Companies that handle consumer health and wellness data have a new set of industry-developed privacy guidelines with which to consult.
WHY IT MATTERS
The voluntary guidelines, drafted by members of the Consumer Technology Association, are meant as a baseline framework to help promote consumer trust in tech companies that handle personal health and wellness data.
The recommendations, which allow for flexibility on how companies can implement them, suggest that vendors be as open and transparent as possible about the personal health information they collect and why, and think carefully about how they put that data to use.
The guidelines also suggest that companies make it easier for consumers to access and control the sharing of their health information, and give them convenient means to do so. They should also build robust security protections into their technology, says CTA, and be accountable for their promises and practices.
The CTA Privacy Principles, developed with input from companies such as Doctor on Demand, Embleema, Humetrix, IBM and Validic, are based around privacy concepts currently present and developing in U.S. law, according to CTA.
They’re meant to supplement the applicable legal requirements and regimes with which companies need to comply, say association officials, not to supplant them.
“CTA’s Privacy Principles give health care companies the guidelines for protecting consumer data and maintaining consumer trust,” said Drew Schiller, CEO of Validic and vice chairman of CTA’s Health and Fitness Technology Division, in a statement. “This is vitally important not only as an individual company but as an industry.”
THE LARGER TREND
First developed in 2015, an initial set of principles was developed by CTA in response to tangible privacy risks and to learn more about consumer preferences for their health data.
These new guidelines have been expanded, according to the industry group. Beyond data generated from wearables, the new list of voluntary guidelines cover the collection, use and sharing of any data from personal health and wellness devices, apps, websites and more.
But the fact that the rules are voluntary, and meant to complement existing privacy regulations, is an important one. The area of personal health data is one that’s fast evolving, especially given the imperative — driven by recent proposed rules from CMS and ONC — for greater consumer empowerment and wider sharing of device data.
Suffice it to say, more state and federal regs for consumer health companies will be forthcoming.
We spoke recently with Deven McGraw, general counsel and chief regulatory officer for consumer health tech startup Ciitizen and former chief privacy officer at ONC, and Vince Kuraitis, whose consultancy, Better Health Technologies, has been especially focused recently on emerging data-driven business models, about some of the challenges of the existing health data privacy landscape.
“The yin-yang approach to privacy and data use has been around for as long as we’ve had privacy law,” said McGraw. “But it has become more salient now.”
She added: “You can’t resolve this without some sort of legislative activity.”
But Kuraitis said that’s a prospect that many companies may be starting to welcome.
“What’s changed here is that you now see even the large tech companies saying, ‘Give us regulations,'” said Kuraitis. “They have fears of a lack of harmonization of guidelines and regulations, at an international level with what’s going on in Europe, and they’re also fearful of 50 states adopting for 50 different sets of privacy laws.”
In the meantime, the mere fact that companies such as CTA’s members are thinking so in-depth about the implications of their data policies is a clear sign that they recognize consumers are more savvy and empowered about how their data is put to work than they once were.
ON THE RECORD
“These privacy guidelines, developed with consensus among industry stakeholders, will help give both individuals and companies the confidence to invest in innovative technologies which will improve health,” said Gary Shapiro, president and CEO of CTA, in a statement. “The CTA Privacy Principles demonstrate that health tech companies understand they must be trusted stewards of patient data.”