November 28, 2022

Volume XII, Number 332

Advertisement

California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information

On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers. The press release reminds health app providers that the CMIA requires businesses to preserve the confidentiality of medical information and prohibits the disclosure of medical information without proper authorization. It also urges mobile app providers to adopt robust security and privacy measures to protect reproductive health information. According to the press release, this should include, at a minimum, “assess[ing] the risks associated with collecting and maintaining abortion-related information that could be leveraged against persons seeking to exercise their healthcare rights.”

The press release touts California’s strong protections of reproductive freedom and states that “[s]ensitive health data must remain secure and never be used against individuals seeking critical healthcare and exercising their right to abortion.” Attorney General Bonta specifically encourages health apps to adopt the following practices to protect the privacy of reproductive health information:

  • developing and maintaining an information security program to protect reproductive health information against unauthorized access and disclosure;

  • using strong authentication protocols, including two-factor authentication;

  • obtaining affirmative consent from users prior to sharing or disclosing health or other sensitive information, and allowing users to revoke previously granted consent; and

  • training employees regarding online threats and privacy issues related to reproductive rights.

Attorney General Bonta also points out that, even if the CMIA does not apply to certain apps, other California laws with strong privacy protections may apply, such as the California Consumer Privacy Act, which has been in effect since January 1, 2020, and was recently amended by the California Privacy Right Act, which is set to take effect on January 1, 2023.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XII, Number 158
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement