The Federal Trade Commission has voted to crack down on consumer health apps violating privacy regulations by refreshing its Health Breach Notification Rule and issuing an updated policy on acceptable practices to collect and use consumer biometrics for marketing purposes.
Spotting deceptive or privacy risking practices – particularly data sharing between other third parties – is a priority to safeguard sensitive medical information. While patient data can be shared between professionals within the NHS and healthcare, the emphasis of the FTC’s action is on preserving the integrity of the healthcare profession and the trusted relationship with patients that should prevent their digital identity and privacy being exposed.
Given the proliferation of biometrics across every sector and digital customer services, data security and privacy concerns are heightened in these conditions. Unlike the public NHS portal, there are more health and fertility apps available now which collect health information and capitalise on our interests to better our wellbeing, lifestyles and mental health amid breaking pressure on the NHS and mainstream healthcare services.
The vote took place on May 18. Previous enforcement action has been taken to hold companies like Premom accountability for breaching privacy.
Flo Heath, a period and fertility tracker app, settled a civil penalty brought by the FTC for sharing sensitive health information about women.
The FTC intends to clarify its terms to define “breaches of security” under the rule including the “unauthorised acquisition of identifiable health information that occurs as a result of a data security breach or an unauthorised disclosure”. Any data that infers sensitive health information about an individual such as experiences of mental health should be confidential and omitted from marketing or advertising campaigns.
The FTC is growing increasing concerned over biometric surveillance, although biometrics has many legitimate many sector uses to support law enforcement, immigration, the criminal justice landscape and healthcare if only necessary information is collected to deliver health services. Emotional biometrics on the other hand are widely considered to have no credit or medical commendation to read a person’s mood, feelings or demeanor.