California Spotlights Mobile Applications and Privacy: The Impact on the App (Including the mHealth) Industry

The relationship between privacy and mobile applications is coming into focus. On February 27, 2012, the California Attorney General entered into a Joint Statement of Principles with the six largest mobile application companies – Apple, Google, H-P, Microsoft, Amazon and RIM – regarding consumer privacy and transparency issues when data is collected through an app. http://ag.ca.gov/cms_attachments/press/pdfs/n2647_agreement.pdf. The Five Principles set parameters for good practice. Although not legally binding, the AG promises to review compliance in the fall, and may use California laws on privacy, false advertising, unfair business practices and others as enforcement tools. Since California often leads the way in privacy enforcement it is likely that other states will follow suit.

What are the ramifications of this development for mobile medical (mHealth) apps? A medical app developer must take into account privacy issues, particularly if it collects or assists with the collections of personal data. In addition, a mobile medical app provider must consider any HIPAA requirements, such as would apply if the app was offered by a health care provider or payor to a consumer, or used internally (e.g. transfer of data by physicians in a hospital). HHS has established an mHealth Initiative to review the emerging mHealth area and to develop guidance. In sum, privacy is quickly becoming an important compliance area for mHealth stakeholders: device makers, software and app developers, platform providers, investors, health care providers and payors, and consumers. Keep an eye on developments and enforcement activities in this area.