A few weeks ago, FTC Commissioner Julie Brill made quite a stink about health data. She was concerned that companies collecting all of this health data might be able to predict health issues with it. She felt that she needed to get involved, reviewing policies to ensure compliance with HIPPA, which does not regulate the data she is referring to.
Good news: Brill is back and talking again about health data. She emailed VentureBeat this week, though I am not yet sure why. She had a lot to say, including,
I'm a big believer in the potential for data from mobile and wearable devices to help consumers lead healthier lives and improve public health, but appropriate privacy and security protections are critical to achieving this potential...
It's encouraging to see app developers and companies like Apple recognize that, if they're going to collect and use health data from consumers, they need to institute strong protections for this sensitive data.
In addition, I think Congress has an important role to play in encouraging innovations based on user-generated health data by enacting both data security legislation and baseline privacy legislation that address sensitive health information. And even before Congress acts, industry and other stakeholders should set out strong health data privacy and security best practices, to protect consumers and encourage the development of new products and services focused on consumer health.
Based on the comments in the email, I would assume that her decision to speak again, in this case to VentureBeat, is because of Apple's delay in releasing any and all HealthKit related apps for the newly released iOS 8. The thing that is most interesting to see in her comments is her apparent reversal on her positions. Today, according to the email, she believes that health data is good, not scary, and that Congress should be responsible for the possible legal issues, not the FTC.
This is a position I can get behind. If there are laws or regulations to be passed that handle health application data, it is Congress's responsibility to pass them. Are there possible issues involved here? Of course. However, as we are seeing here, companies that are involved, including Apple, are taking it upon themselves to ensure data security, in Apple's case to the detriment of the product's release schedule.
The other issue at hand is consumer confidence and choice. Before Congress gets itself involved in regulating the security of data collected by smartwatches and fitness bands, perhaps we should let these companies regulate themselves. Apple, which has proven itself not reliable in securing its photo data, IS concerned about protecting health related data. Will every company treat the data appropriately? Of course not. But this type of data should be trusted only to companies which you trust. Companies like Apple, Google, Microsoft, Fitbit and the like cannot afford to disrespect your data.
Because of this, a consumer should make an educated decision before giving their data over to anyone, right Julie? Well, she is still pushing for major regulation, with or without Congress's intervention. If they don't act, she will instead, legally or not. Hopefully her actions will not kill an emerging and already threatened marketplace: health.