Privacy Regulations Don’t Cover Most Health Apps
SMU Law Professor Nathan Cortez talks about health apps and privacy laws.
By Angus Chen
There are apps that can help people with diabetes keep track of their blood sugar and apps that can attach to a blood pressure cuff and store blood pressure information. I use an app called ZocDoc to schedule and manage doctor’s appointments. Every time I see a therapist or a primary care doctor or dentist, the data get stored in my personal account.
But we leave behind other trails of health data, too, from apps and activities that are sometimes only tangentially health related. When I walk down the street, an app on my phone logs steps as it bounces against my thigh. When I swipe a loyalty card at the pharmacy, the over-the-counter medications that I buy become bits of data attached to my name. Medical information can be gleaned from all this and more, says Nathan Cortez, a professor of law at the Southern Methodist University Dedman School of Law.
Those data aren’t always protected. A recent report from the Department of Health and Human Services showed that the vast majority of mobile health apps on the marketplace aren’t covered by the Health Information Portability and Accountability Act. “HIPAA is pretty narrow as far as these things go. It applies only to traditional entities [like hospitals, doctors and health insurance providers], and it’s not surprising. HIPAA was written by Congress in 1996 before we had health apps,” Cortez says.