How much do you know about how your health data is managed and protected online? Did you know HIPAA laws don’t always apply to the information you enter into mobile apps or websites?
Health mobile apps are excellent tools for managing your health habits and indicators, but not all companies are run according to the same privacy standards.
We break down 5 common misunderstandings about data privacy that will help health mobile app users protect their data while managing their health information with digital tools.
1. HIPAA and consumer rights laws protect users’ health data.
HIPAA protection only applies to health data that is entered into applications that are used by covered entities such as healthcare providers or insurance companies. Mobile apps that collect data for users’ personal consumption fall outside of the HIPAA umbrella. Consumer rights laws can cover health data that’s entered into a mobile app, but the coverage scope varies by state and country. Review each app’s privacy policy and permissions policies to gain an understanding of how your data will be handled.
2. Encryption is the only solution to protect data privacy.
When encryption is used in conjunction with additional security measures, it can be a powerful tool for protecting data privacy. Encryption alone, however, does not 100% prevent a data breach.
3. Health apps are regulated by a government agency.
Mobile health app regulation varies by country and state. In the US, mobile health apps that meet the definition of a medical device and are intended to be used in disease management are subject to FDA approval and regulation. The EU, however, applies a stricter standard: any mobile app that collects personal health data is subject to their regulatory laws.
4. Health mobile app companies are required to inform users about data breaches.
Health mobile apps that fall under HIPAA are required to report security breaches; however the policies for non-HIPAA covered apps vary by state. Read the app’s privacy policy to gain an understanding of the company’s approach to communicating data breaches to users.
5. When a health app is deleted from your phone, your data is removed from the database.
Deleting a mobile health app (or any app) from your phone does not automatically delete your data. The information you input into the app may be stored in the company’s database and cloud. Deleting your account to remove your information and reading the company’s privacy policy to learn more about how they’ll handle your deleted data are more effective.
Before entering your data into a health mobile, we recommend taking the time to read the company’s privacy policy and understand their data handling policies. It’s a tedious task, but worth the effort. Also look into your state and country’s consumer privacy data laws to understand your rights and recourse in the event that your data is compromised.