Privacy Regulations for Health Apps, Wearables Complicated Issue, Say Experts

only to health plans, healthcare clearinghouses and healthcare providers who electronically transmit health information, said Deven McGraw, Department of Health and Human Services deputy director-health information privacy. Health wearable makers may or may not be covered depending on whether they're working for a health plan or provider in whole or in part, she said. An app funded by a plan or provider may be covered, but it may not if bought by an individual, she said. The Future of Privacy Forum (see 1608170013) and Center for Democracy and Technology (see 1606100029 and 1606200027) issued best practices to help app developers and wearable manufacturers consider privacy implications and implement safeguards. Michelle De Mooy, deputy director for CDT's privacy and data project, said legal frameworks and policies are rapidly becoming outdated as individuals are being tracked ubiquitously by sensors. She cited issues with advertising and algorithmic bias, and said the concept of "dignity," which straddles privacy and ethics, should come into play by considering an individual's expectations. FTC attorney Cora Han said the agency's enforcement authority under Section 5 of the FTC Act overlaps with areas HIPAA covers but doesn't reach nonprofit entities and other areas. She cited a recent example of the agency's enforcement with electronic health record company Practice Fusion over publicly posting patient's sensitive personal and medical information on the internet without telling the individual (see 1606080010).