As a company working in the healthcare IT software development industry, Altera Digital Health understands that data privacy and security are of utmost importance. We are regulated by Federal, State and International government entities when it comes to our obligations to protect patient privacy. But the fact remains that there are numerous non-traditional players with access to patient data who are not similarly scrutinized. The question is, how much do patients care?

Companies such as Google and Meta—not to mention those offering consumer health apps—are most frequently not obligated to comply with HIPAA (which itself is a law that is decades old at this point and predates our current digitized health environment) despite housing petabytes of health data. The data patients capture and sometimes share with other people or with their care providers via consumer mobile health apps (including apps that help people track blood sugar levels, blood pressure, ovulation history, etc.) is most frequently governed by the Federal Trade Commission (FTC) as opposed to HIPAA. This is because apps were initially classified as a commercial product when they first became mainstream nearly 20 years ago. In fact, many app developers sell the data they collect to third parties and data brokers, and under current law, there are very few limitations on such actions.

Interestingly, however, in a recent survey, 54% of Americans aged 18–34 said the privacy and security of their personal health information is not as important as convenience, and 60% of the same age group said they would still use a digital health app even if they knew the data collected would be shared with third parties for marketing purposes.

While the fact that health data is frequently sold for marketing purposes may seem relatively harmless, it raises legitimate concerns that many patients may not be considering—health data from apps is already being sold to insurance companies, including those in which diabetics track their daily blood sugars. Such apps can be hugely helpful to patients, but what is stopping the insurance company from using data indicating poor compliance with disease management to make coverage decisions? What if data collected by ovulation tracking apps is used to build a case to prosecute a woman who sought an abortion? These may seem to be extreme scenarios, but the truth is, the best way to ensure data isn’t used for unintended purposes is to be more mindful of how it’s being shared in the first place.

So, what can consumers do to protect themselves?

Here are some tips recently published in The Washington Post that could be helpful:

• Read the terms and conditions of apps being used and particularly search for keywords that indicate they will share or sell your data. Keep in mind that some apps may say they don’t sell data, but their privacy polices state that they, “share data with third-party affiliates or partners.”
• Some apps will say that they only share data internally, but the full umbrella of companies that could be considered “internal” should be studied. For example, at Meta, “internal data sharing” means your data could be spread amongst Facebook, Instagram, WhatsApp, Messenger and others.
• Beware of apps that say they want to use your data to “improve” or “personalize” your experience. This is a concealed way of saying that your data is sold for marketing purposes, without actually using the terms “advertising” or “marketing.”

Also, consider petitioning your representatives for change in the nation’s laws and regulations addressing the privacy of patient health data. It’s a topic that Congress has considered, drafted legislation on and addressed in hearings, but to date, there has not been substantive progress forward in passing legislation to clarify patients’ rights to know exactly where their information is going and controlling said transmissions.

Anyone interested in contacting their representatives in the U.S. House of Representatives or the U.S. Senate can look up their contact information here: Find Your Members in the U.S. Congress | Congress.gov | Library of Congress.