Everyone -- including women -- deserves to know that their most sensitive information is protected and that they have control over their data.

Sue Khan , Vice President of Privacy and Data Protection Officer

February 16, 2024

5 Min Read
Silhouette of a head with a lock, lockout from computer cloud, safety concept, mental health, protection of thoughts and privacy
Panther Media GmbH via Alamy Stock

Women continue to feel an inherent mistrust in the healthcare policies and facilities that are meant to serve them. This is a fact I’ve observed over the many years I’ve spent working in the healthcare space.

It’s also a reality I’ve internalized. As a woman and a mother, I’ve found myself repeatedly overlooked by systems that I should be able to rely on for suitable care and support. For decades, women have been excluded from medical research and shut out of important policy decisions regarding their bodies and health.

Building a trusted service that supports women’s health is essential, and it is no longer negotiable.

Technological Solutions: Anonymous Mode

Currently, I oversee data privacy for one of the leading women's health apps, Flo Health. Every day, millions of women entrust us with personal health information as they use the app to learn about their bodies and health or to track their menstrual cycles or pregnancies. In the past year, this data -- which Flo already considers incredibly sensitive -- suddenly became politically charged information.

The overturn of Roe v. Wade forced an internal reckoning within our company. Scores of women deleted their menstrual tracking apps out of fear that their private information might be shared with third-parties or law enforcement. So, we looked for ways to further assure and protect women during a time when both their bodies and personal rights were increasingly vulnerable.

Related:Quick Study: Diversity, Equity, and Inclusion

This quickly became our No. 1 priority. As the leaders of one of the most popular menstrual tracking apps in the world, we felt a tremendous responsibility to not only safeguard our users' rights and freedoms, but to create best-in-class privacy protections that could serve as an example to other health-tech companies.

To do so, we launched Anonymous Mode, a feature that enables users to opt in at any moment to maintain anonymity while using Flo’s menstrual tracking services. Anonymous Mode gives our users the option to access the app without associating their personal health data with identifiers like their name or email address.

While we’re the first female health app to take this level of precaution in terms of privacy and security, we believe that privacy is an urgent necessity given the rapidly changing legislation surrounding women’s bodies. Safeguards such as Anonymous Mode ensure that health app companies are unable to comply with official requests about users’ personal information. It’s our hope that these types of precautions will soon become the industry standard for menstrual tracking apps worldwide, which is why we open-sourced the code behind this feature so that any developer can create similar protections.

Related:How to Submit a Column to InformationWeek

Privacy and Security by Design

In addition to introducing Anonymous Mode, we doubled down on reviewing security and privacy practices throughout our company, from product design to vendor onboarding to engineering and support services. Investing in appropriate safeguards paid off: In August 2022, we became the first period and ovulation tracker to become ISO 27001 certified, an independent and internationally recognized security standard for companies that have demonstrated and validated their security and privacy protections.

But we haven’t stopped there. Our privacy and security program is under constant review. And despite all these precautions we’ve introduced, we are urging for even greater change in the field of health technology, changes that need to take place at the legislative level.

If we truly wish to protect health data, broader change is needed at a higher legislative level. HIPAA, a 30-year-old health mandate, is not a suitable legislative tool to govern the various ways that health and wellness apps process Americans’ health information. Indeed, many health apps do not fall under HIPAA’s jurisdiction at all because they’re not defined as covered entities or business associates under HIPAA.

Related:The Chatbot Will See You Now: 4 Ethical Concerns of AI in Health Care

As it currently stands, a patchwork of laws has been put into place that regulate health-tech companies, but they vary from state to state. Each of these state laws differs when it comes to safeguarding health information, which leads to inconsistencies and added burdens for industry compliance departments and product development teams.

I am in favor of a single federal privacy law in the US, a federal mandate that provides specific protections to user data (especially sensitive data) and introduces a firm regulatory framework regarding how health-tech companies track, share, and process their users’ information.

Without consistency in privacy protection, the user loses out. I’m passionate about protecting the rights and freedoms of our users. After all, it’s their data, not ours. Privacy legislation is a means by which we can demonstrate our commitment to our users and ensure that we’re processing their data appropriately and securely.

What Else Can Build Trust?

Outside of privacy and security, we need to ensure that our users have a voice if something goes wrong. We continuously conduct user research and seek feedback on our service. We seek to provide evidence-based, accurate information by relying on our network of 120+ doctors and health experts.

We also believe that users should have a safe space to share personal stories and advice in order to gain a broader perspective on their health issues, and so we created that space in our app.

These safeguards, technical solutions, and legislative changes are worth it. Everyone -- including women -- deserve to know that their most sensitive information is protected and that they have control over their data. At our company, we are doubling down on protecting our users’ privacy and urge other health tech accelerators to prioritize the same. Each healthcare and wellness service has a role to play in rebuilding trust in female health. Let’s do it!

About the Author(s)

Sue Khan

Vice President of Privacy and Data Protection Officer , Flo Health

Sue Khan is Vice President of Privacy and Data Protection Officer at Flo Health. She is passionate about Flo's mission of building a better future for female health and believes it is critical to provide trusted and accessible health technology services to all. She joins Flo after spending four years at the digital-first health provider, Babylon Health whereas the Global Vice President of Privacy. She has 17 years of experience as a lawyer, specializing in privacy and data protection, having also led the privacy initiatives for mobile network O2, and entertainment company, Hasbro. She holds her Bachelor of Laws (Honors) from Queen Mary University of London, the CIPP(E) certification and IAPP (International Association of Privacy Professionals) membership.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights