mobile apps – Privacy Design®

September 18, 2020September 18, 2020

California: AG settlement with Fertility App company

Xavier Becerra: ” Today’s settlement is a wake up call not just for Glow, but for every app maker that handles sensitive private data.”

Landmark settlement against GlowHQ – a fertility app that had serious privacy and security failures that risked exposing millions of women’s medical information.

As part of the settlement, Glow will be required to:

incorporate privacy and security design principles into its mobile apps,
get consent from users before sharing private information,
and allow users to revoke previously granted consent.

https://oag.ca.gov/news/press-releases/attorney-general-becerra-announces-landmark-settlement-against-glow-inc-%E2%80%93

Link to settlement: https://oag.ca.gov/sites/default/files/2020%2009-17%20-%20People%20v%20Upward%20Labs%20-%20Stipulation.pdf

Link to complaint: https://oag.ca.gov/sites/default/files/2020%2009-17%20-%20People%20v%20Upward%20Labs%20-%20Complaint.pdf

September 3, 2020September 3, 2020

New Health Apps Section on HHS.gov/HIPAA

OCR launched a new feature on HHS.gov, titled Health Apps. This new webpage takes the place of OCR’s previous Health App Developer Portal, and is available at https://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.html.

The new webpage highlights OCR’s guidance on when and how the Health Insurance Portability and Accountability Act (HIPAA) regulations apply to mobile health applications, including:

July 11, 2019

50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System

Paper https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf

July 11, 2019

CreditVidya’s Sai Baba app Was Made To Spy On Your Phone For Credit Ratings

https://www.huffingtonpost.in/entry/fintech-apps-privacy-snooping-credit-vidya_in_5d1cbc34e4b082e55373370a

June 13, 2019

HIPAA OCR Health Mobile App Developer Portal

https://hipaaqsportal.hhs.gov/

June 13, 2019

xcertia mhealth mobile app guidelines

https://xcertia.org/the-guidelines/

June 13, 2019June 13, 2019

NCCoE NIST Cybersecurity Practice Guide, Mobile Device Security: Cloud and Hybrid Builds

was released on February 21, 2019. For ease of use, the draft guide is available to download or read in volumes:

SP 1800-4a: Executive Summary
SP 1800-4b: Approach, Architecture, and Security Characteristics
SP 1800-4c: How-To Guides

https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/cloud-hybrid

June 13, 2019

HealthIT.gov – How Can You Protect and Secure Health Information When Using a Mobile Device?

https://archive.healthit.gov/providers-professionals/how-can-you-protect-and-secure-health-information-when-using-mobile-device

June 13, 2019

Spanish DPA (AEPD): Analysis of Information Flows in Android – Tools for compliance with Accountability

The objectives of the study focus on:

Defining the context and conceptual framework of the detection of the personal data communications in applications executed on an Android operating system.
Demonstrating the elevated risk in the mobile application environment of leaks of personal data and the need to carry out an evaluation of data flows
Studying the existing techniques for the detection and analysis of personal information flows in Android Applications.

https://www.aepd.es/media/estudios/estudio-flujos-informacion-android-en.pdf

June 5, 2019

HHS Clarifies HIPAA Liability Around Third-Party Health Apps

Interesting article that tries to summarize some of the latest HHS guidance. Includes “If the individual’s app – chosen by an individual to receive the individual’s requested ePHI – was not provided by or on behalf of the covered entity (and, thus, does not create, receive, transmit, or maintain ePHI on its behalf), the covered entity would not be liable under the HIPAA Rules for any subsequent use or disclosure of the requested ePHI received by the app,” officials explained.

https://healthitsecurity.com/news/hhs-clarifies-hipaa-liability-around-third-party-health-apps