Health apps could face big fines if they don’t disclose privacy breaches
Posted Oct 4, 2021 from medcitynews.com
The agency reminded health apps and wearables companies that they must disclose any breach of users’ health information, even if they are not a HIPAA covered entity. Companies that fail to disclose a breach could face thousands of dollars per day in fines.
Digital health companies could be subject to large fines if they fail to disclose breaches to users, the Federal Trade Commission warned in a recent policy statement. And yes, the agency clarified: this applies to apps and wearables that are not covered by the Health Insurance Portability and Accountability Act (HIPAA).
As health apps have proliferated over the last decade, many of them haven’t been subject to HIPAA, including wearables, fertility-tracking apps and mental health apps with meditations or exercises. But they still have to be transparent with users about how their information might be used, and notify them promptly in the event of a breach.