HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Consumer Technology Association Publishes Privacy Guidelines for Handling Health and Wellness Data

The Consumer Technology Association (CTA) has released data privacy guidelines to help companies better protect health and wellness data.

The guidelines have been developed to help CTA members address tangible privacy risks and securely collect, use, and share health and wellness data from health/wellness apps, wearable devices, and other digital tools.

The guidelines – Guiding Principles for the Privacy of Personal Health and Wellness Information – were developed by the CTA to help members address privacy gaps, discover consumer preferences, and earn consumer trust.

“[The] privacy guidelines, developed with consensus among industry stakeholders, will help give both individuals and companies the confidence to invest in innovative technologies which will improve health,” explained CTA president and CEO, Gary Shapiro. “The CTA Privacy Principles demonstrate that health tech companies understand they must be trusted stewards of patient data.”

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Consumers now have access to a plethora of apps, devices, and digital tools that let them keep track of their health metrics, improve wellness, and manage their health and medical conditions. These tools help to engage consumers in their own health and wellness, make informed decisions to improve their health, and even access and share their medical information with others. Consumers benefit from these tools through improvements to their health and healthcare companies can use the aggregated data collected by these tools for research. That can lead to faster diagnoses and treatment for health conditions.

However, recent data breaches have raised concerns among consumers about how their information is collected, stored, and shared, and privacy scandals have made consumers much more aware about secondary uses of their data. These incidents have undermined trust in wearable devices and health apps, which is something that the CTA hopes to address with the guidance.

Initially the aim was to address privacy concerns around wearable devices, but the focus has since been expanded to cover apps and other digital tools. The CTA has been working with CTA members such as IBM, Humetrix, Humana, Validic, and Doctors on Demand to develop the guidelines, which cover the collection, storage, use, and sharing of health and wellness data.

The guidelines serve as a voluntary framework to improve privacy protections and security for health data and are intended to establish a baseline for privacy and security.

The guidelines are based on five key principles:

  • Being open and transparent about how health and wellness information is collected and used
  • Being careful how personal health information is used
  • Giving consumers control over the uses and sharing of their health information
  • Implementing strong security to protect health data
  • Being accountable for practices and promises

The guidelines incorporate some flexibility to ensure they can be adopted by companies of all types and sizes. While they are primarily intended for CTA members, they can also be adopted by non-HIPAA covered app developers, service providers, technology companies, and firms that are just entering the health and wellness sphere.

The guidelines are also available to consumers to let them learn more about CTA principles and make informed decisions about the companies they choose to interact with.

The privacy guidelines can be downloaded from the CTA Tech website on this link (PDF).

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.