Skip to main content

Health Apps
Data Privacy Lawsuits

The Lyon Firm is actively involved in Personal Data Misuse Class Action Lawsuits on behalf of consumers nationwide.
Nationwide Success

Health Data Privacy Attorney

INVESTIGATING Health Apps Data Sharing & Data Misuse CLAIMS

Medical organizations and legal experts are warning that patient data-sharing with health apps could exacerbate an already growing issue with invasions of privacy.

Both the American Medical Association and the American College of Obstetricians and Gynecologists have warned regulators that people who authorize certain consumer apps to retrieve, store and distribute their health data could be inviting data misuse and data theft.

Federal data privacy protections, which limit how health providers and insurers use and share medical records, do not apply the same way to consumer health apps.

According to a study published in the British Medical Journal, which analyzed over 20,000 mobile health apps, researchers found that 88 percent of the apps contained code with the ability to collect user data.

Most health app data collection protocols involve third-party providers, with only 47 percent of data transmissions complied with the app’s privacy policies. Some health apps fail to provide any privacy policy at all.

FTC Health App Data Collection Policy

The most recent Federal Trade Commission (FTC) policy on health app data privacy underlines the importance for corporate transparency. Health app developers are required to keep consumers informed of data breach incidents or they risk stiff FTC penalties.

The FTC policy provides clarification in the area of healthcare regulatory policies. Health apps are not regulated under HIPAA even though they collect and store the same types of sensitive data as HIPAA covered entities. Health apps and wearable fitness tracking devices that collect consumers’ health information, however, are usually covered by the Health Breach Notification Rule if they are able to lift data from multiple sources.

The FTC says that while the Health Breach Notification Rule is now more than ten years old, the “explosion in health apps and connected devices makes its requirements with respect to them more important than ever.” The Health Breach Notification has not been previously enforced, but the FTC’s policy statement warns that more regulation is necessary to protect consumer privacy.

Health Apps Store Consumer Data

Health App data that is regularly collected and stored may include the following:

  • Names
  • Device names
  • Locations
  • Operating system version
  • Web browsing behavior
  • Medications
  • Email addresses
  • International mobile equipment identity (IMEI)
  • Fingerprint identification on mobile phones
  • Media access control (MAC)

Consumer data may be shared with app developers, parent firms, and third-party digital ad, sales and marketing companies. Some fourth parties may also wind up with the data. Tech companies like Alphabet, Facebook, and Oracle build profiles of users and target them with ads.

For many companies collecting health information from health app consumers is part of their underlying business model, and will be expected to adhere to data breach notification policies to ensure compliance and transparency.


Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.


Joseph Lyon has 17 years of experience representing individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world.

The Firm focuses on single-event civil cases and class actions involving corporate neglect & fraud, toxic exposure, product defects & recalls, medical malpractice, and invasion of privacy.


The Firm offers contingency fees, advancing all costs of the litigation, and accepting the full financial risk, allowing our clients full access to the legal system while reducing the financial stress while they focus on their healthcare and financial needs.

photo of data privacy attorney Joe Lyon
Reviewing Data Theft & Data Misuse Claims

Why are Data Privacy Cases important?

Without personal data privacy violation class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty. By holding companies accountable for safely storing your personal information, every consumer will have more control over how their data is used in the future. 


  • This field is for validation purposes and should be left unchanged.

Your Right to Justice

Learn About the Legal Process

Filing Class Action lawsuits is a complex and serious legal course and can carry monetary sanctions if proper legal course is not followed. The Lyon Firm is dedicated to assisting injured plaintiffs work toward a financial solution to assist in compensating for medical expenses or other damages sustained.

We work with law firms across the country to provide the most resources possible and to build your case into a valuable settlement. The current legal environment is favorable for consumers involved in data breach class actions, deceptive marketing lawsuits, TCPA telemarketing claims, and financial negligence claims.