Skip to Main Content

Medical and Health Data Privacy: HIPAA and Beyond: Health Data Not Covered by HIPAA


But the HIPAA privacy laws that protect patients in a medical setting don’t apply to companies that do direct-to-consumer genetic testing. That means that as long as their terms of service don’t specifically prohibit it, these companies can conduct research on your genetic data, sell it, or share it with third parties.

Apps that require users to enter their own information may not have to comply with HIPAA. Take, for example, a fitness-tracking app that asks for the weight, height, and medical background of the end user. If the end user enters this data on their own using their own equipment (i.e., scale, blood pressure machine), then the app developer does not have to comply with HIPAA.

But if an app is developed for a covered entity or is used as a service provided by a business associate, HIPAA may apply to the app developers.  A good example would be an insurance provider that has an app for consumers that tracks the status of claims and coverage details. The information in the app is populated directly by the insurance provider, which would mean this app and the information collected falls within scope of HIPAA.

US Code

Consent Decrees

HIPPA and School Records