Mobile healthcare, telemedicine, telehealth, BYOD

Apps & Software News

Some mHealth Apps Aren’t Making Privacy a Priority

A new study finds that health and wellness apps in particular aren't making privacy policies easily available to users, even though they are collecting sensitive data.

- An analysis of privacy policies for mHealth apps finds that health and fitness apps aren’t keeping up with the rest of the industry – even though some are capable of gathering “particularly intimate details of a user’s life.”

A study by the Future of Privacy Forum finds an overall improvement in the mHealth industry, with 76 percent of apps surveyed having a privacy policy – an 8 percent increase since the last survey in 2012. More importantly, 71 percent of the most popular mHealth apps have a link to that policy on the app platform listing page, enabling users to ensure that an app is effective before downloading it.

But among health and fitness apps, that percentage drops to 61 percent. Among apps that track sleep patterns, only 54 percent link to a privacy policy from the app store, while only 63 percent of apps that help women track and predict fertility offer that link.

“Given that some health and fitness apps can access sensitive, physiological data collected by sensors on a mobile phone, wearable or other device, their below-average performance is both unexpected and troubling,” the report states.

Conducted this past spring and summer with an eye toward what they called “more sensitive categories of apps,” FPF researchers accessed the top mHealth apps in both the iOS App Store and Google Play. They first examined the app listing page for a hyperlink to a privacy policy, then checked on the developer’s website for a policy. If neither location offered a link to a privacy policy, the researchers downloaded the app and continued their search.

Among their findings was a marked difference in transparency between free and paid apps. Some 86 percent of the free apps have an accessible privacy policy, while only 66 percent of the paid apps have a policy. Researchers noted that free apps are usually sustained by advertising, and often are required to disclose their tracking practices to comply with that industry’s standards.

The analysis of fertility apps offers both good and bad news. Researchers noted that 80 percent of all fertility apps, including those that track periods, offer a privacy policy, which places this category higher than not only health and fitness apps but mHealth apps overall. However, only 63 percent of those apps make that policy available on the app store listing page.

“If a user must search out a developer’s website on their own, or download (and perhaps purchase) an app before discovering how and where her intimate information will be collected, used, shared and protected, it will be much more difficult for her to make an informed decision about her privacy and app use,” the study noted.

Sleep-aid apps also fared poorly in the study. Only 66 percent of those apps offer a privacy policy, and only 54 percent – barely more than half – link to the policy on the app store listing page.

“Tracking when a user typically tries to sleep (or wake up) can reveal whether they’re a morning person, or work a night shift or are away from home,” the study noted. “It might reveal whether an individual has insomnia, or another sleep disorder. It might also be the case that apps with a more limited purpose (e.g., to play a certain sound, or maintain a certain light level) ask for unusual permissions – such as access to a phone’s contacts, photos, or network connections. Importantly, privacy policies can help explain to users why this data is collected and how it is used.”

The study offers encouragement that the mHealth app industry is moving in the right direction on data privacy and security, but there’s still work to be done. As healthcare providers look to incorporate mHealth into their practices, they and their patients will want assurance that the apps they’re using are trustworthy. And they’ll want that assurance before downloading the app.

On another note, the study touches on another issue plaguing the mHealth ecosystem: the blurry line between mHealth and health and wellness. More and more apps in the latter category are trending into healthcare uses, and collecting data that qualifies as personal health information (PHI). The developers of those apps need to take extra measures to safeguard that data.

“While most apps do provide consumers with the most basic notices about how their personal data will be collected, used and shared, it’s also clear that a significant number do not,” the report concludes. “Although a privacy policy is only a starting point for protecting individuals’ privacy, it is an important baseline standard all around the world. Now more than ever, it is important for consumers to take a moment to look for – and look through – an app’s privacy policy before downloading it to their devices.”

Dig Deeper:

Health Application Security Lacking, Study Finds

mHealth App Security is a Myth, New Survey Finds

Continue to site...