Privacy aspects of direct-to-consumer artificial intelligence/machine learning health apps

Sara Gerke, Delaram Rezaeikhonakdar

Research output: Contribution to journalArticlepeer-review


Direct-To-Consumer Artificial Intelligence/Machine Learning health apps (DTC AI/ML health apps) are increasingly being made available for download in app stores. However, such apps raise challenges, one of which is providing adequate protection of consumers' privacy. This article analyzes the privacy aspects of DTC AI/ML health apps and suggests how consumers' privacy could be better protected in the United States. In particular, it discusses the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Federal Trade Commission (FTC) Act, the FTC's Health Breach Notification Rule, the California Consumer Privacy Act of 2018, the California Privacy Rights Act of 2020, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and the EU General Data Protection Regulation (2016/679 – GDPR). This article concludes that much more work is needed to adequately protect the privacy of consumers using DTC AI/ML health apps. For example, while the FTC's recent actions to protect consumers using DTC AI/ML health apps are laudable, consumer literacy needs to be much more promoted. Even if HIPAA is not updated, a U.S. federal privacy law that offers a high level of data protection—similar to the EU GDPR—could close many of HIPAA's loopholes and ensure that American consumers' data collected via DTC AI/ML health apps are better protected.

Original languageEnglish (US)
Article number100061
JournalIntelligence-Based Medicine
StatePublished - Jan 2022

All Science Journal Classification (ASJC) codes

  • Medicine (miscellaneous)
  • Health Informatics
  • Computer Science Applications
  • Artificial Intelligence


Dive into the research topics of 'Privacy aspects of direct-to-consumer artificial intelligence/machine learning health apps'. Together they form a unique fingerprint.

Cite this