Period Tracking Apps: Does HIPAA Protect My Data?

After the reversal of the Roe v Wade supreme court decision in a devastating June 24, 2022 ruling, people with female reproductive organs throughout the country are deleting their period tracker apps.

What is a period tracker app?

Period tracker apps are a type of phone application that people with periods use to keep track of their reproductive cycle.

These apps help users know what part of their cycle they are currently in, highlighting things like ovulation and period dates. The apps may provide insight into whether a user's cycle is abnormal or if they skipped their period.

Why are people deleting their period tracking apps?

Because of the Roe v Wade ruling, people with uteruses worry about their data being protected. The data collected from these cycle tracking apps could potentially be used to penalize anyone seeking to consider abortion.

When downloading an app, the user usually agrees to the terms put forward by the app. These terms are typically long-winded and full of jargon that most people do not bother to read. By accepting the terms, a user agrees to their information being collected, retained, and shared.

A study conducted in 2019 revealed that 79% of "health" apps that users frequented to monitor drugs, medicine, and prescribing information regularly shared and sold the user data without being transparent to the users.

Even if a company outside the United States owns the app, the company may comply with legal requests for the data. Data may also be stored elsewhere, making it subject to review from legal parties.

Does HIPAA Protect My Cycle Tracking App Data?

HIPAA stands for Health Insurance Portability and Accountability Act. According to HHS.gov, "The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other individually identifiable health information (collectively defined as "protected health information") and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically."

Because health care providers do not own these third-party cycle tracking apps, the apps do not need to adhere to HIPAA regulations. This means that all data on the apps can be used without regard to a person's right to a person's medical privacy. Users willingly use these apps to store their data, agreeing to their data being shared when agreeing to the terms and conditions of the app.

Will the apps change their policies to protect my data?

The Wall Street Journal reported in 2019 that the popular app, Flo, leaked sensitive data to companies like Facebook and Google. The data leaked included personal information to ad companies to target advertisements to app users based on where they were in their cycle. They did this despite transparency, the company bosting the phrase "your body, your data" to falsely gain trust from users.

Flo did respond to the Roe v Wade ruling that they are creating an anonymous mode for its users to track their data without their identity being attached. However, this only protects someone's identity. The app will likely still use and sell user data.

It is important to note that apps like Google Maps and even game apps can be used to collect and sell data about its users that can be used against people with uteruses.