit group that conducts in depth analysis and evaluation within the space of ​​information privateness, says most policy-tracking apps aren’t coated by the HIPAA. She instructed VERIFY if a period-tracking app would not embody a Notice of Privacy Practices for Protected Health Information in its privateness coverage, well being information shared on the app isn’t protected by HIPAA.

“Any kind of well being care supplier coated by HIPAA will need to have one thing referred to as a discover of privateness practices. This can be a commonplace privateness coverage that’s mandated by the HIPAA rule. It can say the seven rights you have got below HIPAA and it’ll let you know how one can apply these rights to your self,” Dixon mentioned.

Alan Butler, govt director and president of the Digital Privateness Data Heart (EPIC), a Washington, DC-based nonprofit analysis middle, agrees with Dixon.

“Typically, apps that people may use for fertility monitoring or different private well being makes use of that are not billed as a part of a medical service, which most of them aren’t , isn’t coated by HIPAA, and due to this fact the info, even whether it is information about your physique or information associated to your well being, it’s not well being information as outlined by regulation”, Butler instructed VERIFY.

RELATED: No, Tennessee Did not Ban Plan B Emergency Contraceptive

Some period-tracking apps, like Shine, declare they’re “HIPAA compliant” on their web sites. Nonetheless, Dixon says a rules-tracking app claiming to be HIPAA-compliant is a “huge purple flag.”

“HIPAA compliance doesn’t imply {that a} policy-tracking software is roofed by HIPAA. In truth, in HIPAA phrases, it doesn’t suggest something — it is sort of a meaningless phrase,” Dixon mentioned. “Should you see this in a privateness coverage, it is very seemingly that you simply’re coping with a rule-tracking app that is not coated by HIPAA.”

VERIFY has contacted Glow however has not heard again as of press time. Glow’s present privateness coverage is out there here. It doesn’t embody a discover of privateness practices for protected well being info, nor does it point out the HIPAA acronym or embody the phrase: “HIPAA Compliant”.

“Within the privateness coverage, the principle enforcement instrument for a well being app that is not coated by HIPAA is definitely an obscure regulation, referred to as ‘FTC Act, Section 5.’ Which means they’ll do and say nearly something, so long as they let you know the reality about what they’re doing,” Dixon mentioned.

“So if a well being app is sharing your information or promoting your information, they’ll use all types of weasel phrases to elucidate that, and when you do not perceive the nuances of these weasel phrases, it is going to be a really troublesome factor. for you whenever you notice your information has been shared, and in some circumstances even offered,” Dixon continued.

VERIFY reviewed the privateness insurance policies of 20 of the main period-tracking apps discovered within the Apple App Retailer and located just one, Ovia Well being, which instructed VERIFY that a few of the well being information shared in its software could also be protected by HIPAA in sure circumstances. , however in no way. In his privacy policythe corporate says it might fall below HIPAA “if an individual receives the app as a profit from their well being plan or healthcare supplier.”

“The place Ovia customers entry premium Ovia enterprise variations of our apps via their well being insurer or employer well being plan, HIPAA will apply. On this case, Ovia is performing as a enterprise affiliate for Ovia’s enterprise buyer and is obligated to guard the info in accordance with its enterprise affiliate settlement below HIPAA. Nonetheless, when Ovia customers use the free shopper variations of our apps, HIPAA doesn’t apply,” an Ovia spokesperson mentioned in an e mail.

RELATED: The Declare That The Plan B Emergency Contraceptive Tablet Has A Weight Restrict Wants Context

In January 2021, the Federal Commerce Fee (FTC) filed a complaint towards Flo Well being Inc., makers of Flo, a well being app that tracks menstruation, ovulation and being pregnant, alleging that Flo shared delicate well being information of tens of millions of customers of its app with advertising firms and analytics firms, together with Fb and Google, regardless of promising to maintain customers’ well being information non-public.

Six months later, in June 2021, the FTC finalized a settlement which required Flo to acquire affirmative consent from its app customers earlier than sharing their private well being info with others. The settlement additionally required Flo to acquire an impartial assessment of its privateness practices.

In March 2022, Flo carried out an exterior, impartial privateness audit and, in line with the corporate, there are “no gaps or weaknesses” in its up to date privateness practices. Flo’s present Privateness Coverage, which additionally doesn’t comprise a discover of privateness practices or the HIPAA acronym, might be discovered here.

Flo instructed VERIFY in a press release that the corporate “firmly believes that girls’s well being information ought to be held with the utmost care and confidentiality,” and mentioned “Flo doesn’t share private well being information with third events. third”.

“Flo won’t ever require a consumer to register an abortion or present particulars that they consider ought to be saved confidential. Flo will delete all historic information, which is able to utterly delete all information from Flo’s servers,” Flo mentioned.

A spokesperson for Clue, one other interval and ovulation monitoring app, instructed VERIFY that it is a European firm obligated below the General Data Protection Regulation (GDPR) to “apply particular protections to our customers’ reproductive well being information”.

In 2018, the GDPR was drafted and adopted by the European Union (EU) and is taken into account to be one of many “strictest privateness and information safety legal guidelines on this planet” as a result of it “imposes obligations on organizations in every single place, so long as they aim or accumulate information regarding folks within the EU.

“We totally perceive the priority over how the info could possibly be utilized by US courts if Roe v. Wade is canceled. We wish to reassure our customers that their delicate well being information, particularly any information tracked in Clue on pregnancies, being pregnant losses, or abortions, stays non-public and safe. We do not promote it and we by no means share it with advert networks,” Clue’s spokesperson mentioned in an e mail. Clue’s present privateness coverage is out there here.

The FTC launched a list of means folks can shield their privateness when utilizing well being apps, like interval trackers. The following tips embody evaluating privateness choices, taking management of your info by checking the app’s settings to verify it offers you management over the well being information you share with it, and figuring out the dangers concerned. sharing your private well being info with an software. The World Privateness Discussion board additionally shares the A Patient’s Guide to HIPAA on its web site. The great information contains recommendation on how you can shield your privateness well being info.

“We have now an extended approach to go to make sure that folks’s information is protected and that there aren’t any pointless, extreme information trails left behind by merely going about our day by day lives,” Butler mentioned.

Should you consider a rule-tracking app shared your information with out your permission, you may contact the FTC at ReportFraud.ftc.gov.

Extra CHECK: Spain plans to supply menstrual go away, nevertheless it would not be the primary to take action

the TO VERIFY The workforce works to separate reality from fiction so you may perceive what’s true and what’s false. Keep in mind to subscribe to our day by day newsletter, text alerts and our YouTube channel. You can even comply with us on Snapchat, Twitter, instagram, Facebook and ICT Tac. Learn more “

comply with us

Need one thing VERIFIED?

Textual content: 202-410-8808

Leave a Reply

Your email address will not be published.