Does the HIPAA reproductive privacy rule help

The HHS proposed a reproductive privacy rule in 2023 to prevent disclosure of reproductive health information for prosecution purposes. However, a federal court vacated the rule in 2024. Even if it had survived, it would only have applied to covered entities — not consumer apps. See our coverage of the vacated rule for details.

If my doctor recommends a period tracker, does that make it HIPAA-covered

No. A doctor's recommendation does not make an app a covered entity. The app becomes HIPAA-relevant only if the doctor's office directly contracts with the app company under a Business Associate Agreement to handle patient records. Consumer-facing period trackers do not operate under BAAs.

Does GDPR protect period data better than HIPAA

GDPR applies to all organizations processing personal data of EU residents, regardless of whether they are healthcare providers. Health data is a special category under GDPR requiring explicit consent. This gives EU users broader protection than US users, whose period tracker data sits in a legal gap between HIPAA and weak general privacy law.

guides

Why HIPAA Doesn't Protect Your Period Tracker Data

HIPAA only covers healthcare providers and insurers, not consumer period tracker apps. Here is why your cycle data falls into a legal gap and what state laws attempt to fill it.

The HIPAA Misconception Most people assume that any health related data receives HIPAA protection. This assumption is wrong, and it creates a false sense of security around period tracking apps. HIPAA — the Health Insurance Portability and Accountability Act of 1996 — was designed to regulate how healthcare providers, insurers, and clearinghouses handle patient records. It was written before smartphones existed, before app stores existed, and before the concept of a consumer health app was imaginable. The law defines specific types of organizations, called "covered entities," and applies only to them. Period tracker apps are not covered entities. They are consumer software products. The health data you enter into Flo, Clue, Natural Cycles, or any other period tracker receives exactly the same legal protection as the data you enter into a note taking app: essentially none at the federal level. What HIPAA Actually Covers HIPAA's coverage is narrow and entity based, not data based. This is the critical distinction. Covered entities include: Healthcare providers who transmit health information electronically (doctors, hospitals, clinics, pharmacies) Health plans (insurance companies, H