It's important to be aware if your business is processing health data from users through the website or mobile app you're developing.
But what types of information are considered to be health data? Find out.
What is health data
The Article 29 Working Party clarified what is being classed as health data in respect of the data being processed by health and wellbeing apps.
They identified 3 main scenarios where personal data that's being processed by health and wellbeing apps will be considered to be health data:
- Data that is clearly or inherently medical data
- Raw data that the app has obtained from sensors, which is processed by the app and can be used independently or combined with other data to come to a conclusion about the user's health status or potential health risks
- Where conclusions can be drawn about the user's health status or health risks based on information gathered by the app
If the data being processed by your app falls under one of these 3 categories, you're processing health data.
This is a wide definition, which is not limited to only medical data and includes all information relevant to the user's health status. It does not matter the context the information was gathered in and whether or not the information points to the individual being in ill health - it is still considered to be health data.
The Working Party also refers to the proposed regulation, which clarifies that:
Information derived from the testing or examination of a body part of bodily substance, information about disease risks and information about the actual physiological or biomedical state of an individual independent of its source, also fall into the category of health data.
Information may be considered to be health data not only because of its nature but also because of the way it is processed.
This means that tracking information over time that seems to be insignificant in itself could be considered to be health data if it is combined with other data.
For example a person's height and weight are collected for BMI calculation, and then combined with information from a pedometer. This could be used to calculate increased disease risk, so it would be considered to be health data when used in this sort of combination.
However, it must be possible to show the relationship between the information collected and the ability to establish the health of an individual, based on the information on its own or the data in combination with other data.
What customers say about TermsFeed:
This really is the most incredible service that most website owners should consider using.
Easy to generate custom policies in minutes & having the peace of mind & protection these policies can offer is priceless. Will definitely recommend it to others. Thank you.
- Bluesky's review for TermsFeed. Read all our testimonials here.
With TermsFeed, you can generate:
Privacy guidelines for health apps
Here's a checklist to help you determine whether your website or mobile app collects health data:
- Express consent must be obtained unless the data is being processed in a strict medical context. This consent must be explicit.
- You will always need to get an explicit consent when your health or wellbeing website/app processes the location of the user, e.g. asks the user for the current location.
Here's how an iOS app asks the user for the current location:
- Clear and accessible information regarding what type of data you collect (both personal data and health data) must always be provided to users before they install the app.
Here's how it's linked on the website:
- The following must be disclosed to users:
- If their data will be protected by medical secrecy.
- If their data will be collated with other data collected from other sources or data already stored on the device.
- The reasons why the data will be processed and who it will be disclosed to should be made clear to the user.
These reasons must be compatible and legitimate.
If the above is not disclosed to the user, their consent can be deemed to be invalid.
- Implement proper anonymization techniques and other risk reducing measures: privacy by design and data minimization.
Examples of health apps
If your mobile app is built for iOS, use HealthKit. HealthKit is described as:
An entirely new way to use your health and fitness information. The new Health app gives you an easy to read dashboard of your health and fitness data. And we've created a new tool for developers called HealthKit, which allows all the incredible health and fitness apps to work together, and work harder, for you. It just might be the beginning of a health rebellion.
If you have an app that processes health data, you should make sure it is compatible with Apple's HealthKit to make sure users have an even easier way to manage the way their health data is being processed.