Mobile healthcare, telemedicine, telehealth, BYOD

Policy News

FTC’s Role in Ensuring Data Security of Mobile Health Apps

By Vera Gruessner

- Ever since the widespread use of smartphones, tablets, and laptops took place throughout the nation, many industries began looking toward mobile devices and eventually mobile applications to find ways that would improve workflow. Many companies took to BYOD policies to cut costs and integrate mobile devices. The healthcare industry also looked toward mobile health apps and new mHealth tools to advance physician workflow and patient engagement.

Mobile Health Security

However, as various industries include the healthcare field began incorporating mobile devices, the multitude of data stored across various applications and technologies began rising and cyber attacks became a real issue. Mobile health security practices grew in importance as hospitals began preventing data breaches and HIPAA violations. has previously reported how the Food and Drug Administration (FDA) is responsible for regulating the safety and efficacy of mobile health apps and devices. However, instead of focusing on the FDA’s role in regulating mobile health apps, we will turn our attention to the Federal Trade Commission (FTC) and its work on medical data breaches and the effectiveness of mHealth applications.

According to the Center for Connected Health Policy, the FTC has pursued companies that have made potentially false claims about the effectiveness of their mobile health apps. Additionally, the FTC has jurisdiction over non-HIPAA covered institutions who’ve committed a medical data breach.

The FTC has already enforced its rules against various mobile health app manufacturers who may have marketed their products improperly and not met the requirements of the organization. Additionally, the FTC works with the FDA on certain issues in the mobile health sphere that may overlap between the two establishments.

Earlier this year, the Federal Trade Commission reported that consumers are taking a more active role in improving their health and wellness due to the proliferation of new mobile devices, fitness trackers, and mobile health apps.

For example, there are apps that offer encouragement for personal fitness goals and track exercise regimes as well as devices that enable diabetic patients measure their glucose levels. Additionally, the federal government has positioned new requirements for the healthcare industry promoting patient engagement and the access to personal health data.

As such, more consumers have utilized patient portals to download and view their electronic medical records. While all of these capabilities allow patients to become more involved and engaged with managing chronic conditions and improving wellness, the FTC has sincere privacy and security concerns regarding the proliferation of mobile health apps and new devices.

“Companies collecting, using, or sharing health information may think they’re covered by HIPAA, the Health Insurance Portability and Accountability Act, enforced by HHS. But HIPAA applies only to certain “covered entities” like healthcare providers, health plans, and healthcare clearinghouses. HIPAA also covers their business associates – companies that help covered entities carry out their healthcare functions,” the FTC reported.

“But if your product is marketed directly to consumers and you’re not working with a HIPAA covered entity, HIPAA doesn’t apply to you. That doesn’t mean there’s no applicable law, of course. The FTC Act gives the agency authority to take action against a wide variety of deceptive or unfair practices by app developers.”

Some examples of FTC intervention include settlements with a medical billing company in which the establishment collected personal medical information without patient consent as well as a medical transcription company that outsourced before checking to make sure the third party had proper security measures in place.

Essentially, mobile health security is vital especially when the healthcare landscape continues transforming over the coming years. Regulatory agencies will continue ensuring that companies working within the medical field comply with all privacy and security regulations.


Join 50,000 of your peers and get the news you need delivered to your 

inbox. Sign up for our free newsletter to keep reading our articles:

Get free access to webcasts, white papers and exclusive interviews.

Our privacy policy

no, thanks

Continue to site...