The FTC has created a web-based tool to assist mobile app developers in determining which federal privacy laws apply to their mobile health applications.
The guidance tool presents a series of ten targeted questions to developers that include topics such as:
- The type of information the app will create, receive, maintain, and transmit;
- The type of entity creating the app (or on whose behalf the app is created);
- The purposes of the app; and
- The information the app will provide to consumers or patients.
Based on the developer’s answers to those questions, the guidance points the app developer towards specified information regarding certain laws and regulations that may likely apply to the app. These include the FTC Act, the FTC’s Health Breach Notification Rule, the Health Insurance Portability and Accountability Act ("HIPAA") and the Federal Food, Drug and Cosmetics Act ("FDCA"). The interactive developer tool also directs users to definitions for common regulatory terms, links, tips and guidance regarding compliance, and other federal agency resources.
Alongside the release of the guidance tool, the FTC also issued its own business guidance aimed at helping health app developers comply with the FTC Act, by building privacy and security into their apps. This guidance follows the release of Office for Civil Rights' Health App Use Scenarios & HIPAA guidance, as was reported in our last Client Update.
The increased regulatory activity in the health-technology sphere in recent months suggests that health privacy and security, specifically in the mobile environment, will be an area to be scrutinized by regulators in the upcoming year.