Roe or Not, Health Apps Must Protect Reproductive Data

Elizabeth Litten
Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLP

Ready or not, Roe v. Wade leak or not, health app developers are on notice. Those that collect sensitive personal information, such as reproductive data, must carefully navigate both federal and state laws. These laws are continually in influx and warrant ongoing monitoring.

Last September, I wrote about the FTC’s Policy Statement on enforcing the Health Breach Notification Rule. This followed a blog I posted about Flo Health’s breach and failure to promptly notify its millions of female users that it allowed their personal and uniquely sensitive health information to be used by third parties, including Google and Facebook, for their own purposes, including advertising.

A businesswoman uses a smartphone.

Yesterday, the California Attorney General Rob Bonta issued a press release stating:

“The Confidentiality of Medical Information Act (CMIA) applies to mobile apps that are designed to store medical information, including some fertility trackers, and establishes privacy protections that go beyond federal law. In today’s alert, Attorney General Bonta urges health apps to adopt robust security and privacy measures to protect reproductive health information. At a minimum, these apps should assess the risks associated with collecting and maintaining abortion-related information that could be leveraged against persons seeking to exercise their healthcare rights.”

Consumer-facing health apps that are not subject to HIPAA as business associates must comply with CMIA if they collect information of California consumers, and apps that are subject to HIPAA must comply with any contrary and more stringent CMIA privacy and security requirements.

Finally, Attorney General Bonta pointed out that even if CMIA does not apply to certain apps, other California laws (such as the California Consumer Privacy Act) may apply and offer data rights and protections.

Health app developers must understand not only which data privacy and security laws apply, but how the nature and sensitivity of the data must dictate privacy and security design. If they do not, they risk scrutiny in what likely will be a closely watched area of data privacy for years to come. 

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide