An Apple Watch shows its wearer's heart rate in real time.
Medical data is too sensitive for companies to exchange it lightly. The United States regulator, the Federal Trade Commission (FTC), has just put companies that manage health-related applications on notice that any movement related to this type of information must be made with the consent of the affected user. If not, the responsible company will face fines of up to $ 43,792 per violation per day. The movement is especially relevant because most of the big technology companies (Amazon, Google, Microsoft or Apple) have recently launched an assault on the healthcare market.
US regulations have traditionally been lax when it comes to protecting privacy.
With one important exception: health data.
The Health Insurance Transfer and Accountability Act (HIPAA) set the standards in 1996.
It was prohibited to provide medical data to anyone other than the patient himself, unless he had his consent.
A 2009 rule, the Health Breach Notification Rule, extended those responsibilities to the digital environment: companies subject to HIPAA must maintain the same confidentiality in cyberspace.
More information
Large technology companies launch an assault on the healthcare market
The lawyer who threatens the reign of big technology
The new FTC order further broadens the focus of the regulation: companies whose main activity is not health but still manage medical data must also comply with the same guarantees. Although it does not mention them, the regulator refers to companies such as Google, Apple, Amazon or Microsoft, which have been collecting this type of data from various sources, such as connected devices or applications.
“The Commission has realized that health applications, which can track everything from diabetic blood glucose levels to parameters related to fertility or hours of sleep, increasingly collect sensitive and personal data from consumers. ”, Highlights the FTC statement.
"These applications have a responsibility to ensure that they keep the data they collect secure, which includes preventing unauthorized access to that information."
Health-related applications and other connected devices, the FTC notes, are not only widely used by the population, especially after the pandemic, but are also coveted targets for cybercriminals.
"And yet, there are few protections for your privacy," the report said.
1. At @ FTC's open meeting this week, we put health apps on notice for privacy breaches, opened up rulemaking petitions to the public, and withdrew permissive merger guidelines.
Staff also presented findings on unreported acquisitions by large tech firms.https: //t.co/CcCOfBrYel
- Lina Khan (@linakhanFTC) September 17, 2021
“Although [the 2009 regulations] impose some measures to hold technology companies that misuse our information to account, there is a problem with people's sensitive medical information being commercialized. Businesses can use that information to feed their targeted advertising or analytical tools, ”said Commissioner Lina M. Khan in a statement. "Given the prevalence of targeted advertising, the Commission should monitor what data is collected and whether the business models that develop around it create incentives that put the security of that data at risk," he added.
In the European Union, if a company wants to share the personal data of its customers with other companies, it must make it known to the user. This is established by the General Data Protection Regulation (RGPD), one of the most guaranteeing regulations in the world in this regard. American regulation has always been more permissive in terms of privacy than in Europe. “There are regulations that defend the privacy of users, like the one in the State of California, but there is still no federal regulation. In general, they are less strict, although the trend is that little by little they will converge with us ”, explains Borja Adsuara, an expert in digital law.
"In the United States, the regulations do not usually place as much emphasis on the protection of individuals, but companies know that if they break the law they will be persecuted relentlessly," says Frederic Llordachs, co-founder of Doctoralia, a portal for recommendation of physicians that he defines as "the Booking of doctors" and a good connoisseur of the regulations applicable to the sector.
The technological assault on health
The FTC order is a clear warning to big tech that the regulator is going to be aware of how they treat medical data. The health sector is, in fact, one of those that currently exert the most attraction on GAFAM (Google, Amazon, Facebook, Apple and Microsoft). Perhaps the most ambitious bet in this regard is Amazon Care, a program already available in some cities in the United States that combines telemedicine through its own application with doctor's home visits.
Microsoft, for its part, in April spent about 16,500 million euros to buy Nuance, the most respected artificial intelligence and speech recognition company in medical environments. As it was the second largest acquisition in the company's history (it only spent more, about 22,000 million, when it bought LinkedIn), the message it gave to the industry was clear: they want to become the benchmark in the processing of healthcare data.
Alphabet, the parent of the world's most used search engine, has an entire division, Google Health, dedicated to "developing tools and initiatives that help everyone make more informed health decisions."
One of the pillars of its strategy, according to its website, is to make medical information more accessible.
As for Apple, the company's efforts to collect data on the health of users of its products, especially the iPhone and Apple Watch, is well known.
These companies and many others should be more careful from now on with the treatment they apply to their users' data.
"The FTC must use all the tools at its disposal to protect users' medical data, although we also have to control the business models that monetize it," Khan tweeted.
You can follow EL PAÍS TECNOLOGÍA on
and
or sign up here to receive our
weekly newsletter
.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/HEDL2EH5ZFDPDOL7RYY65YOJQA.jpg)
