Data Brokers and Health Apps Probed Over Privacy Practices

On Friday, the House Committee on Oversight and Reform announced that a probe has been initiated to determine how data brokers and health app companies are collecting and selling individuals’ personal reproductive health data. The probe was initiated as a result of the SCOTUS decision that overturned Roe v. Wade, as members of the committee were concerned that the personal data of individuals seeking reproductive healthcare services may be misused.

Rep. Carolyn B. Maloney, Chairwoman of the Committee on Oversight and Reform, Rep. Raja Krishnamoorthi, Chairman of the Subcommittee on Economic and Consumer Policy, and Rep. Sara Jacobs, wrote to five data brokers (SafeGraph, Digital Envoy, Placer.ai, Gravy Analytics, Babel Street) and five health app companies (Flo Health, Glow, BioWink, GP International, and Digitalchemy Ventures) requesting documentation on how personal reproductive care information is collected and sold.

Huge amounts of personal data are now being collected and sold, often without the knowledge of individuals. The information is used to serve individuals’ targeted advertisements and for other reasons. There is concern that the collection and sale of this information may put the health, safety, and privacy of Americans and healthcare providers at risk.

“The collection of sensitive data could pose serious threats to those seeking reproductive care as well as to providers of such care, not only by facilitating intrusive government surveillance, but also by putting people at risk of harassment, intimidation, and even violence,” explained the Committee members. “Geographic data collected by mobile phones may be used to locate people seeking care at clinics, and search and chat history referring to clinics or medication create digital breadcrumbs revealing interest in an abortion.”

Please see the HIPAA Journal Privacy Policy

The Committee Members cited a study published in JMIR – Privacy, Data Sharing, and Data Security Policies of Women’s mHealth Apps: Scoping Review and Content Analysis – which found that 20 of the 23 most popular women’s health apps, which include reproductive health apps, were sharing user data with third parties, even though just 52% of those apps obtained consent from users. The study found that most women’s mHealth apps had poor data privacy, sharing, and security standards.

There is concern that data from health apps, especially period trackers, could be used to identify women who have had abortions. Data brokers are known to sell users’ location data, including the location data of individuals who have visited healthcare clinics that provide abortions. Recently Google announced that it will further improve privacy protections by automatically deleting the location data from Google accounts related to visits to healthcare providers that provide sensitive healthcare services, but Google is not the only company that records location data.

The data brokers and health app providers have been given until July 21, 2022, to respond and provide the requested data.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.