Skip to content

Data and Privacy

The Data and Privacy section of the Framework focuses on data privacy, usage, storage, transmission and clear communications to the user.  Examples of items looked for in the privacy policy include:

In addition the Framework assesses whether there is explicit statement of compliance with HIPAA requirements.  Understanding that many digital health apps do not need to comply with HIPAA, the Framework rewards those who do comply with those requirements.  

Although GDPR (General Data Protections Regulations) is not legally applicable to the United States, a number of related questions are included as it is considered a higher standard for data privacy and appropriate for measures of assessment.