Digital Health Privacy Program

It is time to raise the bar for protecting consumer health privacy. The Digital Health Privacy Program (DHPP) is testing the first independent, self-regulatory standards for non-HIPAA-covered health data. 

Current Health Data Landscape

While the use and disclosure of health-related data held by doctors and insurance companies is regulated by the Health Insurance Portability and Accountability Act (HIPAA), data collected and used by makers of wearable devices, health and wellness apps, online services, and the Internet of Things is not covered by HIPAA.



American Data Privacy and Protection Act

Introduced in June 2022, the ADPPA would give consumers more control over their personal data across the board.

Health Breach Notification Rule

The FTC requires companies not covered by HIPAA to notify customers of a breach of unsecured, individually identifiable health information.

Consumer Health State Legislation

Six states have enacted consumer privacy laws that recognize health information as a sensitive data element.

American Privacy Rights Act

Introduced in April 2024, APRA would create a U.S. baseline for requirements when processing consumer data.

As the call to action to protect consumer health information grows louder, companies who collect and use health-related data not covered under HIPAA have an opportunity to take proactive steps to get ahead of regulation and meet the privacy needs of their customers.  





New Independent Accountability Program

For more than 50 years, BBB National Programs has embraced its neutral role in the execution of more than a dozen independent industry self-regulation, accountability, and dispute resolution programs.  


The Digital Health Privacy Program (DHPP) will: 

  • Gather input from select business leaders on the front lines of non-HIPAA consumer health data management.
  • Evaluate participating companies' consumer health data privacy practices, in alignment with applicable state and federal data privacy requirements.
  • Certify companies with a seal, demonstrating their accountability to robust standards for treatment of sensitive health data.
  • Provide ongoing support to participants as their new products and services are offered to consumers.
  • Help consumers find the products and services they can trust.  


No matter the size of your business, protecting data privacy should be a priority and is a key component of maintaining customer trust.  


The certification process includes a comprehensive verification and readiness assessment for your product as well as ongoing monitoring and support from the BBB National Programs privacy team. As a participant, your certification seal will demonstrate to customers that your product or service complies with the stringent requirements of the program.  


Comprehensive Verification 


  • Evaluate your products’ data collection practices for compliance 
  • Vet your advertising data collection practices, including first- and third-party trackers 
  • Review your privacy policies, terms, and notices to ensure necessary requirements are met
Findings Assessment


  • Clear instructions and recommendations on next steps 
  • Developer checklists to help facilitate privacy by design 
  • Personalized consultations to discuss existing and emerging privacy laws 
  • Regular monitoring and real-time alerts to ensure you remain in compliance


  • Confidence that your products are fully compliant with established standards
  • Hands-on support when privacy laws, regulations, practices, and guidelines change
  • Ongoing privacy counseling with a fast turnaround time and sensitivity to your deadlines
  • Complimentary educational opportunities and custom privacy trainings





Set Up a Consultation