Data from research firm IHS Electronics and Media projects that downloads of health and fitness smartphone apps will grow by 63 percent by 2017. And according to a past survey, the increasing popularity of such apps has translated into doctors beginning to encourage patients to use them. But a recent report (.pdf) suggests that some programs may compromise patients’ privacy, which could put physicians at risk for violations of the Health Insurance Portability and Accountability Act. As described in a recent piece from American Medical News:
Privacy Rights Clearinghouse, a nonprofit advocacy organization in San Francisco, sponsored a study of 43 popular free and paid apps that were made for consumer use. Apps used by health professionals were not part of the study.
The technical evaluation of these apps included an analysis of mobile application privacy policies. Researchers installed and used the apps to see what data were stored on the apps. They also looked at the communication between the apps and the Internet.
Many of the apps sent unencrypted data to advertisers, probably without users’ knowledge. Seventy-two percent of the apps exposed personal information that could include dates of birth, personal location, ZIP codes, medical information, email addresses, first names, friends, interests and weights. Some apps sent information to as many as 10 third parties.
Data were sent to app developers’ websites and third-party sites for analytic and advertising purposes.
More than 75% of free apps and 45% of paid apps used behavioral tracking, usually through third parties, according to the study.
To avoid privacy violations, the report recommends that developers do the following: implement encrypted network connections between the app and any Internet server, abstain from using third-party advertiser or analytics services and take extra care in how they send privacy-sensitive information. In the meantime, one of the experts quoted here says, physicians may want to “avoid recommending apps unless they are well-established to be secure.”