FTC helps developers know which rules apply to their apps

Agency’s tool and guidance give direction on privacy laws that apply to apps.

The Federal Trade Commission is offering an interactive tool to help Web developers of mobile health apps know which federal laws may apply to their products. The agency also has issued guidance to developers on building privacy and security into apps.

The FTC built the tool with assistance from the HHS Office for Civil Rights and Office of the National Coordinator for Health Information Technology, as well as the Food and Drug Administration.

Depending on its functions and intended use, a mobile health app may need to comply with several federal laws, such as the FTC Act, FTC breach notification rule, HIPAA and the Federal Food, Drug and Cosmetics Act.

“As Americans become increasingly engaged in managing their health through diverse health IT products, this tool will provide product developers with access to the critical information and consistent guidance they need in order to innovate,” says Lucia Savage, chief privacy officer at ONC.

Also See: FTC steps up protection of consumer health data

The guidance for determining appropriate laws that may be applicable walks developers through a series of questions on the nature and function of an app, the data collected and the services provided to healthcare consumers.

Additional guidance on best practices for building privacy and security into apps covers eight broad topics: minimizing data, limiting access and permissions, keeping authentication in mind, considering the mobile ecosystem, implementing security by design, not reinventing the wheel, communicating the app’s security and privacy options to consumers, and determining applicable federal laws.

The interactive tool for understanding the laws is available here and the best practices guidance is here.

More for you

Loading data for hdm_tax_topic #better-outcomes...