Tuesday, March 08, 2016

Many mHealth Apps Share Personal Health Info Without Permission

The number of mobile health applications (mHealth apps) available to consumers now surpasses 165,000 (here). One-fifth of smartphone owners had health apps in 2012, and 7% of primary care physicians recommended a health app.

The FDA has even approved the prescribing of mHealth such as the DiabetesManager System, which captures, stores and transmits blood glucose levels.

Unfortunately, many health apps do not have privacy policies informing users of how personal health data is collected, stored, transmitted, and shared with third parties. Even when there are privacy policies, many health apps do not fully inform patients of how their data will be used or shared.

In a study appearing in the March 8 issue of JAMA, Sarah R. Blenner, J.D., M.P.H., of the Illinois Institute of Technology Chicago-Kent College of Law, Chicago, and colleagues examined the privacy policies of Android diabetes apps and the sharing of health information. They found that 81% of the apps did not have privacy policies. Of the apps with privacy policies, only 4 said they would ask users for permission to share data.

The authors noted:
"Sensitive health information from diabetes apps (eg, insulin and blood glucose levels) was routinely collected and shared with third parties, with 56 of 65 apps (86.2%) placing tracking cookies; 31 of the 41 apps (76%) without privacy policies, and 19 of 24 apps (79%) with privacy policies shared user information... Of the 19 apps with privacy policies that shared data with third parties, 11 apps disclosed this fact, whereas 8 apps did not."
The authors concluded:
"Patients might mistakenly believe that health informa- tion entered into an app is private (particularly if the app has a privacy policy), but that generally is not the case. Medical professionals should consider privacy implications prior to encouraging patients to use health apps."
Many mHealth apps -- including apps developed by pharmaceutical companies -- have other problems such as unproven efficacy, undocumented sources of statistics or algorithms, etc. See my presentation below for more information about that.

1 comment:

  1. I ask why these HealthIT corporations aren't considered "Business Associates" under HIPPA? Why isn't the HHS following up on our PHI being given away for profits?


Related Posts Plugin for WordPress, Blogger...