The Privacy Gap Among Health Apps

Your downloads could be an accident waiting to happen

It is fairly common today that when we want to learn something, connect to something or locate something — we download the latest and greatest mobile app. We are so connected, especially when it comes to fitness trackers.

But if an app ever requires your health information, you may want to think twice and really understand what the app is asking of you, before hitting “install.”

A report out Tuesday in the Journal of the American Medical Association (JAMA) looked at the privacy policies, specifically at those of Android-based diabetes apps. If you care at all about your privacy, you’ll be stunned by the following results.

Sarah R. Blenner, J.D., of the Illinois Institute of Technology Chicago-Kent College of Law, along with a few colleagues, headed up the study on apps and the sharing of health information. They found that out of 211 diabetes apps, 81 percent did not have privacy policies. Only four policies stated they would ask users for permission to share data — and 19 percent with privacy policies didn’t include all of the necessary provisions to actually protect your privacy.

[lz_ndn video =30010675]

In a random transmission analysis of 65 apps, health information such as insulin and blood glucose levels was routinely collected and shared with third parties. Of those apps, 86 percent placed tracking cookies on devices to share information; 76 percent without privacy policies shared information; and 79 percent with privacy policies still shared information. Of the 19 apps with privacy policies that shared data with third parties, 11 apps disclosed it— eight did not.

Do you support individual military members being able to opt out of getting the COVID vaccine?

By completing the poll, you agree to receive emails from LifeZette, occasional offers from our partners and that you've read and agree to our privacy policy and legal statement.

“This study demonstrated that diabetes apps shared information with third parties, posing privacy risks because there are no federal legal protections against the sale or disclosure of data from medical apps to third parties,” the authors wrote in their report. They further concluded: “The sharing of sensitive health information by apps is generally not prohibited by the Health Insurance Portability and Accountability Act (HIPAA).”

What is Safe?
The U.S. lacks a governing body or system to approve, rate, or certify apps. A few years back, at least one company created a certification for mobile health apps that was later suspended after it was found to be faulty.

[lz_related_box id=”114498″]

Last month, the Department of Health and Human Services’ Office for Civil Rights released a guidance document that specifies the applicability of HIPAA in regard to apps that collect, store or transmit health information. It also defines whether or not HIPAA laws apply to certain apps.

Still, “There are no federal laws that protect the privacy of health information collected or shared by most health apps,” Sarah Blenner told LifeZette.

The U.K., for its part, has a National Health Service app library. The hub includes registered apps that must go through an evaluation process to assess safety and compliance with applicable laws.

Protecting Yourself
Ben Heywood, co-founder, president and chief privacy officer of PatientsLikeMe, told LifeZette that people need to be careful when downloading health apps and entering personal information.

“Consumers should do the same as they do for any Internet service, which is to understand how exactly the app uses their data, and only work with the people and brands they trust,” he said.

Dustin T. Duncan, an assistant professor at the New York University School of Medicine, added that people should be careful about sharing too much in health apps.

Why does this really matter?

[lz_related_box id=”92292″]

“Privacy and confidentiality are of the utmost importance, especially when it comes to sensitive health information, such as HIV status and mental health conditions,” Duncan told LifeZette. “App developers need to take privacy issues seriously and so do individual consumers — as accidentally sharing this information can result in negative consequences, including job discrimination,” he added.

Rigorous security systems in which consumers must sign or use thumbprint recognition technology are two of the recommendations Duncan makes. Consumers would also be wise to use the security lock on their smartphone.

Some important questions to ask before downloading or using a health care-related app:

  • Does the app developer share the information with a marketing company or an insurance provider?
  • Are there security measures in place to protect the data stored by an app?
  • If the app has a privacy policy, does it protect the user’s rights?
  • Can the app developer listen in on the user’s conversations by activating the phone’s microphone?

A 2015 report finds that at least a quarter of all American adults use at least one health tracking app and 7 percent of primary care physicians recommended a health app.

Downloader, beware: Determine your own comfort level with the sharing of your information, because even if the app states it has a privacy policy — “that generally is not the case.”

Join the Discussion

Comments are currently closed.