By Camille Stecker

Growing demand for mental health services on college campuses has resulted in the development of dozens of mental health apps. However, with a high demand universities and colleges need to consider the consequences of sensitive student information on app platforms. Mental health apps are not always considering young students’ privacy rights. Therefore, not all mental health apps are protecting student data or information. This blog will further analyze the privacy rights of students who use mental health apps.

The innovation of apps for health and wellness is a rapidly growing industry with wide possibilities for cost-effective healthcare. Mental health apps claim to offer “information, diagnosis, monitoring, treatment and support in relation to mental health systems, behaviors or illnesses.” However, the apps may not be aware of the healthcare regulations required to ensure privacy control.

The easy and fast assistance in times of need are beneficial for a generation whom prefers technology over in person conversations. One of the leading appeals of mental health apps is the fact that college students are not required to make appointments. Also, through the use of mental health apps, students’ anonymity is preserved since the apps provided resources such as “hundreds of videos, several hundred interactive exercises, a mindfulness library, self-assessments and logs to practice new skills.”

Therefore, traditional medical settings are vanishing in many ways, such as students not looking at doctor credentials or making sure their privacy is protected. In traditional medical settings, medical professionals are required to follow strict federal and state rules governing medical privacy. Rather instead of ensuring their privacy is protected, students are interested in the convenience of new medical apps. As a result, students are not aware that some apps are releasing their information to third-parties, because when they use the apps they are actually giving up their privacy rights.

Experts have come to realize that mental health apps “thrive on data; the more an app learns about a user, the more it can customize the experience.” The apps ask users questions about their daily routines, thoughts and symptoms. Mental health apps are compliant with Health Information Portability and Accountability Act (HIPAA) except in relations with information privacy. Not only are students’ private information shared on the app vulnerable to lack of privacy laws, but once the app is downloaded to a student’s phone their “location tracking, audio and phone contacts” are shared with the app or sold to third parties.

According to HIPAA, health care providers are required to follow HIPAA privacy rule which is a federal law that establishes protections for individual health information. HIPAA is a baseline for privacy laws, but health care providers are required to follow more privacy protected federal and state laws requiring patient’s consent before disclosing private health information. Even though HIPAA provides a baseline rule for medical information, HIPAA does not apply to “user-generated data.” Currently, mental health apps are not required to follow HIPAA privacy rules, so student’s medical information generated on the apps through self-assessments and quizzes not breaking any laws if sent to a third party.

Since colleges and universities suggest freshman college students to download use the mental health apps to help transition new students to living on their own and the stress of studies and social interactions it is recommended that the apps not only follow HIPAA but the Family Educational Rights and Privacy Act (“FERPA”). Mental health apps that are used on college campus should comply with FERPA especially with universities that receive federal funding and should therefore protect students’ private educational records.

Often times universities and colleges require students to download and use mental health apps, then students’ information received through the apps should be protected by FERPA. Although this is not a viable option. Universities and colleges are not given any educational records, which in this case would include certain student health records, when students download the app and accept all conditions. Instead, the university does not have access to the information generated through the use of the app. Therefore, FERPA does not have a baseline privacy rule to protect students’ medical information since apps are not technically a health-care providers, medical institution or covered university.

Therefore, medical health apps are not required to follow HIPAA or FERPA since neither federal agency has baseline privacy rules for the new way to seek mental health assistance.

 

Student Bio: Camille Stecker is currently a second-year law student at Suffolk University Law School. She is a staffer on the Journal of High Technology Law. Prior to law school, Camille received a Bachelor of Arts Degree in English and Master of Arts in English Language and Literature from St. Mary’s University in San Antonio, Texas.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.