Premom Ovulation Tracker, developed and distributed by Easy Healthcare, has agreed to settle a Federal Trade Commission (FTC) complaint alleging unlawful data sharing.
Premom is an app designed to track an individual's ovulation, period, and basal body temperature to assist in child conception. The app has women upload photos of ovulation test strips for analysis and allows users to import other health data.
From 2017 to 2020, the terms and conditions stated that the app would not and would never sell information about users' health to third parties or advertisers.
The FTC alleged that the company deceived users by sharing personal information with third parties, including AppsFlyer, Google, and two other China-based firms. The incident allegedly violated the Health Breach Notification Rule and affected hundreds of thousands of users.
Now, the company faces a penalty of $200,000 to state and federal authorities and are also banned from sharing personal health information.
Why it matters
According to CNN, the incident highlights regulator's focus on fertility and period trackers in the aftermath of the Dobbs v. Jackson case, which overturned many states' abortion protections.
Related: Reproductive health data isn't always protected under HIPAA.
Furthermore, some of the data shared with Chinese companies Jiguang and Umeng could be disclosed to third parties and contained identifiable information, including WiFi network names and hardware IDs. In the worst-case scenario, third parties could track individuals' unique fertility situations.
What was said
Premom has yet to release a public statement on the issue. According to CNN, DC Attorney General Brian Schwalb said, "With reproductive rights under attack across the country, it is essential that the privacy of healthcare decisions is vigorously protected." Schwalb added that he plans to ensure that his office protects against "unlawful encroachment on access to effective reproductive healthcare."
Samuel Levine, Director of the FTC's Bureau of Consumer Protection, stated to CNN, "Premom broke its promises and compromised consumers' privacy." The director said the FTC would continue enforcing the Health Breach Notification Rule. "Companies collecting this information should be aware that the FTC will not tolerate health privacy abuses," Levine added.
This is the second enforcement action involving the Health Breach Notification Rule and follows the settlement with GoodRx Holdings Inc. In GoodRx's case, the FTC alleged that the telehealth company failed to notify users of unauthorized disclosures of personal health information.
While not all health information related to fertility is protected, Premom shared information without telling users, getting permission, or limiting what companies could do with the information.
Read More: What is the Health Breach Notification Rule?
The bottom line
Premom will now face a large penalty, setting a precedent for other healthcare apps to be careful with not only following the Health Breach Notification Rule, but also ensuring they are accurately representing their privacy terms and conditions.
Despite Dobbs v. Jackson affecting women's healthcare in many states, fertility and period tracker apps remain popular, requiring a steadfast adherence and understanding of HIPAA compliance regulations.