Press Release | September 12, 2019

CTA Releases Industry-Developed Privacy Guidelines on Health Data

Danielle Cassagnol
Today, the Consumer Technology Association (CTA)® released a unique set of industry-developed voluntary privacy guidelines for companies that handle consumer health and wellness data.
The Guiding Principles for the Privacy of Personal Health and Wellness Information were created by a wide range of CTA members including Doctor on Demand, Embleema, Humetrix, IBM and Validic. Established in 2015, the first-of-its-kind set of principles were created to address tangible privacy risks, discover consumer preferences and earn their trust. The scope of the current guidelines has expanded the focus beyond just data generated from wearables. The principles cover the collection, use and sharing of data generated from personal health and wellness devices, apps, websites and other digital tools.
“Technology is revolutionizing health care – providing personalized and improved care, while lowering costs,” said Gary Shapiro, president and CEO, CTA. "These privacy guidelines, developed with consensus among industry stakeholders, will help give both individuals and companies the confidence to invest in innovative technologies which will improve health. The CTA Privacy Principles demonstrate that health tech companies understand they must be trusted stewards of patient data."
The CTA Privacy Principles establish a baseline, voluntary framework to promote consumer trust in tech companies that handle personal health and wellness data. The principles also allow for flexibility on how companies can implement them according to their own offerings.
The principles recommend that companies:
  • Be open and transparent about the personal health information they collect and why.
  • Be careful about how they use personal health information.
  • Make it easy for consumers to access and control the sharing of their personal health information and empower them to do so.
  • Build strong security into their technology.
  • Be accountable for their practices and promises.
"CTA’s Privacy Principles give health care companies the guidelines for protecting consumer data and maintaining consumer trust. This is vitally important not only as an individual company but as an industry,” said Drew Schiller, CEO of Validic and vice chairman of CTA's Health and Fitness Technology Division. “At Validic, we provide health care companies the tools to access and analyze data from apps, wearables and home health devices with the belief that the most powerful health outcomes are driven by data.”
The CTA Privacy Principles are voluntary, based on privacy concepts currently present and developing in U.S. law and offered to complement, not supplant, the applicable legal requirements and regimes with which companies need to comply.

To see the Guiding Principles for the Privacy of Personal Health and Wellness Information, visit