FTC Seeks Info From Apple on Protection of Consumers’ Health Data
November 14, 2014 in News
The Federal Trade Commission is seeking information from Apple on how it plans to protect the sensitive health data collected by mobile health applications and its soon-to-be released smart watch, according to sources familiar with the situation, Reuters reports (Farr/Bartz, Reuters, 11/13).
In June, Apple introduced:
- HealthKit, a mobile platform that aims to consolidate health data tracked by various other health apps into one location; and
- Health, a user-facing mobile application.
Both products are bundled into Apple’s iOS8 software, which powers iPhones and iPads (iHealthBeat, 9/3).
In September, Apple announced the upcoming release of its new Apple Watch, which CEO Tim Cook called a comprehensive fitness and health device. The Apple Watch is expected to launch in early 2015 and will require users to use an iPhone as its wireless foundation.
At its launch, the device will use a built-in application suite consisting of two apps:
- An Activity app that tracks day-to-day exercise activity, movement and minutes standing; and
- A Workout app that allows users to set a goal based on calories, distance, heart rate or time.
In addition to several other features, a companion Fitness app on users’ iPhones will aggregate data from both the Activity and Workout apps and share that data with HealthKit (iHealthBeat, 9/10).
While most data stored by users in mobile health apps are not covered by HIPAA, FTC Commissioner Julie Brill in May noted that the agency was worried that sharing such information in non-medical contexts could pose a risk to users. FTC officials have said that the agency could investigate how mobile health companies exchange, protect and share such data (Reuters, 11/13).
In addition, FTC in May released a report recommending that Congress pass legislation to make data broker practices more transparent and give consumers more control over their personal health information (iHealthBeat, 9/3).
Details of FTC, Apple Discussions
According to two sources, Apple representatives have met with FTC officials several times over the past few months to emphasize how the company will prohibit third-party developers and third-party entities — such as marketers — from selling users’ health information (Reuters, 11/13).
While FTC has not indicated that it plans to launch a formal inquiry or investigation into Apple’s products, the discussions highlight the agency’s interest in how to protect such health data, according to Reuters. In addition, the sources said that FTC in particular has sought more information about Apple’s smart watch.
FTC previously applauded some of Apple’s efforts to safeguard user data.
For instance, FTC Chair Edith Ramirez publicly praised Apple’s decision in late August to strengthen its privacy rules for users’ sensitive health data (Reuters, 11/13). Apple changed its iOS developer license agreement to prohibit developers from selling health information collected through HealthKit “to advertising platforms, data brokers or information resellers.” In addition, the agreement now states that developers are not permitted to use the HealthKit app or data collected from it “for any purpose other than providing health and/or fitness services” (iHealthBeat, 9/10).
Further, as part of the private discussions, Apple has said that the company:
- Has a team of outside advisers — including a health data protection attorney — that have been tasked with responding to health-related concerns; and
- Might hire an in-house point person for health privacy issues.
Apple spokesperson Trudy Muller said that the company regularly meets with regulators worldwide to discuss its procedures for protecting user data and that the company has “been very encouraged by their support.” FTC declined to comment on the discussions, according to Reuters (Reuters, 11/13).