Are there any HIPAA considerations with the data collected by Spren?
HIPAA is a federal law passed in the United States in 1996, designed to safeguard the privacy of individuals’ identifiable health information, referred to as Protected Health Information (PHI). HIPAA regulations apply specifically to three types of organizations, known as “covered entities”: healthcare providers, health plans, and healthcare clearinghouses. In addition, HIPAA applies to “business associates,” or entities that handle PHI on behalf of covered entities.
A fitness and wellness app like Spren, or any consumer wearable, collects body composition, steps, heart rate, sleep, or other wellness data. These apps are typically provided by tech companies, which are not classified as covered entities or business associates under HIPAA. In addition, they collect data directly from consumers. Spren also does not share this information with healthcare providers, health plans, or healthcare clearinghouses. Nor does Spren provide any diagnostic or medical advice or information. As a result, Spren is not subject to HIPAA regulations.
Nevertheless, Spren deploys stringent safeguards to protect the privacy of its user data, during collection, de-identification, transmission, processing, storage, and access limitations. More information on these methods are here (link to Spren privacy article)