Health-focused smartphone applications and internet of things (IoT) devices such as wearable fitness trackers (together, “mHealth”), offer a chance to monitor and manage health during the time spent away from a doctor. Unfortunately for consumers, much of personal health data generated by these devices and applications is critically unprotected by existing privacy laws in the United States. Due to the inadequacy of the current regulatory framework, there remain five crucial gaps of oversight and protection which plague many of these health-focused apps and devices: (A) Difference in Individuals’ Access Rights; (B) Difference in Re-Use of Data by Third Parties; (C) Difference in Security Standards Applicable to Data Holders and Users; (D) Differences in Understanding of Terminology About Privacy and Security Protections; and (E) Inadequate Collection, Use, and Disclosure Limitations. This Note explores these oversight gaps and analyzes whether proposed and emerging solutions can meet this fundamental regulatory need. These solutions range from sweeping industry-agnostic privacy legislation to proposals targeted to this specific problem in mHealth. Overall, this Note will weigh the costs and benefits of these options as they are currently understood.
