Are health apps invading your privacy?

Many of us rely on technology to stay fit, lose weight or even monitor medical conditions. Wearable devices can track heart rates, blood pressure, glucose levels, or even sleep patterns. But did you know they can also collect highly personal and sensitive information?

“Although this wearable technology is collecting pretty sensitive health care information about us, it’s not protected by HIPAA,” said Kevin Brasler, executive editor of Consumers’ Checkbook.

HIPAA is the Health Insurance Portability and Accountability Act, enacted by the U.S. Congress in 1996, that protects sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Brasler said most people don’t realize their medical information is not always protected by HIPAA when using apps or other technology.

Federal laws “do protect your health data, but only when you’re seeing a physician, only when you’re at a hospital or seeing a mental health professional,” Brasler said.

Health technology companies may seem to provide confidential help, but in most cases their parent companies are allowed to save, share and sell your information for profit to data brokers, which are largely unregulated and not always required to tell you what they’ve collected or shared.

“You cannot assume your privacy is safe,” Brasler said.

Unlike doctors or other medical pros, most of these apps, websites, and device-makers are not required to keep your health information confidential.

For example, HIPAA generally does not cover:

  • Data collected from searches done on your phone or web browser
  • Information you provide to a website or app not affiliated with your medical provider
  • Health data generated by smartphones, smartwatches, and other wearable tech, or internet-connected medical devices, unless that technology is provided by an entity covered by HIPAA for treatment purposes

For example, if you see a doctor about depression or anxiety, your visit is covered under HIPAA. That means the physician, practice staff and your insurer can’t share information about your condition or treatment without your consent.

But if you do an online search for information about your condition, or download a coupon for Xanax or other medication, HIPAA does not apply. And if you share your official medical record with a non-healthcare provider, HIPAA privacy protections do not protect that information.

Info collected by websites and software you use can be — and likely will be — scooped up by companies and traded or sold to data brokers.

Through a special arrangement with Washington Consumers’ Checkbook, WTOP.com readers can see all of Checkbook’s ratings and advice for a limited time.

Sandra Jones

Sandra Jones is an Anchor/Reporter for WTOP. She’s been in the news industry for more than two decades.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up