Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Using consumer health data: Some considerations for companies

As the FTC staff discussed at a seminar about consumer generated and controlled health data, people are turning to apps, devices, and websites to manage their own health information. Yesterday we talked about the contours of the compliance landscape. Especially when it comes to the sensitive subject of health data, one key takeaway is the importance that sound privacy and security practices can play in developing consumer confidence. Here are some more considerations if you or your clients are entering this burgeoning marketplace.

Think through what you collect and how you use it.  Companies in this industry have said they need to collect personal data for functionality purposes. As we discussed in the the Internet of Things report, innovation abounds. But it’s also important to put sensible policies in place regarding the collection and retention of consumer data. After all, the more you collect, the greater the risk it could be hacked or used for unintended purposes. Is there a way to collect less data – or less sensitive data – to accomplish your business goals?

Is “de-identification” an option?  Another way to reduce risk is to de-identify the data you collect. Here is an example from the Internet of Things report. A university hospital offers a website and an associated app that collects information from people – including geolocation – so users can find and report flu activity in their area. But instead of maintaining a public list of who reported what, the hospital posts the data in anonymous and aggregate form. That way, the hospital can accomplish its health-related goals while also maintaining consumer privacy. To ensure accountability, companies that take this approach should also commit not to re-identify the data. Another key component is making sure third-party contractors are barred from re-identifying it, too.”

Sorry, comments are closed for this post.