- With more individuals entering their personal health information into various apps and trackers, mobile health app privacy and security is increasingly important. Without understanding a specific app’s privacy policies, an individual may be unknowingly exposing his or her information.
The study also found that 86 percent of free apps in 2016 provided privacy policies, while only 66 percent of paid apps did the same.
“Although perhaps counter-intuitive, this result is easily explained: free, ad-supported apps are likely to be required to disclose their tracking practices to comply with industry behavioral advertising self-regulatory standard,” the report’s authors wrote.
Many health and fitness apps have access to sensitive, physiological data collected by sensors on a mobile phone, wearable, or other device, according to the report. It is therefore quite concerning that users may not be aware of how their personal data could be used.
Failing to disclose how health information will be used can be especially damaging for companies. For example, a lawsuit was filed earlier this year against Facebook and other organizations for allegedly violating patient privacy through data sharing.
The class action lawsuit was filed against Facebook and several medical institutes, such as the American Cancer Society, Adventist Health System, and the Cleveland Clinic.
Plaintiffs stated that their private medical information communications with the organizations, including data related to cancer, was given to Facebook without their knowledge.
“In addition, Facebook acquired, tracked, and used the Plaintiffs’ sensitive medical information collected through medical websites and the Facebook website for purposes of direct marketing,” the suit said. “The disclosures, tracking, and use of their sensitive medical information for direct marketing were all done without Plaintiffs’ knowledge or consent in violation of their privacy rights under federal and state law.”
Facebook was also accused of not disclosing that it tracks, intercepts, and acquires user communications with medical websites. Several of these websites belong to medical providers that are subject to medical privacy laws such as HIPAA regulations.
The lawsuit also claimed that Facebook failed to notify individuals that “it uses the personal information it gathers from its users, including sensitive medical information, to place its users into medical categories for purposes of direct marketing.”