State AGs Urge Apple to Improve Privacy and Security Controls for Reproductive Healthcare Data

A team of 10 state Attorney Generals lately sent a letter to Apple CEO, Tim Cook, telling the company to use tougher privacy and security settings for programs accessible via the Apple App Store that monitor, gather, store, or transfer reproductive health information. Attorney General of New Jersey, Matthew Platkin, wrote the letter. The attorneys general of Connecticut, California, Illinois, North Carolina, Massachusetts, Oregon, Vermont, Washington, D.C., and Washington signed the letter.

The Supreme Court in Dobbs v. Jackson Women’s Health Organization made a decision to take away the Federal right to an abortion and empowered individual states to create their law on abortions. A number of states have already presented bans or prohibitions on abortions. The state AGs are worried that the health data accumulated using health applications may be weaponized against individuals by law enforcement, individuals, or private organizations.

AG Platkin reported a study performed by the Mozilla Foundation about the most used reproductive health applications to evaluate the safety of health applications and how the applications gather, utilize, share, and keep user information. The privacy guidelines of numerous apps were opaque, particularly concerning disclosures to authorities. 18 of the 25 applications, which include period trackers, pregnancy/fertility applications, and health and fitness applications, either did not follow appropriate privacy and security procedures or obfuscated the extent of the information gathered by the applications. Most of the apps likewise didn’t meet minimum requirements for safety, for example encrypting information, giving automatic security upgrades, not requiring solid passwords, and having a clear and quickly accessible privacy policy. Most of the applications additionally caused users to enter information that was beyond the extent of the medical services provided by the applications.

The AGs state the privacy and security breaks related to health applications available from the App Store endanger the privacy and security of App Store clients, and that operates directly counter to Apple’s expressed commitment to safeguarding user information. Apple claims that good privacy controls are integrated into the Apple Health application, for example, 2-factor authentication, and health data encryption right up until an Apple iPhone is unlocked by utilizing a passcode, Face ID, or Touch ID. Health information is likewise encrypted at rest and in transit while it is synced to iCloud, and the most recent version of iOS and watchOS have standard 2FA and passcode-limited access, meaning Apple cannot see users’ health information. Apple additionally claims that there are currently fine-grained settings for third-party health applications that make use of the HealthKit framework, which allow people to define what data may be read by the applications, and end users of third-party applications need to either give or reject permission for every app to read and write information to the HealthKit shop.

The state AGs state Apple hasn’t done enough to safeguard end-user privacy and has advised Apple to keep going. They have required Apple to

  • teach third-party application creators to remove non-essential end-user information, for example, location background, search history, and other related data of clients who may be acquiring access to reproductive medical care.
  • show clear and visible notices informing iPhone end users that there is a chance of
  • disclosing reproductive healthcare information to third parties, o requiring all third-party
  • application creators to just share reproductive healthcare information when they are given a valid subpoena, court order, or search warrant.

Third-party applications that gather, use, keep, or transfer reproductive health information, or that synch with end-user health information on Apple devices, must be instructed to match or surpass the privacy and security criteria of Apple. In case any health application doesn’t satisfy these requirements, Apple ought to get rid of the applications from the App Store, and must carry out regular audits of applications to make sure of standard compliance.

[The] use of an application or service must not come at the expense of customers losing power over their health information. So, Apple ought to follow these steps to guard the reproductive health privacy of consumers. These actions will make sure that Apple remains faithful to its dedication “to give a secure experience for end users.

About Christine Garcia 1192 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA