Health apps have to publicize data breaches, but that won’t stymie consumer uptake

The news: The FTC agreed on a policy requiring app makers capturing sensitive consumer data and health records to inform the FTC, US consumers, and in some cases, the media in the event of any security breaches.

  • Failure to comply could result in companies $43,792 daily fines per violation.
  • For context, this policy is over a decade old—but this week, the FTC agreed on a new policy statement affirming health apps and wearables must comply with the rule, since it wasn’t being enforced and was misunderstood by most companies.

Why it matters: Developers released thousands of digital health apps last year alone, most of which have the ability to collect and share sensitive user data.

  • More than 90,000 health apps were released last year (around 250 per day), according to IQVIA’s new Digital Health Trends 2021 report.
  • And most of the digital health apps on the market are subject to data breaches, considering 88% of mobile health apps have the ability to collect and share user data, per IQVIA.

But—consumers may not care about data breaches as much as the FTC does: About 60% of US wearable device consumers 14+ say they’re not concerned about the privacy of their data collected by smartwatches or fitness trackers, per a July 2021 Deloitte Connectivity and Mobile Trends report.

  • This means consumers aren’t likely to stop using a wearable device or health app if it’s been involved in a data breach.
  • So, digital heath vendors will want to comply with the FTC mandate to avoid the hefty fines: Failure to notify users or the media of a data breach could result in over $500K in fines after two weeks of noncompliance alone, for example.

Report watchlist: We’ll drill into how consumers view their healthcare privacy data in 2021 in our upcoming report, Healthcare Data Privacy 2021: Providers Race Against Ransomware, publishing this week.