There are apps that can help people with diabetes keep track of their blood sugar and apps that can attach to a blood pressure cuff and store blood pressure information. I use an app called ZocDoc to schedule and manage doctor’s appointments. Every time I see a therapist or a primary care doctor or dentist, the data get stored in my personal account.
But we leave behind other trails of health data, too, from apps and activities that are sometimes only tangentially health related. When I walk down the street, an app on my phone logs steps as it bounces against my thigh. When I swipe a loyalty card at the pharmacy, the over-the-counter medications that I buy become bits of data attached to my name. Medical information can be gleaned from all this and more, says Nathan Cortez, a professor of law at the Southern Methodist University Dedman School of Law.
This week the NPR podcast and show Invisibilia explores how people change from the outside in. We look at an all-women debate team in Rwanda, a country that has declared gender equality. We look at twins who introduced an app into their relationship and how it changed them. And a man who met a bird that transformed his view of the world.
Those data aren’t always protected. A recent report from the Department of Health and Human Services showed that the vast majority of mobile health apps on the marketplace aren’t covered by the Health Information Portability and Accountability Act. “HIPAA is pretty narrow as far as these things go. It applies only to traditional entities [like hospitals, doctors and health insurance providers], and it’s not surprising. HIPAA was written by Congress in 1996 before we had health apps,” Cortez says.
Apps or devices used in conjunction with a doctor’s office or a hospital can’t share or sell your information. But there’s no definitive federal law governing what happens to the data that an app developer, tech company or private individual collects. Cortez and I spoke about what that means and what people can do with individuals’ data. This interview has been shortened for length and clarity.
So if you share your data with a physician or a hospital, then it’s covered under HIPAA. If you share it with someone like Apple, then it’s not?