NY Attorney General’s office steps into digital health regulation in settlement with 3 companies

In a role that is normally reserved for regulators like the Federal Trade Commission or the U.S. Food and Drug Administration, the New York Attorney General’s office has announced a settlement with three health app developers amounting to $30,000.

The settlement resolved allegedly misleading claims ranging from accuracy to “irresponsible” privacy practices, according to a statement from the office of Attorney General Eric Schneiderman.

It’s interesting because it could mean other state attorney generals will step up and take similar action against digital health companies as the public and private sectors attempt to rein in a sector of digital health likened to snake oil salesmen by the American Medical Association.


The three companies singled out in the settlement had apps that had been downloaded several thousand to 1 million times. The companies and apps include:

Cardiio, which produces an app of the same name to measure heart rate. The company’s touchless heart rate monitor had received certification from Happtique as part of a program that was later called into question and dismantled. The company also took part in Rock Health’s accelerator in 2012. The company was formed by MIT researchers but had not been endorsed by the institution.

Runtastic, an Austria-based company that produces an app with the same name to measure heart rate and cardiovascular performance under stress. The AG’s office also took issue with Cardiio and Runtastic for failing to test the app’s accuracy with users who used it in “vigorous exercise,” despite marketing the app for that purpose.

MobiHealthNews noted that Adidas acquired Runtastic in 2015.

Matis, an Israeli company, sells My Baby’s Beat, has claimed that the app could transform any smartphone into a fetal heart monitor. The AG’s office directed the company to post “prominent” disclaimers so that consumers understand that their apps are not approved by the FDA. The AG office also took issue with Matis for failing to be more scientifically rigorous, such as evaluating its own product against a fetal heart monitor or Doppler. For its part, Matis said in a statement posted on its website that the company had never presented its device as a medical tool to measure baby health indicators. But why else would you use it? As an ice-breaker at cocktail parties?

Privacy was also an issue with these apps. Developers have to improve consumer privacy protections to get affirmative consent, according to the settlement. The companies also have to disclose that they collect user data and share it. That’s an important point because this data includes GPS location, unique device identifier, and “deidentified” data that third parties may be able to use to re-identify specific user, the statement said.

Privacy with connected devices and apps underscore a longstanding source of concern from the FTC about how open companies are with customers about how personal health data and other personal information is used.

Photo: Getty Images