Dianne De La Mare
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) and the U.S. Federal Trade Commission (FTC) have released a report, Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA, that finds significant gaps in the Health Insurance Portability and Accountability Act’s (HIPAA) ability to protect information generated by fitness trackers and other mobile apps. Specifically, the report looks at the lack of guidance around access to and protection of consumer health information used by organizations not covered under the current HIPAA regulations. The report indicates that although health privacy and security experts clearly understand where HIPPA protections end, the typical layperson has a very limited understanding about this matter. The federal government plans to seek additional stakeholder input on this topic in the near future.