The FTC has announced its agenda for spring 2014.
Of particular note for this blog, one of the three privacy items on its agenda is consumer-generated and controlled health data – information provided by consumers to non-HIPAA covered sites, apps, and/or devices:
Consumer Generated and Controlled Health Data – Date and location TBD
Increasingly, consumers are taking a more active role in managing and generating their own health data. For example, consumers are researching their health conditions and diagnosing themselves online. Consumers are also uploading their information into personal health records and apps that allow them to manage and analyze their data, and utilizing connected health and fitness devices that regularly collect information about them and transmit this information to other entities.
The movement of health data outside the traditional medical provider context has many potential benefits; however, it also raises potential privacy concerns. The seminar will address questions such as:
- What types of websites, products, and services are consumers using to generate and control their health data, and how are consumers using them?
- Who are the companies behind these websites, products, and services, what are their business models, and what does the current marketplace look like?
- How can consumers benefit from these companies’ websites, products, and services?
- What actions are these companies taking to protect consumers’ privacy and security?
- What do consumers expect from these companies regarding privacy and security protections? Do consumers differentiate between these companies and those that offer traditional medical products and services that are covered by HIPAA?
- What restrictions, if any, do advertising networks and others impose on tracking of health data?
The FTC invites comment from the public on the proposed topics, and will issue staff reports following the sessions.