Health apps often have privacy policies that are loose and unclear to users, but who should step in to regulate their rules is not clear, reported Kaiser Health News May 19.
Although health apps deal with lots of sensitive data from users, they are not covered under the same HIPAA policies that hospitals and health systems are bound to. This means their rules on who they sell and share user data with is up to the apps themselves, making it difficult for users to keep track of and understand the variety of policies.
Some advocates argue that the federal government should step in to create legislation to standardize data collection and privacy for such apps, but given the fast approaching midterm elections some have lost hope.
The private sector has suggested a self-regulatory coalition approach in which they'd agree to spot checks, audits and other compliance standards. However, some of the biggest corporations involved like Apple, Google, and 23andMe dropped out of the proposed initiative, casting doubt on the ability of the apps to regulate themselves.
"No one knows when legislation will pass. We can't wait for that," Mary Engle, executive vice president for BBB National Programs told KHN. "There's so much of this data that's being collected and not being protected."