Since May 25 the General Data Protection Regulation (GDPR) is in place. A good reason for health apps to finally take data privacy and protection seriously.
With the new GDPR many aspects concerning data privacy are much more restricted now. This mainly concerns responsibilities regarding transparency and information. Thus, health app providers run the risk of fines, if they do not comply with these regulations.
Privacy by Design
According to the principles of privacy by design and privacy by default the GDPR requires privacy-friendly technical default settings for devices and software. Health app providers should handle medical data very carefully, since it is known to be highly sensitive information. When in doubt providers should get legal advice. In general health apps should be built in a way that they do not process more data than the user has approved them to process.
Many health app providers are based in the U.S. and therefore store data on U.S. servers. At the moment the legal situation concerning the EU-US-Privacy-Shield is unclear. This also concerns U.S. companies with headquarters and call centers in Germany. The GDPR always applies, if personal data inside the EU or related to the EU is collected.
Data Privacy and Protection Seal of Quality
Since there is still no seal of quality for medical devices, it is ever more important for providers to get their health apps certified by an independent data privacy and protection institution.
Software Development Kit for Health Apps
If you are a health app provider or start-up and you do not want to go through the hassle of getting your app certified, you can simply use a secure backend e.g. by HealthDataSpace. With the help of their software development kit you are able to securely store the data your health apps is collecting. Third-party provider can encrypt, decrypt or store data as well as share data securely or communicate via secure messaging.