I. Background on Femtech
Female technology, known as femtech, encompasses software, products, diagnostics, and services that focus on and improve women’s health. Femtech includes “fertility solutions, period-tracking apps, pregnancy and nursing care, women’s sexual wellness, and reproductive system health care.” Femtech encompasses any digital or standard health tool that is aimed at improving women’s health and includes mobile apps, among other things. Many of these items, including the mobile apps, were created in response to a market “flooded with products tailored to the needs of men”; accordingly, femtech caters to fifty percent of the population by focusing on healthcare solutions unique to women. The majority of this article will focus on period and fertility tracking apps, as those are most widely adopted by employer-sponsored femtech mobile app programs.
The term “femtech” was coined in 2016 by Ida Tin, the founder of Clue, a period and fertility tracking app. Since the time the term was coined, femtech has brought in significant funding. A 2018 study estimated that femtech had brought in approximately one billion dollars in funding since 2014 and predicted femtech would have a market potential of fifty billion dollars by 2025, indicating that the field is only growing, making it, in turn, more likely for employers to incorporate an employer-sponsored femtech mobile tracking program. As of 2020, the femtech industry consisted of over two hundred startups worldwide, many of which have the goal of helping women “understand their hormones, enhance female agency over their bodies, and contribute to scientific research on the historically underrepresented female population.”
Beyond Clue, popular femtech apps include Glow, Flo, and Eve, which are all period, fertility, and ovulation trackers. Upon first glance, all of these popular apps have the commonality of a quippy feminine name. These apps are used by women around the world who want alternatives to hormonal contraception or who want to better understand their bodies. An advertising technique that has digital influencers vouching for the apps’ reliability, plus the apps’ aesthetic interfaces, make them particularly interesting to young women who are looking for a “chic, tech-savvy” solution to monitor their bodies. A 2016 study found that menstrual cycle tracking apps are the fourth most popular health app among adults and the second most popular among adolescent females.
These mobile apps work by asking the user to input data regarding the start and end date of their period, and the heaviness of the flow during the cycle, in addition to related factors like “mood, sexual activity, physical pain, body temperature, and pulse.” Additionally, some fertility-related apps intended to help a woman get pregnant ask users to log sex positions, the smell of vaginal discharge, results of ovulation tests, and cervical mucus quality to help aid in conception. Most femtech mobile apps encourage the users to input their health history into the apps as well, in an effort to provide more accurate analysis about the user’s menstrual cycle. Additionally, some apps even ask some users to input information similar to what would be listed in a user’s medical records.
While female representation in health technology is vital, the reality of the apps is falling short. Many of the available health apps attempt to fit female bodies into strict categories. These fertility and period tracking apps distill complex fertility science into marketing schemes that consist of decorative animations, indicating that the information women are inputting into these apps is not serious, despite the fact that the apps’ use could have medical implications. The authors of a 2016 study evaluated the accuracy of dozens of menstrual-cycle tracking apps and found that most available menstrual-cycle tracking apps are “inaccurate, contain misleading health information, or do not function.” The study found only twenty free, English-language apps that allowed for accurate menstrual cycle tracking based on average cycle lengths. Finally, the researchers found that only five percent of the apps cited medical literature or any kind of professional literature.
A separate 2018 study found that the maximal probability of the day of ovulation being correct for most calendar apps was twenty-one percent, indicating that predictions are based on an inaccurate assumption that ovulation occurs on a set day of the menstrual cycle for any given cycle length. The same study found that of the seventy-three apps downloaded for the study for cycle tracking, none provided any information on how they were able to predict the day of ovulation. All of the apps examined by the authors of the study had an ovulation-day prediction accuracy of less than ninety percent.
In addition to being inaccurate, many of the most popular apps lack functionality. Many do not allow users to input abortions, or account for irregular periods, while others lack algorithms that allow an individual to input sex with non-male partners. Furthermore, some of the most popular health apps and devices, Apple Health and Fitbit, did not add any kind of female health tracking until more than a year after the apps were released to the public. In fact, when Apple Health debuted in 2014, senior VP of software engineering, Craig Federighi, told users they could monitor all of the metrics they were most interested in, even though female users could not track their cycle with the app for nearly a year after the debut.
Assistant professor of information science at Cornell University, Karen Levy, told Vox in 2018 that the design of period tracking apps “often [don’t] acknowledge the full range of women’s needs.” She added, “There are strong assumptions built into their design that can marginalize a lot of women’s sexual health experiences,” after explaining that her own period tracking app could not understand her own pregnancy as anything beyond a “several-hundred-day menstrual cycle.” The author of the Vox article, Kaitlyn Tiffany, explained how her own period-tracking app did not allow her to continue tracking her period as normal after having an abortion. Tiffany realized that, if she input the beginning of her cycle as normal, which at that point was weeks late, the app she was using would think she had undergone a cycle that was more than twice as long as her normal cycle and adjust all her averages, “rendering all of its future predictions completely useless.”
Similarly, when a miscarriage happens, some apps prevent women from logging that data, which potentially adds insult to injury, by telling women that their bodies did not do what is “normal” in that situation and then skews the data for the woman’s future cycles. In addition to preventing women from logging a miscarriage, some femtech apps use incorrect terminology, such as “hookups” instead of sex, or “girls” instead of women. Furthermore, some apps focus exclusively on intercourse with male genitalia and thus “exclude[] lesbian, gay, bisexual, transgender, and queer (LGBTQ)” people.
A number of the apps that help people track their cycles offer to sell the data they collect, and then actually sell it to third parties for “marketing and advertising purposes.” In fact, period and fertility-tracking apps have been particularly good sources of data for advertisers. The period-tracking app Flow, for example, shared information with Facebook for advertising purposes. Advertisers are not the only market for this data. A number of period and fertility tracking apps ultimately fund themselves by selling users’ data for research purposes. This research use may seem more legitimate than use of the data for ads. For some users, giving up the health information contained in these apps is a good trade-off for the information they get from the app regarding their cycle. For others, though, there is no viable alternative to help prevent pregnancy, as they do not have access to other reliable forms of birth control.
Employers use workplace wellness programs due to the widespread belief that healthy workers and workplaces are more productive, and the overall productivity helps a business. However, the more important factor driving use of workplace wellness programs has to do with maximizing profitability by lowering health insurance costs. By being able to demonstrate that they have a healthier employee population, employers may hope to negotiate discounted health insurance rates. This motivation for a lower health-insurance cost may be motivating at least some employers to introduce femtech apps into their workplace wellness programs. By having information about how healthy employees’ pregnancies are, or are not, the employer can continue to use that type of information when negotiating health insurance costs going forward.
II. Current Federal Legal Landscape
Overall, femtech apps are left largely unregulated on a federal level, at least in terms of privacy and data security. Effectively, due to the amount and type of data collected that relates to a user’s menstrual cycle and fertility, the app can monitor a user’s health status to almost the same extent a physician would. This possibility means that femtech apps and medical records frequently contain the same level of personal information about the patient and user. Because the mobile apps ask for a great deal of medical and sensitive health information, we might expect federal law to regulate these apps.
The following sections will analyze the current regulations and laws that users might expect to protect the information they input into various femtech apps. Specifically, these sections will look at how the Food and Drug Administration, Health Insurance Portability and Accountability Act of 1996, and Title VII of the Civil Rights Act of 1964 protect, or fail to protect, the information users input into femtech apps.
A. The FDA
Users of femtech apps might expect the Food and Drug Administration (FDA) to regulate these apps, especially if they consider femtech mobile apps to be medical devices, since many people know the FDA as the agency that regulates medical devices. The FDA has taken a largely hands-off approach to regulating most femtech mobile apps, however.
While the FDA considers mobile apps used for conception and contraception to be medical devices, it considers mobile apps promoting pregnancy to be “low-risk,” meaning they “do not require agency approval unless they include newly developed indicators of fertility.” Furthermore, a FDA spokeswoman stated that, for a mobile app to be used as a contraceptive, it would need to gain FDA approval. To date, the FDA has approved two mobile apps for contraceptive purposes, Natural Cycles and Clue Birth Control, which both act as family-planning software that purports to prevent pregnancy by warning users to not have sex on certain days when a woman is most likely to become pregnant. These are not the only two apps potentially used for contraceptive purposes. Other femtech mobile apps claim to offer natural family planning, without FDA approval, although some include fine-print disclaimers that the app should not be used as a form of contraception. It is likely that many users overlook these fine-print disclaimers, and many people likely use these and other fertility apps as contraceptives.
The FDA has the power to regulate these apps as medical devices. Section 513 of the Federal Food, Drug, and Cosmetic Act (FDC) established a risk-based device classification system for medical devices, where each device is assigned to one of three regulatory classes: Class I, Class II, or Class III. The class each device is assigned is based on the level of control that is “necessary to provide reasonable assurance of its safety and effectiveness.”
Class I covers devices that are low to moderate risk, Class II covers devices that are moderate to high risk, and Class III covers devices that are high risk. All classes are subject to general controls. General controls include registration of producers of devices, adverse-event reporting, device-tracking, notification, and device records and reports. If a device is exempted from a general control, the exemption is stated in that device’s registration. Class II devices are also subject to special controls because the FDA deems general controls alone insufficient to “provide reasonable assurance of the safety and effectiveness of the device, and for which there is sufficient information to establish special controls to provide such assurance.” The special controls are usually device-specific and include elements such as performance standards, post-market surveillance, patient registries, and other guidelines.
Class III devices are those that are intended to support or sustain human life or prevent impairment of human health, or that may present a “potential unreasonable risk of illness or injury for which general controls and special controls are insufficient to provide reasonable assurance” of the safety and efficacy of a device, or for which there is not enough information to make such a determination. These devices require an approved Premarket Approval Application (PMA) to be licensed to market and are also subject to general and special controls.
More specifically than the device provisions in the FDC, the FDA’s regulations set standards for the classification of “obstetrical and gynecological devices intended for human use that are in commercial distribution.” This classification system includes contraceptives such as diaphragms, multiple-use female condoms (MUFCs) and Intrauterine Devices (IUDs), and menstrual products, including pads and tampons. MUFCs and IUDs are both classified as Class III devices by the statute and thus require PMAs as well as special controls and general controls. On the other hand, unscented menstrual pads are classified as Class I devices, meaning they are only subject to general controls. Additionally, unscented tampons are classified as a Class II device, meaning they are subject to general controls and special controls.
The FDA does consider at least contraceptive apps to be medical devices. It added an additional section to its regulations regarding obstetrical and gynecological devices in March 2019. Section 884.5370 was created to address “software application[s] for contraception.” The code section defines a software app for contraception (SAC) as a “device that provides user-specific fertility information for preventing a pregnancy.” Furthermore, a SAC is a device that includes an algorithm that “performs analysis of patient-specific data to distinguish between fertile and non-fertile days, then provides patient-specific recommendations related to contraception.” SACs are classified as Class II devices, and are subject to special controls and general controls. To date, only Natural Cycles and Clue Birth Control have been approved by the FDA as SACs, leaving all other fertility and period tracking apps not clearly subject to regulation by the FDA.
B. HIPAA Analysis
Users might expect the Health Insurance Portability and Accountability Act (HIPAA) to protect the information input into femtech mobile apps because it is sensitive health information. HIPAA is a federal statutory scheme designed to protect the confidentiality of patients’ health information. In addition, it was created to improve the portability and continuity of health insurance coverage and to “combat waste, fraud, and abuse in health insurance and health care delivery.” These goals require the sharing of information. Accordingly, HIPAA was designed to aid in the protection of the confidentiality of personal health information that health care providers, exchanges, or insurance companies may disclose. HIPAA mandated that the U.S. Department of Health and Human Services (HHS) develop national standards for the protection of patients’ confidential information. According to HHS, HIPAA provides federal protections for personal health information held by covered entities (a health care provider, a health plan, or a healthcare clearing house) and their business associates and “gives patients an array of rights with respect to that information.”
To effectuate these protections, HHS created Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule), which established a set of “national standards for the protection of certain health information.” The stated major goal of the Privacy Rule is to ensure that an individual’s private health information is properly protected, while still allowing the necessary health information to be available to ensure individuals receive adequate health care and to protect the public’s health and well-being. The Privacy Rule helps to guide the “use and disclosure” of “protected health information” and to determine how protected health information may be used by organizations subject to the Privacy Rule.
Based on all of this, a person might expect that femtech mobile apps would be governed by HIPAA and HHS regulations, but they are not. Although femtech mobile apps contain health data, that data is not protected by HIPAA because the mobile-app companies are not covered entities. HIPAA and the Privacy Rule only apply to “covered entities,” which include health plans, health care clearinghouses, health care providers that perform certain types of electronic transactions, and their vendors or “business associations.” These apps are clearly not health plans or health care providers or their vendors. They are also not health care clearinghouses. A health care clearinghouse is a public or private entity, including a billing service, that processes or facilitates the processing of health information received from another entity on the list. The Privacy Rule thus only protects “individually identifiable health information” held or transmitted by a covered entity or its business associate.
The data input may also not be “individually identifiable health information” that is protected by the Privacy Rule because it may not be “health information” within the meaning of the rule. “Health information” is defined as:
any information, including genetic information, whether oral or recorded in any form or medium, that
(1)
Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
(2)
Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
The rule then defines “individually identifiable health information” as the “subset of health information” that:
(1)
Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
(2)
Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
i. That identifies the individual; or
ii. With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
Given these parameters, the health-related data collected by mobile sensors and apps could potentially fall under the definition of “health information” if it is “received” by an “employer” or health plan. However, the function of the apps as intermediaries of the information flow keeps the information from being protected. HIPAA does not apply and does not protect the individual’s information if the data is passed from the individual to a third party that is not a health care provider, health plan employer, or health care clearinghouse. Femtech app manufacturers and website managers most likely qualify as a third party that is not covered by HIPAA and thus would not be bound by HIPAA regulations to protect users health information.
In other words, femtech mobile apps do not fall under the category of “health care provider” because the apps are not operated by health care providers. The vast majority of femtech companies are independently organized companies that create technologies to serve a specific function for a specific demographic, such as women trying to get pregnant or prevent pregnancy naturally. Femtech mobile apps do not fall under the category of “clearinghouses” either because they are not payment systems or technology infrastructures, which would be covered by HIPAA regulations.
Still, femtech apps could potentially fall under the “business associate” category in the Privacy Rule, but most femtech companies find a way to avoid this categorization. Femtech companies are not likely to fall into the business associate category because, by and large, they function independently from health care providers and also restrict the disclosure of the information collected by the apps to some degree. In the case that a user chooses to disclose the information that is collected, then some company policies state that the company will not be responsible for transmitting or disclosing any information to a third party. This limitation on the actions of the app means the relationship between the femtech app and the healthcare provider is severed, which means the femtech company will not be subject to HIPAA requirements.
Furthermore, even if HIPAA requirements applied to femtech apps, HIPAA would not help the individuals harmed by a data breach or the health information being shared with employers and then misused. There is no private right of action under HIPAA, so no individual can sue for a violation of HIPAA itself. Therefore, femtech app users are currently left with virtually no privacy protections to fall back on should their private health information be shared.
C. Pregnancy Discrimination Act Analysis
An individual might expect Title VII of the Civil Rights Act of 1964 to prevent discrimination based on data related to pregnancy because Title VII prohibits employment discrimination based on sex and other protected characteristics. Knowing that Title VII prohibits discrimination based on sex, it seems reasonable to think that Title VII would also prohibit discrimination based on pregnancy. However, in General Electric Company v. Gilbert, the Supreme Court held that a company’s insurance policy that excluded pregnancy, was not sex discrimination because not all women are pregnant. Therefore, under Gilbert’s holding, insurance plans that distinguished between pregnant women and non-pregnant people were gender-neutral and thus did not violate Title VII of the Civil Rights Act of 1964.
As a result of the holding in Gilbert, Congress amended Title VII with the Pregnancy Discrimination Act to explain more fully what counts as sex discrimination. The addition of the language of the PDA to Title VII prevents employers from treating their employees differently based on pregnancy. The PDA defines “sex” under Title VII to include “pregnancy, childbirth, and related medical conditions,” meaning that any discrimination on the basis of these is sex discrimination.
The PDA further provides that “women affected by pregnancy and pregnancy-related conditions must be treated in the same manner as other applicants and employees on the basis of their ability or inability to work.” Therefore, an employer must extend health insurance coverage, medical benefits, and other accommodations to pregnant employees in the same manner that it extends those benefits to other employees. Additionally, the language of the PDA makes it clear that the protection extends not just to pregnancy, but also to a range of medical and physical issues related to fertility; therefore, an individual does not need to be pregnant to make a claim for pregnancy or sex discrimination under Title VII. Thus, Title VII prohibits job-related discriminatory treatment of an employee, ranging from failing to provide insurance coverage to termination of employment, on the basis that she has been or is currently pregnant, has given birth or intends to give birth in the future, or any other issue related to fertility.
However, this same treatment language does not require employers to make it easier for pregnant employees, or potentially pregnant employees, to complete their job or require employers to treat these employees in a special manner. Nor does Title VII prohibit asking questions or gathering information about a person’s protected status. Additionally, Title VII and the PDA definitions do not explicitly prevent an employer from gathering such information from an employer-sponsored pregnancy-tracking mobile app.
The proof structure in a Title VII action depends on the type of discrimination allegation. An employee has the initial burden to show that they are the member of a protected class and suffered a negative employment-related consequence. The employer has the burden to produce evidence that the employee was fired for a non-pregnancy related reason. Then the employee has the opportunity to prove actual pregnancy, or a reason related to pregnancy, that was the reason for the firing. When doing so, the employee does not have to prove direct evidence; the ultimate question is based on the totality of the circumstances, considering all the evidence in context.
Refusal to accommodate claims are a bit more complicated. When an employee alleges discrimination under Title VII based on the fact they were refused leave or light duty when some other employees receive leave or light duty, the burden shifts to the employer to provide a reason for the employment actions at issue, other than pregnancy, childbirth, or related medical conditions. Therefore, an employer can take adverse action against a woman who is losing sleep due to a pregnancy, is nauseous at work, or unwilling to travel if the employer can establish that it had or would treat other employees who suffer from similar conditions, but were not pregnant, in the same manner. In other words, failing to accommodate a pregnancy is only a violation of Title VII if some employees with a similar need for accommodations are accommodated, and the employer lacks a good enough reason for not accommodating pregnant employees. The newly enacted Pregnant Women’s Fairness Act, which requires accommodations for pregnancy, childbirth, and related medical conditions, may change this analysis, but considering its effects is beyond the scope of this article.
Because information about fertility is not obvious to outsiders, employees may be somewhat protected from discrimination on the grounds of fertility. But the information gathered by femtech mobile apps may provide employers with a new source of information that might allow them to discriminate. An employer could take the information that they receive from an employer-sponsored pregnancy mobile app and then use that information to make decisions to fire, or otherwise impact a female employee’s job. This use would be in violation of Title VII, but proving that the information was the cause of the adverse action might be very difficult, since the employee does not necessarily know what information an employer is getting from the app. In short, even though it might seem that Title VII should protect this sensitive data from being provided to employers, it does not explicitly do so, and even where employers make improper use of the data, proving that they have done so may be more difficult than for other kinds of discrimination, where employer comments or other evidence is available.
And employers have a motive to discriminate on the basis of pregnancy, not just against single employees, but structurally, as well. For employers who fund workers’ health insurance, pregnancy can be one of the biggest and most unpredictable health expenses. These potentially high healthcare costs incurred by pregnant women are information that the employer would want to have, and, if a company found an increase in pregnant women within the company, it is possible the employer would find a way to cut insurance costs by firing the women. Therefore, requiring employees to sign-up for pregnancy-tracking mobile apps would be a proactive way for an employer to prevent higher insurance costs by helping employers determine when to decrease the availability of certain kinds of health insurance to the detriment of pregnant employees.
To date, Title VII does not protect the health information input into pregnancy-tracking mobile apps from being used to determine what health insurance benefits to provide to all employees. All that is required is that the employer does not discriminate against a pregnant employee in insurance coverage, a standard that is fulfilled so long as the insurance coverage of the pregnant employee is the same insurance coverage that is extended to other employees.
III. Possible Negative Ramifications on Women’s Employment
As this discussion shows, fertility apps require the user to share a massive amount of information, much of it sensitive and private, and there is currently minimal regulation with respect to data sharing of the content that users input into femtech apps. The new types of femtech apps make it possible in certain circumstances for employers to track women with regard to their reproductive cycles, pregnancy, and childbirth. Thus, the availability of data from these apps is potentially ripe for exploitation by employers to invade the privacy of and discriminate against female employees.
It is challenging to think of any good reason why an employer would want or need to know when an employee has her period, when she might have PMS, when she is attempting to get pregnant, or when she is experiencing fertility issues, and most women find this information deeply private. Employers would likely argue that employer-sponsored femtech programs are voluntary, and there are no privacy concerns about gathering the information since the women have consented to the terms and conditions; however, opting out of these programs may be virtually impossible in practice due to the incentives offered for participation. If it is virtually impossible to opt out of the programs, because the incentives are so strong opting out would be financially irresponsible or because of pressure from management to enroll, then the programs might not even be truly voluntary. This inability to opt out for financial reasons is especially true for lower-income workers, as employees who have a higher income would be more willing to take the financial penalty of opting out of a femtech-app monitoring system when compared to a lower-income employee.
Many individuals might hold the belief that pregnancy discrimination is a thing of the past and that the availability of the data from these femtech mobile apps would not be exploited by an employer, when the opposite is true. Pregnancy discrimination is still rampant inside of some of America’s largest companies, the companies that are more likely to institute a femtech monitoring program, despite the fact that pregnancy discrimination is illegal. While American companies have rolled out parental leave policies and put millions of dollars into programs to keep mothers employed, that step does not change the fact that “getting pregnant is often the moment that women are knocked off the professional ladder,” regardless of the type of job they have. A New York Times investigation reviewed thousands of pages of court documents and public records and interviewed dozens of women lawyers and government officials that revealed a clear pattern that many of the nation’s largest and most prestigious companies “still systematically sideline pregnant women.” These companies do so by passing women over for promotions and raises, and then firing these women when they complain about the treatment.
The type of discrimination can differ depending on the job as well. In physically demanding jobs, the discrimination can be overt, with pregnant women risking their jobs when they ask to carry a water bottle or take breaks. In more white-collar or administrative positions, the discrimination is more subtle; in this situation, pregnant women are seen as less committed because they have a child and, thus, are steered away from more important assignments, are excluded from client meetings, and receive fewer bonuses. Due to these acts of discrimination, the number of pregnancy discrimination claims filed annually with the Equal Employment Opportunity Commission (EEOC) has been rising for the last two decades and is currently near an all-time high. At the time of the New York Times investigation in 2019, the reporters found that tens of thousands of women had taken legal action alleging pregnancy discrimination at a wide array of companies, including Walmart, Merck, AT&T, Whole Foods, and KPMG. These companies all boast about empowering and celebrating women.
The New York Times investigation specifically interviewed women who experienced pregnancy discrimination at Glencore, Merck, Walmart, and UPS. The stories from Glencore and Merck came from women who were denied promotions and bonuses based on the timing of their pregnancies and maternity leave. The employee from Glencore stated that her boss told her that her pregnancy would “definitely plateau” her career and made comments regarding “pregnancy altering women’s brains” when she was the only pregnant employee. Furthermore, the employee asserted that her bonuses barely rose, and her bosses passed her up for promotions that eventually went to less experienced male employees. The Merck employee shared a similar experience, where she was rising quickly through the ranks of the company, but was suddenly laid off while pregnant. At the time of the layoff, Merck was facing a lawsuit accusing the company of paying women less than men, and denying them professional opportunities, with a female saleswoman reporting a male colleague told her “you’re not going anywhere” when she got pregnant.
The stories told from the women who worked for Walmart and UPS are a bit different from the women who worked for Glencore and Merck, but have the similarity that women were treated differently and their jobs were impacted due to their pregnancies. The UPS employee, Peggy Young, sued UPS for discrimination after UPS told her she could not have a light-duty job after she got pregnant and her doctor told her not to lift heavy boxes. Young ended up on unpaid leave without health insurance, even though, at the time, UPS gave reprieves from heavy lifting to drivers injured on the job and individuals who were permanently disabled. Young sued, and the case ultimately ended up in the Supreme Court, which ruled that if employers are accommodating big groups of other workers, such as people with disabilities, but not pregnant women, they are likely violating the Pregnancy Discrimination Act.
A Walmart employee provided a story similar to Young’s case; she was denied a request to avoid heavy lifting, even after a doctor said she was at a risk of miscarrying if she continued to do so. The employee continued heavy lifting, went to the hospital a month later suspecting a miscarriage, and was then granted light duty. Three days after asking about maternity leave, the employee was fired. This story is echoed by another Walmart employee, who was denied a reassignment to a different portion of the store after the cleaning supplies that she used to clean the Walmart bathrooms made her sick.
In addition to women facing job ramifications as a direct result of becoming pregnant, women may face job ramifications because of their potential to become pregnant and the impact that pregnancy could have on a company’s insurance scheme. Given the high cost of health insurance, an employer that has to reduce its number of employees might reasonably fire the employees who may be the most expensive to insure into the future, and these expensive employees are frequently women who might become pregnant. For example, if an employer with a femtech app program has two identical employees, and one is a woman who has recently begun more thoroughly tracking her menstrual cycle, and another is a woman who has not begun to do so or a man who has no menstrual cycle to track, the employer might conclude that the woman who is tracking her cycle is looking to become pregnant and fire her instead of the other two employees. Absent the monitoring of the employer-sponsored femtech app, the employer would not know that the employee had begun tracking her menstrual cycle more thoroughly and infer that meant she was attempting to become pregnant.
Additionally, the monitoring of a femtech app alone puts women at an elevated risk of adverse employment decisions, because, without the femtech app monitoring system, the employer would have no way to know information about the employee’s menstrual cycle and fertility. From the employer’s point of view, firing women who might become pregnant seems like a good business decision, because of the insurance cost of a woman being pregnant and the time missed from work on maternity leave.
These stories, coming from women with a wide array of occupations, and the potential for discharge for insurance reasons, exemplify how pregnancy discrimination is still a present danger to women in the workforce. Even if a woman is not fired after announcing she is pregnant, her boss can still begin finding problems with her work, or believe stereotypical ideas about pregnant women, and find a reason to fire a perfectly good employee. These stories of pregnancy discrimination is why it is concerning that an employer could possess reproductive health information via an employer-sponsored femtech app. If the employer can find out the female employee is pregnant, or even trying to become pregnant, the employer can find a reason to fire the employee and make it seem like it was not related to the pregnancy, even though firing was a direct result of the pregnancy.
IV. Potential Solutions
The above sections describe the regulatory vacuum and demonstrate how an employer-sponsored femtech app monitoring program could negatively impact women’s employment in a variety of jobs. Part II specifically examines how FDA regulations, HIPAA, and the Pregnancy Discrimination Act in their present forms fail to protect information female users’ input into femtech apps. Part III examines the negative repercussions female employees could face from their unprotected data being input into an employer-sponsored femtech app monitoring system. The following subsections will examine how FDA regulations, HIPAA, and the Pregnancy Discrimination Act could all be strengthened and changed to prevent female employees from being discriminated against based on the information they input into femtech mobile apps.
A. Strengthening FDA Regulation
The first recommendation to help protect women’s data input into an employer-sponsored femtech mobile app is to strengthen FDA regulation of these apps. As stated above, the FDA considers mobile apps used for conception and contraception medical devices, but it considers mobile apps promoting pregnancy low-risk and thus not needing agency approval. The line between using an app to promote pregnancy and using it for contraception or conception appears very fine. Additionally, a significant number of women are almost certainly already using non-FDA approved femtech mobile apps as contraceptives. Therefore, since women are already using these mobile apps as contraceptives, the FDA should regulate femtech mobile apps as SACs, even if the app does not advertise itself as a contraceptive.
Current unregulated mobile apps should be regulated as SACs because they use algorithms to provide user-specific fertility information for preventing pregnancy and therefore meet the regulatory definition for SACs. Additionally, many of these mobile apps collect information from users such as period flow, sex, pain, moods, and provide estimations of a user’s most fertile days, which fits right into the FDA’s definition of a SAC, specifically around the definition of using data to distinguish between fertile and non-fertile days. The reason that the vast majority of femtech mobile apps are not regulated is because they disclaim being contraceptives, even though they fit into the statutory definition of a SAC.
A regulatory framework is already in place that classifies mobile app contraceptives Natural Cycles and Clue Birth Control as SACs, and thus as Class II devices, making them subject to general controls and special controls. Therefore, it seems reasonable to include other femtech mobile apps that are not currently FDA-regulated because they are not considered contraceptives, but are frequently used as such, in the same category of Class II devices. By including all femtech mobile apps in FDA regulations as Class II devices, then all femtech mobile apps will be subject to Class II controls and thus subject to general controls and special controls.
Subjecting all femtech mobile aps to Class II controls gives the FDA significantly more regulatory oversight over what is done with the apps and the types of data that they can collect. If all femtech mobile apps are subject to general controls, the producers of each app will have to register, and there will be data about adverse events as a result of the app (such as unplanned pregnancy), records and reports of the apps, and tracking of how the device is used. Additionally, as Class II devices, all femtech mobile apps will be subject to special controls to provide reasonable assurance of safety and effectiveness, and these special controls include having to meet performance standards, conduct post-market surveillance, and register patients, along with other device-specific guidelines.
In making all femtech mobile apps subject to special controls, the FDA could therefore regulate the kind of data that the femtech mobile apps are allowed to share or require more ample disclaimers that women might be giving away their data, particularly if enrolled in an employer-sponsored femtech mobile app incentive program. This would provide protection from bad-acting employers who would use the data they receive from employer-sponsored femtech mobile apps in improper ways, since, per the FDA regulations, the app would be much more limited or not able to share that data with the employer. Therefore, a first solution to protect female employees from inputting their data into femtech mobile apps, only for it to be used to fire them or otherwise retaliate against them by employers, is to change the FDA regulations to have all femtech mobile apps be considered SACs and, thus, subject to FDA oversight and regulation. This would allow the FDA to limit what information the femtech mobile app is allowed to share and would prevent personal information from reaching employers.
B. Strengthening HIPAA
The second recommendation would restrict employers’ use of femtech data more than current federal laws and regulations do by strengthening the HIPAA framework. It seems more reasonable to take a legislative structure already in place to protect sensitive health information, such as HIPAA, than to create entirely new legislation to deal with femtech mobile apps. As discussed above, HIPAA currently does not protect the information input into the overwhelming majority of femtech mobile apps. HIPAA and the Privacy Rule only apply to “covered entities,” which includes health plans, health care clearinghouses, health care providers that perform certain types of electronic transactions, and their vendors or “business associations.” Femtech apps do not fall under any of these categories and are most likely third parties to which HIPAA does not apply. Therefore, the second recommendation proposed in this essay is a modification to HIPAA to include femtech apps as either health care providers, health care clearing houses, or to create a new category of “covered entities,” as well as modify the definition of health information.
Including femtech apps in a revised definition of “covered entities” would severely limit the amount of information that the employer would be allowed to receive from the information that female employees are putting into these apps. If femtech apps became “covered entities” under the law, by being considered some kind of healthcare provider or creating a new category of covered entities, they would become subject to the Privacy Rule. As discussed above, the Privacy Rule prescribes regulations to keep individuals’ private health information protected from misuse. Therefore, under the Privacy Rule, it would be much more challenging for a femtech mobile app to transmit an employee’s health data to their employer. This is because, in complying with the Privacy Rule, the femtech mobile app will have to take steps to keep the employee’s private health information protected from misuse, and this misuse has the potential to be by the employer.
In addition to expanding the definition of covered entity to include femtech mobile apps, expanding the definition of either health information, individually identifiable health information, or both would further protect the information women are inputting into an employer-sponsored femtech mobile apps. Expanding the definition of individually identifiable health information to include data input into and generated by femtech mobile apps, even if it is aggregate data, would help bring more of that data under the purview of HIPAA and subject to HIPAA regulation. An expanded definition could either treat the aggregated data from these apps as individually identifiable due to the risks of individual identification as discussed earlier, or the statute could be changed to specifically include femtech data as individually identifiable data itself. As it stands, the statute defining health information, of which individually identifiable health information is a subsection, lists off the types of things that are health information. It would only take one legislative act or a change of regulation by HHS to expand that definition to include information that is contained in femtech mobile apps, and that definition could also be construed to encompass other information in mobile health apps more generally. This proposed expansion of the definition would allow this type of data to be protected by the Privacy Rule and protected by HIPAA. Additionally, an expansion of the definition of individually identifiable health information to include information that is created or received by a femtech mobile app and relates to the physical or mental health of an individual, including reproductive health, which identifies an individual, would further bring this data under HIPAA regulation. In expanding this definition to specifically include the information included in femtech mobile apps, then that kind of data would specifically be protected by HIPAA, as well.
In expanding the definitions of covered entity, health information, and individually identifiable health information to include femtech apps, these changes would work together to make it much more challenging for femtech mobile apps to skirt HIPAA regulations as they currently do. A change in these definitions would bring almost all data in femtech mobile apps under HIPAA regulation, meaning that it would be extremely challenging for bad acting employers to get the information necessary to penalize employees based on the information that they put into femtech apps. The change in regulations would require the individual to affirmatively allow their employer to get this data and understand the rights they are giving away when doing so. Finally, an additional, seemingly necessary, change to HIPAA regulations would be to create a private right of action under HIPAA, so employees who think their information has been used to fire them or otherwise discriminate can sue for some kind of restitution or resolution.
C. Strengthening the Pregnancy Discrimination Act
The final potential solution suggested in this paper is a modification to Title VII by amending the Pregnancy Discrimination Act, which prevents employers from treating their employees differently based on pregnancy. As discussed above, Title VII extends to all aspects of a job, including health insurance coverage, which can be a major cost for employers, and a reason for an employer to fire a pregnant employee. As a result of insurance costs being so high, frequently a cost that employers want to cut, an employer-sponsored femtech monitoring system would be a proactive way for an employer to prevent higher insurance costs by helping employers determine when to decrease the availability of certain kinds of health insurance to the detriment of pregnant employees, or even to fire employees if it looks like they may become pregnant or have a history of complex pregnancies. Doing so would be a violation of Title VII; however, it would be easy for an employer to hide this discriminatory motivation, especially in situations where an employee is not aware the employer has their pregnancy- or fertility-related data. Moreover, neither Title VII nor the Pregnancy Discrimination Act specifically prohibit the use of the health information that users input into femtech mobile apps to make decisions about the workplace broadly, like the insurance or paid leave available to all employees.
Therefore, Title VII should be modified to specifically preclude employers from receiving the data employees input into an employer-sponsored femtech mobile app in any form. By precluding employers from receiving this data, it will not be available to be used by employer for making decisions, whether broad insurance coverage decisions, or discriminatory decisions about a single employee.
Conclusion
Women still face employment discrimination as a result of pregnancy. As employers institute policies that have female employees track their periods and fertility through mobile apps, concerns grow about the protections that are in place for that data and what prevents employers from taking action against female employees who input “bad” data. FDA regulations, HIPAA, and Title VII do not currently protect the kind of data that women input into femtech apps. To help protect women’s data and their employment, several solutions have been suggested. First, changing FDA rules to regulation femtech apps as Class II devices would allow the FDA to have oversight over the apps and potentially prevent data sharing with employers. Second, strengthening HIPAA regulations to define the information input into femtech apps to be health information and femtech companies to be covered entities would prevent femtech companies from sharing the data women input with employers, preventing employer use of that data to make health insurance or employment decisions. Finally, strengthening Title VII to explicitly prevent employers from receiving the data employees input into an employer-sponsored femtech mobile app in any form would likewise prevent improper use of that data. Making these changes is the best way to prevent bad acting employers from using femtech mobile app data to make employment decisions that could negatively impact female employees.
