PIRG’s comments on the FTC Health Breach Notification Rule
Health apps shouldn't be able to share our sensitive data with third party companies. The FTC is looking to rein them in with its Health Breach Notification Rule
Downloads
Health apps, websites and fitness devices aren’t covered by HIPAA, and that’s a problem. Right now, these tools can legally share your sensitive health data with third party companies, including tech companies and advertisers.
The FTC has taken action against companies like GoodRx for sharing data with Facebook, and it’s looking to strengthen rules stopping health apps from using our data however they like.
PIRG supports the FTC’s new focus on protecting consumers in the digital age. We submitted comments expressing our support and asking the FTC to take even further action.
Download our full comments.
To protect consumers, the FTC should:
- Finalize the proposed amendment to the Health Breach Notification Rule that expands the types of covered entities to include health apps, sites and fitness devices.
- Add data brokers and online advertising companies in the list of companies that have to follow the rule.
- Finalize the proposed change that would count the sharing of health data with third parties as a data breach.
- Add that the collection of unnecessary data also qualifies a data breach.
Along with our comments, we submitted over 9,600 petition signatures from PIRG members to the FTC encouraging it to take action.
Don’t Sell My Data
PIRG’s comments to the FTC on its big data rulemaking
PIRG and CDD’s comments to the CFPB on data broker dangers
Tell the FTC: Health apps shouldn’t share our data
Did you know that health apps like fitness trackers are allowed to share and even sell your private health information -- totally legally? Take action to put a stop to this practice and protect our data.
Topics
Authors
R.J. Cross
Director, Don't Sell My Data Campaign, PIRG
R.J. focuses on data privacy issues and the commercialization of personal data in the digital age. Her work ranges from consumer harms like scams and data breaches, to manipulative targeted advertising, to keeping kids safe online. In her work at Frontier Group, she has authored research reports on government transparency, predatory auto lending and consumer debt. Her work has appeared in WIRED magazine, CBS Mornings and USA Today, among other outlets. When she’s not protecting the public interest, she is an avid reader, fiction writer and birder.
Patricia Kelmar
Senior Director, Health Care Campaigns, PIRG
Patricia directs the health care campaign work for U.S. PIRG and provides support to our state offices for state-based health initiatives. Her prior roles include senior policy advisor at NJ Health Care Quality Institute, associate state director at AARP New Jersey and consumer advocate at NJPIRG. She was appointed to the Ground Ambulance and Patient Billing Advisory Committee in 2022 and works with patient advocates across the U.S. Patricia enjoys walking along the Potomac River and sharing her love of books with friends and family around the world.
Find Out More
VR risks for kids and teens
How to take more control of your Mastercard data
How Mastercard sells its ‘gold mine’ of transaction data
