It seems that your medical data may not be as protected as you might first assume.
A recent report from the Department of Health and Human Services showed that the vast majority of mobile health apps on the marketplace aren’t covered by HIPAA, the Health Information Portability and Accountability Act of 1996.
HIPAA currently applies only to traditional medical establishments, such as hospitals, doctors and health insurance providers. Apps or devices used in conjunction with a doctor’s office or a hospital are not legally allowed to share or sell your information. However, there is no definitive federal law governing what happens to the data that an app developer, tech company or private individual collects.
Typically a patient using a third-party developed app enters medical information, which is then sent in some form to a physician. The data in a patients medical record would be covered by HIPAA, however the data that the third-party app developer collected would not be.
Despite being identical sets of data, stored in different computers, they have different levels of protection.
App companies although not governed by HIPAA, are better to be focussed on abiding by the standards. Any app developer found to be using unfair or deceptive practices with regards to user medical data, could be held accountable by the FTC.
As Federal regulations are increased to include app data collected by third-party developers, this will continue to be a legal grey area, and one that patients, doctors and developers all need to be aware of.