On September 15, the FTC issued a policy statement in which it affirmed that health apps and connected devices that collect a user’s health information must comply with the FTC’s Health Breach Notification Rule, which requires vendors of personal health records and and any of the vendors’ related entities to notify consumers after a breach of information that was not secured. The 2009 Rule will now be applied to numerous health and fitness apps, including those that track things such as glucose levels for diabetics, heart health, fertility, and sleep.”
“While this Rule imposes some measure of accountability on tech firms that abuse our personal information, a more fundamental problem is the commodification of sensitive health information, where companies can use this data to feed behavioral ads or power user analytics,” said FTC Chair Lina M. Khan.