Attorney Matt Fisher writes:
mHealth applications focused on female or women’s health are drawing a fair amount of attention when it comes to privacy practices. The applications, which may be broadly referred to as female technology (“FemTech”), are designed to help individuals personally track different aspects of their health. The focal points may heavily go in the direction of reproductive health in a variety of different ways. Consistently, the FemTech applications collect user data through manual or automatic means and may also connect to other accounts or applications maintained by the user.
How does FemTech approach privacy though? To set the field to a degree, a large portion of FemTech falls outside the traditional healthcare industry. What does that mean? It means that HIPAA likely does not apply to the FemTech. HIPAA does not apply because the FemTech more often follows a direct to consumer approach without engaging the rest of the healthcare industry. The direct to consumer route often means no insurance coverage or other billing as the application is either “free” or has a subscription cost. If HIPAA does not apply, then the basic privacy and security protections that come along with HIPAA are absent.
Read more at The Pulse.
Update: See also: Navigating the Femtech Regulatory Landscape: Which Rules Apply and What are the Enforcement Priorities?