Health Apps and Personal Data
Americans should be concerned about how apps collect and share their health data.
Winter 2018
By David Ruth
As of 2016, there were more than 165,000 health and wellness apps available through the Apple App Store alone. The Food and Drug Administration (FDA) regulates only a fraction of those. Americans should be concerned about how these apps collect, save and share their personal health data, according to Kirsten Ostherr, the director of Rice’s Medical Futures Lab.
Ostherr has been doing research on health and medical media for more than 20 years, from “old” media like celluloid films used for medical education to “new” media like smartphone apps. “Part of my research is looking at ways the boundaries between medical and nonmedical environments are dissolving through the proliferation of apps that allow people to manage their own care outside of clinical settings,” she said. “In some ways those boundaries are breaking down because a lot of things that used to only happen inside of
hospitals can happen outside of them now.”
Federal and state policy regulations that shape how personal health data is shared are currently in place. They set rigid boundaries between traditional clinical settings or “medical domains” and domains outside of traditional clinical settings, Ostherr said. But depending on how an app is classified by the FDA, the health-related data an app collects might not be protected.
She said apps that make medical or therapeutic claims are considered a medical device and must go through the FDA procedures for approval and regulation. However, the vast majority of apps provide “helpful hints” in response to user-entered data instead.
“If your app carefully sidesteps claiming any kind of medical intervention, then it’s a health and wellness app and not a medical device — and it is not regulated,” Ostherr said. Regardless of whether an app is regulated, they are all “capturing tons of personal data, some of which would be classified as personal health information if it were subject to oversight by the Health Insurance Portability and Accountability Act.”