HIPAA applies to covered entities, such as healthcare providers who conduct electronic transactions, but not to most period tracking apps in the app store.
After the leak of a draft Supreme Court opinion on Roe v. Wade, which suggested the court may overturn a federal ruling protecting U.S. abortion rights, Elizabeth McLaughlinlawyers, activists and writers, and Eva GalperinHe said on social media that people should delete period-tracking apps from their phones, he said on social media.
Both McLaughlin and Galperin have warned that if Roe v. Wade is overturned, personal health data shared on the apps could be used against people seeking abortions.
Google search and some News report Shows that many people want to know if health data from period tracking apps is included in Health Insurance Portability and Accountability Act of 1996widely known as HIPAA.
Is health data from period tracking apps HIPAA protected?
No, health data from almost all period tracking apps is not HIPAA protected.
If a person receives an app as a benefit from their health plan, healthcare provider or insurance company, such as some versions of the Ovia Health app, it may fall under HIPAA.
what we found
HIPAA According to the Centers for Disease Control and Prevention (CDC), it’s a federal law that sets national standards to protect sensitive patient health information from being shared without the patient’s consent or knowledge.
A spokesperson for the U.S. Department of Health and Human Services (HHS) told VERIFY in an email, HIPAA rules “Applies only to covered entities and, to some extent, their business partners.” Covered Entities Includes health plans and healthcare providers that conduct standard electronic transactions, such as electronically billed insurance.
Alan Butler, executive director and president of the Electronic Privacy Information Center (EPIC), a nonprofit research center in Washington, D.C., agreed with Dixon.
“Typically, apps that an individual might use to track fertility or other personal health uses are not part of health care, most of which are not covered by HIPAA, so data, even if it is data about your body or related to you health-related data, which is not health data as defined by law,” Butler told VERIFY.
RELATED: No, Tennessee isn’t banning Plan B emergency contraception
Some period tracking apps such as glow, Claim on their website that they are “HIPAA Compliant”. However, Dixon said period tracking apps that claim to be HIPAA compliant are a “big red flag.”
“So, if a health app is sharing your data or selling your data, they can use all sorts of dodgy words to explain that, and if you don’t understand the nuances of those dodgy words, it’s going to be very difficult The things that work for you when you realize your data has been shared and, in some cases, sold,” continued Dixon.
“HIPAA will apply when an Ovia user accesses Ovia’s Advanced Enterprise Edition application through their health insurance company or employer health plan. In this case, Ovia acts as a business partner to Ovia’s enterprise customer and requires business under HIPAA Partner agreements protect data. However, HIPAA does not apply when Ovia users use the free consumer version of our app,” an Ovia spokesperson said in an email.
RELATED: Claims that Plan B Emergency Contraceptives Have Weight Limits Need Context
January 2021, Federal Trade Commission (FTC) issue a complaint Flo Health Inc., maker of Flo, a health app that tracks periods, ovulation and pregnancy, said Flo shared sensitive health data on its app’s millions of users with marketing and analytics firms, including Facebook and Google, despite its promises Keep users’ health data private.
Six months later, in June 2021, the Federal Trade Commission reach a settlement This requires Flo to obtain affirmative consent from its app users before sharing their personal health information with others. The settlement also requires Flo to conduct an independent review of its privacy practices.
Flo told VERIFY in a statement that the company “believes that women’s health data should be held with the utmost privacy and care,” adding that “Flo does not share personal health data with any third parties.”
“Flo will never ask users to document abortions or provide details they believe should be kept private. If users express concerns about submitted data, Flo’s customer support team will delete all historical data, which will completely delete all data from Flo’s servers, ‘ Flo said.
A spokesperson for Clue, another period and ovulation tracking app, told VERIFY that it is a European company, according to General Data Protection Regulation (GDPR) “Apply special protections to our users’ reproductive health data.”
In 2018, the GDPR was drafted and passed by the European Union (EU) and is considered one of the “strictest data privacy and security laws in the world” because it “imposes obligations on organisations anywhere as long as they target or collect data related to EU individuals. relevant data.”
FTC released method list People can protect their privacy when using health apps, such as period trackers. These tips include comparing privacy options, taking control of your information by checking the app’s settings to make sure it gives you control over the health data it shares with it, and understanding the risks of sharing your personal health information with apps.World Privacy Forum also shared HIPAA Patient Guidelines on its website. The comprehensive guide includes tips on how to protect your health privacy information.
“We still have a long way to go to ensure that people’s data is protected and that there are not too many unnecessary traces of data just because of our daily lives,” Butler said.
If you believe a period tracking app has shared your data without your permission, you can contact the FTC by ReportFraud.ftc.gov.
More from verification: Spain is considering offering menstrual leave, but it won’t be the first to do so