Here's the iTunes profile of the app:
First up: What personally-identifiable information is obtained and how is it used.
|Required information that the user explicitly provides when registering.|
Users can also provide more information about themselves voluntarily:
|Optional information about themselves users may provide.|
Of course, users can always "opt-out," although you must do that through the app itself or uninstall the app.
Note that the app uses the GPS feature of the iPhone to locate users. This can allow Genentech to provide "requested location services." I imagine, for example, if the user is visiting her physician's office, the app will know this and link the user to that practice and/or serve up such things as "Questions to ask your physician" or even ads for Rx products in the hope users will discuss these with their physicians.
The "Connect with a Patient" feature is a feature that I have not seen in other pharma mobile health apps. Before you can use that, you must agree to "Ground Rules," which will be the subject of another post.
It's good to know that Genentech maintains all this personal health information on a "secure" server and not on the mobile device. Is that any more secure than storage on the iPhone? I guess. In any case, this is what Genentech says about security of the data:
I don't want to burst your balloon, but every company -- including Home Depot and Target -- says the same thing and they have been hacked and as Genentech says, "no security system can prevent all potential security breaches." Keep in mind that the cause of most security breaches is probably an untrained employee. Read, for example, "The FTC-Lilly Consent Decree". That patient security breach happened back in 2002, but Lilly must still answer to the FTC until 2022!
Given the sensitive nature of the data collected to make full use of this app, will a sufficient number of women with breast cancer repeat enough benefits from this app to offset the risks of a data breach?