Data Brokers and Health Apps Investigated Because of Privacy Practices

The House Committee on Oversight and Reform reported the start of an investigation to find out how data brokers and health application providers are accumulating and selling the personal reproductive health information of individuals. The investigation was prompted by the SCOTUS decision overturning Roe v. Wade because committee members were worried that the personal information of people receiving reproductive healthcare services might be abused.

The Chairwoman of the Committee on Oversight and Reform, Rep. Carolyn B. Maloney, the Chairman of the Subcommittee on Economic and Consumer Policy, Rep. Raja Krishnamoorthi, and Rep. Sara Jacobs sent a letter to five data brokers (Digital Envoy, SafeGraph, Placer.ai, Babel Street, and Gravy Analytics) and five health app providers (Flo Health, BioWink, Digitalchemy Ventures, Glow, and GP International) asking for documentation regarding how personal reproductive care data is collected and sold.

Big amounts of personal information are currently being gathered and sold, frequently with no knowledge of people. The data is employed to deliver targeted ads to individuals and for other purposes. There is a concern that the gathering and sale of this data might endanger the health, security, and privacy of U.S. citizens and healthcare companies.

Collecting sensitive information can cause serious risks to those receiving reproductive care and even to providers of this kind of care, not just by having invasive government surveillance, but also by allowing people to possibly encounter harassment, intimidation, or violence. Geographic information obtained via mobile phones could be employed to find individuals seeking care at hospitals, and lookup chat history talking about clinics or prescription medication generate digital breadcrumbs disclosing curiosity on abortion.

The Committee Members mentioned a research study publicized in JMIR entitled “Privacy, Data Sharing, and Data Security Policies of Women’s mHealth Apps: Scoping Review and Content Analysis,” which stated that 20 of the 23 most in-demand women’s health applications including reproductive health applications were giving user information to third parties, although only 52% of those applications acquired permission from users. The research discovered that many women’s mHealth applications had terrible data privacy, sharing, and safety requirements.

It is possible that information from health applications, particularly period trackers, can be employed to determine women who have gotten abortions. Data brokers are discovered to sell users’ location information, such as the location information of persons who went to healthcare clinics offering abortions. Lately, Google launched that it will additionally enhance privacy security by automatically removing the location information from Google accounts linked to consultations with healthcare companies that offer sensitive healthcare services, however, Google is not the sole provider that logs location information.

The data brokers and health application companies have until July 21, 2022 to answer and give the requested information.

Author: Joe Murray

Joe Murray is the Editor-in-Chief of HIPAA 101, where he leads the writing team in delivering high-quality news and insights on HIPAA regulations. With over 15 years of experience in healthcare journalism, Joe has established himself as a trusted writer. At HIPAA 101, Joe is dedicated to providing healthcare professionals and administrative staff with accurate, timely, and comprehensive information to help them navigate the complexities of HIPAA.