Healthcare Information Security

Mobile News

How Weak Mobile Health App Privacy, Security Affects Patients

With studies showing lackluster mobile health app privacy and security policies, sensitive patient data could be vulnerable.

Lackluster mobile health app privacy, security measures can negatively impact patients.

Source: Thinkstock

By Elizabeth Snell

- Mobile users are increasingly utilizing their devices for healthcare needs, whether it is through fitness trackers or even for communicating with providers. However, inadequate mobile health app privacy or policies that are difficult to understand could lead to patient data privacy concerns.

A recent study published in The American Journal of Geriatric Psychiatry found that there are lacking privacy measure in apps designed for dementia patients.

Researchers reviewed 125 iPhone apps that matched to the search terms of “medical + dementia” or “health & fitness + dementia.” Of those apps, 33 had available privacy policies.

Furthermore, 70 percent described safeguards on data, and approximately three-quarters differentiated between protections for individual versus aggregate data.

“At present, most dementia apps lack privacy policies, and those that do exist lack clarity,” researchers explained. “Bolstering safeguards and improving communication about privacy protections will help facilitate consumer trust in apps, thereby enabling greater use by adults with dementia and their caregivers.”

READ MORE: Mobile Security Strategies for Common Provider Concerns

Dementia patients are particularly vulnerable, the research team noted, because their “cognitive impairment puts them at increased risk of privacy breaches.”

A 2016 study published in the Journal of the American Medical Association (JAMA) reviewed the privacy policies on Android diabetes apps. Researchers identified 271 diabetes apps and used 211 apps in its sample.

Eighty-one percent of the sample apps did not have a privacy policy. Of the apps that did have a privacy policy, not all of the provisions actually protected privacy. For example, the majority would collect user data and approximately half shared the data.

Thirty-one of the 41 apps without privacy policies shared user information. However, this was not statistically significant as 19 of the 24 apps with privacy policies also shared user data.

“This study demonstrated that diabetes apps shared information with third parties, posing privacy risks because there are no federal legal protections against the sale or disclosure of data from medical apps to third parties,” researchers explained.

READ MORE: Mobile App Security Top Concern for Health IT Decision Makers

“Patients might mistakenly believe that health information entered into an app is private (particularly if the app has a privacy policy), but that generally is not the case,” the team continued. “Medical professionals should consider privacy implications prior to encouraging patients to use health apps.” 

Previous studies have also shown that mobile health privacy apps might have existing privacy policies, but they are not easy to find. This could lead to individuals allowing more access to their health data than they actually want.

Seventy percent of the top health and fitness apps had a privacy policy, according to a 2016 Future of Privacy Forum (FPF) Mobile Apps Study. This is 6 percent lower than overall top apps.

Sixty-one percent of top health and fitness apps linked to the privacy policy from the app platform listing page, 10 percent lower than overall top apps.

“Even though a privacy policy is not the be all and end all for building consumer trust, there is no excuse for failing to provide one – doing so is the baseline standard,” FPF’s Vice President of Policy John Verdi said in a statement. “App platforms have made it easier for developers to provide access to privacy policies. Consumers expect direct access to privacy policies, and users can review them before downloading an app.”

READ MORE: Mobile Security Essential Healthcare Provider Priority

Researchers also noted that health and fitness apps typically have access to sensitive, physiological data collected by sensors on a mobile phone, wearable, or other device.

“While most apps do provide consumers with the most basic notices about how their personal data will be collected, used, and shared, it’s also clear that a significant number do not,” report authors stated. “Although a privacy policy is only a starting point for protecting individuals’ privacy, it is an important baseline standard all around the world.”

Federal agencies are also aware that security and privacy policies do not always keep pace with evolving technology.

The ONC Privacy Snapshot Challenge aimed to help consumers better understand a specific product’s privacy and security policies. ONC urged developers, designers, health data privacy experts, and any other innovators to use content from the MPN template - PDF to create the tool for individuals.

“The MPN and Challenge reflect ONC’s overall efforts to address the rapid pace of change regarding wearables and other types of health information technology,” ONC stated in its first call for action. “As ONC outlined in a July 2016 report to Congress, Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA - PDF, many new businesses use consumer-facing technology to collect, handle, analyze, and share health information about individuals – sometimes without those individuals’ knowledge.”

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks