The new gold rush is mobile health apps, both to track medical conditions and fitness. But the Federal Trade Commission fired a warning shot this week against those seeking to mine users' health information, in a move that could dissuade prospectors before they really get started.
The issue is complex, but it boils down to a Silicon Valley business model especially popular for mobile apps but is incompatible with federal rules on managing health information. Both Silicon Valley and Washington are to blame, but should a clash arise, Silicon Valley will lose -- and the vision of your smartphone as your fitness and health hub, à la Apple's HealthKit APIs and Samsung's planned clone, will disappear.
[ Also on InfoWorld: Thought Obamacare was messy? Wait until health records come online • The rough road to reliable data exchange among EHRs • Patient engagement will be tough task for health tech • The iPad revolution is coming to a hospital near you • The savvy tech strategy behind the feds' effort to remake health care. | Keep up on key mobile developments and insights with the Mobilize newsletter. ]
Here's the issue: People are free to share their health information to anyone they want. But health information stored by others is subject to HIPAA rules on maintaining people's privacy over their health history. HIPAA was born in the 1990s because insurers had started using health data to deny coverage or insurance, and some employers started screening out medically expensive employees in their hiring. In the 1980s, insurers, employers, landlords, and other businesses freely discriminated against those with AIDS and other diseases, which took the fears of abused medical information out of the realm of theory into ugly real-world practice.
When health data gets shared by an app, the feds get concerned ...
In the decades since, HIPAA has perversely limited the amount of data sharing among medical providers -- because permission is needed to share that data. Never mind that the principal goal of HIPAA was to encourage health information portability, so people could more freely move among providers and not repeat the same pricey tests or risk inadvertently damaging procedures in emergency rooms caused by doctors who didn't have access to your medical history. (The law's name, after all, is the Health Insurance Portability and Accountability Act, with privacy as part of accountability.)
As I've previously written, the feds are aware of the irony of HIPAA's privacy rules inhibiting the flow of health information, which has been a major goal of the feds since the first Bush administration to lower costs and improve care. Agencies like the FDA and the Health and Human Services Dept. have taken a wait-and-see approach to how people's health data would be used in the expected wave of fitness and health apps and devices.
But they and now the FTC have all sent the same message about when they'd start to impose regulations. This week's FTC warning is of particular note because it affects all apps, not only those considered "medical" in nature. In other words, all those fitness apps and sensors could get regulated if app developers and service providers aren't careful with the user information they collect. (The other feeral red line is the practice of medicine, meaning diagnosing or treating medical ailments; that requires FDA approval. But Silicon Valley seems to already understand that.)