Using consumer health data?
With the help of innovative businesses, consumers are taking a more active role in managing their health information. How? Maybe it’s an app that monitors their exercise habits, a device that lets diabetics track glucose levels, or a site where patients with the same condition share information. In addition, people are starting to download their information into personal health records, partially because of regulatory initiatives promoting secure online access to medical data. Much of this activity happens outside the doctor’s office. New products and services offer big benefits: increased engagement in personal health and fitness, reduced healthcare costs, and improved outcomes, to name just a few. But there are privacy and security considerations, too.
Companies collecting, using, or sharing health information may think they’re covered by HIPAA, the Health Insurance Portability and Accountability Act, enforced by HHS. But HIPAA applies only to certain “covered entities” like healthcare providers, health plans, and healthcare clearinghouses. HIPAA also covers their business associates -- companies that help covered entities carry out their healthcare functions. But if your product is marketed directly to consumers and you’re not working with a HIPAA covered entity, HIPAA doesn’t apply to you. That doesn’t mean there’s no applicable law, of course. The FTC Act gives the agency authority to take action against a wide variety of deceptive or unfair practices by app developers, device manufacturers, and others. Regardless of which agency covers your business, sound privacy and security practices are a key component in building consumer confidence in this new marketplace.
Using consumer health data?