Additionally, companies need to be mindful of federal privacy laws. For example, the Federal Trade Commission has become increasingly concerned with the failure of children’s-app developers to explain to parents the kinds of personal information the apps collect from children. The problem is widespread, as the FTC reviewed 400 popular children’s apps and found that only 20 percent disclosed their data collection practices. This nondisclosure could violate the Children’s Online Privacy Protection Act, a federal law that requires web site operators to get parents’ consent before collecting or sharing certain information obtained from children under 13. The FTC is in the process of tightening these protections, but not without pushback from major tech companies, who claim that the FTC’s proposals could inhibit the development of apps and other services for children. However, children’s-app developers are not the only entities that should be mindful of these developments. The FTC is investigating a wide array of app and internet activity, including activities that more directly intersect with healthcare such as peer-to-peer file sharing and certain online advertising practices.
Figuring out whether your telehealth company is regulated under HIPAA is certainly of the utmost importance. But even if your telehealth company is not HIPAA-regulated, you are not out of the woods yet. As we venture further into the age of mobile computing, and the associated privacy concerns become more publicized, states and federal agencies will be increasingly vigorous in going after telehealth companies that collect personal information.