As the use of digital health apps continues to surge across both the specialist health and general wellness spaces, so must developers’ consideration of governance and transparency to protect users.
While these technologies are garnering widespread attention across the board, they appear to have struck a chord with women specifically, as a paper published in JMIR Research Protocols claims that they are 75% more likely to use digital health solutions than their male counterparts.
Go deeper with GlobalData
Discover B2B Marketing That Performs
Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.
This shift comes as many women take healthcare into their own hands – using widely accessible apps like menstrual, menopause and pregnancy trackers, as well as specialist tools offering tailored benefits to command their wellbeing as barriers to diagnosis and treatment stay up, and sex-related disparities in healthcare outcomes remain common.
The rapid uptick in women’s health app usage has not come free of controversy. In September 2025, Flo Health and tech giant Google settled a $56m lawsuit, in which plaintiffs alleged that the pair – alongside mobile analytics company Flurry and social media conglomerate Meta – compromised the privacy of Flo app users by collecting and using information about their menstrual cycles to perform targeted advertising. Both Flo Health and Google have denied any wrongdoing.
As the women’s digital health segment eyes further growth, experts stress the importance of governance and diligence around privacy to protect users, while touting the strong opportunity the digital health app sector offers developers and investors.
The shift towards built-in privacy
While data plays a fundamental role in plugging the women’s health gap, Rhiannon White, CEO of period tracker app developer Clue, warns that it can also cause harm when it is accidentally or intentionally misused. “Data is the solution, but it’s also the risk if we’re not cognizant of what’s happening to it and where it’s going,” she says.
Amber Vodegel, founder and CEO of women’s health app 28X, echoes White’s sentiments, adding that the “privacy by architecture” approach to early app development is necessary to keep user data safe.
While baking privacy into the app’s design, Vodegel notes that limiting data movement across external servers like the Cloud can yield benefits for developers, as this can further diminish the risk of privacy violations like hacks or data leaks. In the case of 28X, the app sidesteps the Cloud, while employing on-device artificial intelligence (AI) that operates locally – removing the requirement for remote servers.
When websites or apps collect data, they often store it in small text files called cookies, which users can generally choose to accept or reject depending on their preference. According to Melissa Bianchi, digital health lead and partner at law firm Hogan Lovells, developers should be “very deliberate” about whether, when and how cookies are used. “When an app gives individuals a choice on how tracking occurs, companies need to honour that decision,”she comments.
To achieve this, Bianchi has seen many companies become increasingly diligent around app development by ensuring cookies are firing correctly and fixing problems when cookies unintentionally misfire.
White adds that transparency and consent are further key considerations, as “users should have the ability to make choices on how their data is used – both during onboarding and any time later down the line”. When implementing these factors, White also advocates for a strong data governance framework, as this ensures that data is available to only those that require access under the right contexts.
FDA flexibility presents an opportunity
As the burgeoning digital health market garners attention from all angles, the US Food and Drug Administration (FDA) has made notable steps to back innovation in the space – one of which was assembling the specialist Digital Health Centre of Excellence (DHCoE). Since its inauguration, the DHCoE has developed the Software as a Medical Device (SaMD) framework, which ensures certain types of digital health apps are safe and effective.
However, not all health apps fall under the SaMD framework, as technologies designed for the general consumer that track a user’s steps or sleep, for example, are now considered ‘general wellness’ products by the FDA. This means the agency does not always specifically evaluate these apps.
According to Bianchi, recent US regulatory developments in the digital health app space, as well as the Centers for Medicare and Medicaid’s (CMS) openness to digital health apps, could offer companies a great opportunity. She says that this is especially true for creators who focus on targeted groups such as certain disabled populations and over 65s, as it allows them to “engage through CMS with that health technology ecosystem.”
“It’s also a tremendous opportunity to create patient-facing apps in diseases areas like diabetes and obesity, that the agency has recently been focusing on,” Bianchi states.
Meanwhile, Srividya Narayanan, a digital health regulatory affairs and compliance specialist, touts the utility of the FDA’s AI/machine learning (ML) action plan, which she says can provide solid insights into how the regulatory is thinking about algorithm-based tools. According to Narayanan, this means that companies can use the framework to proactively build and refine their compliance.
Though it is currently unclear if the upheaval of key senior staff members will shift the FDA’s digital health outlook, Narayanan doesn’t believe this factor will have a huge influence over the future US regulatory approach. This is because the CDC already includes its “deregulatory efforts related to CDS software, wellness applications, and AI-enabled tools in the new draft CDRH guidance agenda for 2026” – efforts which will continue regardless of who’s in charge, she says.
Europe’s stringent approach to digital health
As the FDA’s approach to digital health regulation evolves, Narayanan notes that European and British regulators have yet to demonstrate more flexibility in this area. “The EU and UK operate under a ‘prove to us that it’s safe before talking to us about making changes’ philosophy,” she says.
As the EU medical device regulation is strict, thorough conformity assessments will be necessary for all digital health tools that qualify as a medical device, Narayanan adds. This stringency is compounded by the EU’s general data protection regulation (GDPR) policy, which often requires developers to obtain explicit consent to collect or process health data, with users having the option to withdraw this consent easily.
While the GDPR framework may complicate the process for developers, White notes that it is a key enabler of trust.
In the UK’s case, the Medicines and Healthcare products Regulatory Agency (MHRA) has debuted several schemes to encourage digital health innovation, particularly in the mental health space. However, Narayanan cautions that, at least for now, the UK is “in the process of creating regulations and guidelines, not loosening them”. Since Brexit, the UK has also introduced UK GDPR, which holds great similarity to the EU GDPR law. The Information Commissioner’s Office (ICO) currently oversees this policy.
With some change afoot in global digital health regulations, Narayanan believes that the EU and UK will watch and wait as the US collects data following these changes, which she says will likely guide “data-driven, calculated decision-making on whether to follow suit or not”.
Although local, national and global variation in regulatory requirements can present challenges, Bianchi notes that developers can effectively overcome these hurdles through a proactive approach, in which they first ascertain if their app requires regulatory approval through a pre-submission meeting.
Once developers clear this step, many vying for regulatory approval focus on crafting a product that adheres to the most stringent regulations relevant to the target commercial areas, Bianchi comments.
Securing reimbursement remains a key challenge
Despite the rapid rise of digital health app usage, developers are facing significant hurdles when securing reimbursement for their technologies.
This is true in the US, Narayanan argues, as a large portion of the apps in this sector are consumer-funded or employer-sponsored, with only a “few narrow Medicare carve-outs.” However, she caveats that a small number of payers are now starting to cover the cost of digital therapeutic products – mostly in the fields of mental health and chronic disease management – though there is not yet a system-wide initiative.
This differs from Germany, which Narayanan describes as the “leader” in digital health across the global landscape, due to its DiGA policy. For developers looking to secure global reimbursement, Narayanan recommends that companies launch in Germany to collect the suitable data, which they can then use to create a compelling case for other countries.
While digital health tools could potentially revolutionise care across a broad range of disease areas and patient groups, companies must focus on privacy, governance and regulations from the start, while evaluating the best opportunities to cement their name in a market garnering ever-increasing attention.
