Published by
Stanford Medicine

Medical Apps, Patient Care, Technology

Why physicians should consider patients’ privacy before recommending health, fitness apps

Why physicians should consider patients’ privacy before recommending health, fitness apps

smartphone_080613Data from research firm IHS Electronics and Media projects that downloads of health and fitness smartphone apps will grow by 63 percent by 2017. And according to a past survey, the increasing popularity of such apps has translated into doctors beginning to encourage patients to use them. But a recent report (.pdf) suggests that some programs may compromise patients’ privacy, which could put physicians at risk for violations of the Health Insurance Portability and Accountability Act. As described in a recent piece from American Medical News:

Privacy Rights Clearinghouse, a nonprofit advocacy organization in San Francisco, sponsored a study of 43 popular free and paid apps that were made for consumer use. Apps used by health professionals were not part of the study.

The technical evaluation of these apps included an analysis of mobile application privacy policies. Researchers installed and used the apps to see what data were stored on the apps. They also looked at the communication between the apps and the Internet.

Many of the apps sent unencrypted data to advertisers, probably without users’ knowledge. Seventy-two percent of the apps exposed personal information that could include dates of birth, personal location, ZIP codes, medical information, email addresses, first names, friends, interests and weights. Some apps sent information to as many as 10 third parties.

Data were sent to app developers’ websites and third-party sites for analytic and advertising purposes.

More than 75% of free apps and 45% of paid apps used behavioral tracking, usually through third parties, according to the study.

Only about 50% of the free and paid apps had links to a privacy policy. Of these, about half accurately described the technical processes of the apps.

To avoid privacy violations, the report recommends that developers do the following: implement encrypted network connections between the app and any Internet server, abstain from using third-party advertiser or analytics services and take extra care in how they send privacy-sensitive information. In the meantime, one of the experts quoted here says, physicians may want to “avoid recommending apps unless they are well-established to be secure.”

Previously: A look at the “Wild West” of medical apps, Turning to an app to help your health and Health-care consumer apps: helping or hurting?
Photo by Jhaymesisviphotography

Comment


Please read our comments policy before posting

Stanford Medicine Resources: