With studies showing lackluster mobile health app privacy and security policies, sensitive patient data could be vulnerable.
Mobile users are increasingly utilizing their devices for healthcare needs, whether it is through fitness trackers or even for communicating with providers. However, inadequate mobile health app privacy or policies that are difficult to understand could lead to patient data privacy concerns.
A recent study published in The American Journal of Geriatric Psychiatry found that there are lacking privacy measure in apps designed for dementia patients.
Researchers reviewed 125 iPhone apps that matched to the search terms of “medical + dementia” or “health & fitness + dementia.” Of those apps, 33 had available privacy policies.
Furthermore, 70 percent described safeguards on data, and approximately three-quarters differentiated between protections for individual versus aggregate data.
“At present, most dementia apps lack privacy policies, and those that do exist lack clarity,” researchers explained. “Bolstering safeguards and improving communication about privacy protections will help facilitate consumer trust in apps, thereby enabling greater use by adults with dementia and their caregivers.”
Dementia patients are particularly vulnerable, the research team noted, because their “cognitive impairment puts them at increased risk of privacy breaches.”
A 2016 study published in the Journal of the American Medical Association (JAMA) reviewed the privacy policies on Android diabetes apps. Researchers identified 271 diabetes apps and used 211 apps in its sample.
Thirty-one of the 41 apps without privacy policies shared user information. However, this was not statistically significant as 19 of the 24 apps with privacy policies also shared user data.
“This study demonstrated that diabetes apps shared information with third parties, posing privacy risks because there are no federal legal protections against the sale or disclosure of data from medical apps to third parties,” researchers explained.
Previous studies have also shown that mobile health privacy apps might have existing privacy policies, but they are not easy to find. This could lead to individuals allowing more access to their health data than they actually want.
Researchers also noted that health and fitness apps typically have access to sensitive, physiological data collected by sensors on a mobile phone, wearable, or other device.
Federal agencies are also aware that security and privacy policies do not always keep pace with evolving technology.
The ONC Privacy Snapshot Challenge aimed to help consumers better understand a specific product’s privacy and security policies. ONC urged developers, designers, health data privacy experts, and any other innovators to use content from the MPN template - PDF to create the tool for individuals.
“The MPN and Challenge reflect ONC’s overall efforts to address the rapid pace of change regarding wearables and other types of health information technology,” ONC stated in its first call for action. “As ONC outlined in a July 2016 report to Congress, Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA - PDF, many new businesses use consumer-facing technology to collect, handle, analyze, and share health information about individuals – sometimes without those individuals’ knowledge.”