Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherBrowse by ChannelAbout the NetworkJoin the NetworkProductsSub-MenuProducts OverviewBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAbout UsContactSubscribeSupport
Book a Demo
Search
Close

FTC Creates Compliance Tool for Mobile Health App Developers; Simultaneously Releases Business Guidance

By Jonathan Havens, Julia Kernochan Tama, Michelle C. Jackson & Venable LLP on April 6, 2016
Email this postTweet this postLike this postShare this post on LinkedIn

The Federal Trade Commission (FTC or the Commission) announced yesterday that it has created a web-based guidance tool for developers of health-related mobile applications (health apps).  FTC did not take this action alone, but rather developed the tool in conjunction with the Department of Health and Human Services’s (HHS) Office of the National Coordinator for Health Information Technology (ONC), Office for Civil Rights (OCR), and the U.S. Food and Drug Administration (FDA).  As some readers will recall, FDA is not new to this space, having released a seminal guidance document on mobile medical apps early last year.  In its guidance document, FDA addresses, among other things, those apps that FDA intends to regulate as medical devices under the Federal Food, Drug, and Cosmetic Act (FD&C Act) and those for which the agency intends to exercise its enforcement discretion.  OCR has also recently issued guidance in this area, providing examples of scenarios where the Health Insurance Portability and Accountability Act (HIPAA) regulations might apply to health information created, managed, or organized through the use of health apps.

The FTC’s new health apps tool asks developers a series of high-level questions about the nature of the app, including questions about its function, the data it collects, and the services it provides to users.  These questions include the following: 

  • Do you create, receive, maintain, or transmit identifiable health information?
  • Are you a health care provider or health plan?
  • Do consumers need a prescription to access your app?
  • Are you developing this app on behalf of a HIPAA-covered entity?
  • Is your app intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment or prevention of disease?
  • Does your app pose “minimal risk” to a user?
  • Is your app a “mobile medical app”?
  • Are you a nonprofit organization?
  • Do you offer health records directly to consumers (or do you interact with or offer services to someone who does)?

Based on the answers to these questions, the tool will point the app developer toward detailed information about certain federal laws that might apply to the app, including the FTC Act, the FTC’s Health Breach Notification Rule, HIPAA, and the FD&C Act.

Simultaneous with the release of the guidance tool, the Commission also issued a business guidance aimed at helping health app developers comply with the FTC Act, by building privacy and security into their apps.  Beyond the laws identified above, FTC notes in its business guidance that health apps could be subject to, among other things, the Children’s Online Privacy Protection Rule; the Gramm-Leach-Bliley Act’s Safeguards Rule and Privacy Rule; myriad state laws; and basic truth-in-advertising and privacy principles.

Given the proliferation of health apps, developers can expect increasing federal and state scrutiny over these products.  The veritable alphabet soup of potentially-applicable laws require that developers maintain a sophisticated understanding of both existing requirements and new requirements that are sure to come online over the coming months and years.

Julia Kernochan Tama

As a co-chair of Venable’s Privacy and Data Security Group, Julia Tama is a trusted advisor and advocate for large and small companies in a dynamic legal area. Julia helps clients resolve privacy and security compliance challenges and zealously defends companies against government…

As a co-chair of Venable’s Privacy and Data Security Group, Julia Tama is a trusted advisor and advocate for large and small companies in a dynamic legal area. Julia helps clients resolve privacy and security compliance challenges and zealously defends companies against government inquiries and enforcement actions. Her team is at the forefront of legal issues involving innovative technologies, including artificial intelligence (AI), machine learning, and connected vehicles. She takes a tailored, practical approach rooted in a fluent understanding of relevant technologies and each client’s unique business model and goals.

Read more about Julia Kernochan TamaEmail
Show more Show less
  • Posted in:
    Communications, Media & Entertainment
  • Blog:
    All About Advertising Law
  • Organization:
    Venable LLP
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • Resource Center
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center
  • Blogging 101

New to the Network

  • Tennessee Insurance Litigation Blog
  • Claims & Sustains
  • New Jersey Restraining Order Lawyers
  • New Jersey Gun Lawyers
  • Blog of Reason
Copyright © 2025, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo