Tongue-in-cheek references to Pokémon Go as a health App aside, maybe the tech industry is on to something. In the U.S., seven out of every ten deaths are due to chronic diseases, such as diabetes or heart disease. Perhaps the way to address this is intervention at a point far earlier in time than when physicians typically get involved; could health Apps be part of the solution?
Regardless of whether or not providers are ready for this phenomenon, consumers appear to be embracing it. More than half of us use our smartphones to access health information. And the use of health Apps has doubled in the last two years. App developers wading into the health and wellness space will want to ensure that they know and comply with federal regulations.
The Food and Drug Administration (FDA) regulates mobile Apps that qualify as medical devices. It does not, however, regulate “low-risk” technologies that are intended “only for general wellness use,” such as fitness trackers, or Apps that encourage people to be more proactive about their health. In a final guidance document issued this summer, the agency explained that it will not regulate Apps that relate to the role a healthy lifestyle plays in reducing the risk or impact of certain chronic conditions, such as Apps that:
-
Coach relaxation techniques, which may help patients with migraines;
-
Track sleep and exercise, which may help people who live with anxiety;
-
Promote a healthy diet, which may assist patients living with type 2 diabetes; or
-
Encourage physical activity, which may help reduce the risk of high blood pressure.
App developers must also be mindful of Federal Trade Commission (FTC) regulations, and should consider the agency’s recommended best practices regarding privacy and security.
-
Consider whether and what types of data must be collected from consumers, and whether—if it is stored—it can be kept in de-identified form. Control, and keep track of, access to stored data.
-
Access only the consumer data that is actually needed for the App’s purpose. Make sure default settings are privacy-protective, and use a trusted interface, where possible, rather than direct application program interface (API) access.
-
Implement authentication measures to ensure that consumers are who they say they are. Require complex passwords, and store them securely.
-
Verify that an App can be used securely across different mobile platforms.
-
Vet third-party code or third-party service providers.
-
Build security into all stages of an App’s development.
-
Ensure that encryption is strong, and that they keep current on security developments and update their systems accordingly.
-
Communicate effectively with consumers regarding information that is collected, as well as their App’s privacy and security features.
App developers should also take care to avoid false or misleading claims about what the App can accomplish. The developers of Luminosity, a purported “brain training” program, paid $2 million earlier this year to settle with the FTC regarding the company’s unfounded claims that its “games could stave off memory loss, dementia, and even Alzheimer’s disease.” Similarly, in February, Carrot Neurotechnology agreed to stop marketing its “Ultimeyes” App as one that would “Turn Back The Clock On Your Vision,” reducing the need for corrective lenses.
And, last but not least, App developers should be aware of whether the type of data they create, receive, store or transmit is subject to additional regulation. For example, is any of the data “individually identifiable health information?” If it is, a developer should also determine whether the Health Insurance Portability and Accountability Act (HIPAA) applies, which may be the case if the App is being developed for a third party, such as a health plan’s wellness program. Similarly, if genetic information is gathered, a developer will want to ensure that access to that data complies with the Genetic Information Nondiscrimination Act.
