By: Jonah Comstock
This year has been a big year for health app regulation: FDA released its final guidance on regulation of mobile medical apps earlier this year, and the ONC released its final HIPAA omnibus rule in January. But there is a third agency regulating health apps, in cases where neither the FDA’s harm standard nor HIPAA apply: the Federal Trade Commission.
At the mHealth Summit in National Harbor, Maryland, William Baker, an attorney with Wiley Rein LLP, talked about the FTC’s role in regulating apps, as well as the role played by state attorneys general and industry self-regulation.
Baker said FTC regulation is concerned with “misleading or unfair trade practices,” such as the commission’s removal of dermatology apps from the iOS and Google Play stores in 2011. But the agency is also concerned with privacy and security of data that isn’t covered under HIPAA, like, potentially, data from health and fitness apps. Though not a health app, the FTC did crack down on an app just last week for data security reasons — a flashlight app that gave user’s geographic location to third parties without permission.
“The end user license agreement didn’t disclose that it was collecting precise geographic data,” he said. “There was an accept and refuse button. The app was already collecting and transmitting data before the button appeared, and if you clicked refuse, it did it anyway.”
Recently, the FTC’s pursuit of medical research company LabMD has suggested that the commission is no longer limiting itself to non-PHI privacy concerns. The Georgia company has sued in response, alleging that the FTC is overstepping its bounds.