The Inevitable Showdown to Control the Data from Your Fitness App

By now, most of us have heard about the health tracking capabilities of HealthKit, part of Apple’s latest iPhone operating system, iOS 8. HealthKit offers the ability of users to track and share personal health and medical data such as diet, exercise and activity. The Apple Watch will have a heart rate sensor, GPS, and have the ability to track distance traveled and calories burned. Of course, tracking health and fitness related data is not new as other manufacturers have already marketed similar devices such as Fitbit, and the Nike + Fuelband. The wearable fitness market is expected to top $1.15 billion this year, an increase of 35% from last year.

With all this health and fitness data floating around, you know the government regulators cannot be far behind. That is why the Federal Trade Commission is in talks with Apple to make sure that the health data collected from its mobile and wearable devices is not used without the owner’s consent. (http://www.toptechnews.com/article/index.php?story_id=120003R51IMO) The issue for the future, however, is which government agency will eventually control this market. The FTC has become the government’s watchdog for consumer privacy, but the Food and Drug Administration controls the development and marketing of medical devices. (Whether health and fitness apps are medical devices is another story for another post!) The Department of Health and Human Services may not want to be left out as they oversee the privacy and security of Protected Health Information (PHI) in the possession of medical providers, raising the question of whether companies like Apple will at some point be considered a medical provider by virtue of their collection of this information. In the end, each agency might want a piece of the regulatory authority.

This is yet another example of the law having to catch up to the technology. Until these issues are decided, my advice to the users of HealthKit and other health and fitness mobile apps, is to read the privacy notice of the manufacturer, and know what they can and cannot do with your data. Do not take privacy for granted. Be in control of your data, and exercise your ability to deny permission for your data to be used in a manner which you find objectionable.

If you would like to subscribe to my weekly eNewsletter with a round-up of Data Privacy and Security News, send me an e-mail at rsheinis@hallboothsmith.com.

By: Richard Sheinis, Esq.