If you frequently track your health-related stats or lifestyle habits on an app, you might think all that 411 is confidential between you and your smartphone. But that’s not necessarily true. In fact, recent research suggests that mobile health apps present serious privacy concerns.
In a 2016 study published in JAMA, researchers evaluated the privacy policies of 211 Android diabetes apps and found that 81 percent of them did not have any privacy policies at all. Of the 19 percent that did, not all of the provisions actually protected users’ privacy: Most of them collected user data (including sensitive health information such as insulin and blood glucose levels), and nearly half of them shared this data with third parties. As the researchers concluded, this poses “privacy risks because there are no federal legal protections against the sale or disclosure of data from medical apps to third parties.” (Think advertisers, marketers and other companies.)
[See: 7 Ways Technology Can Torpedo Your Health.]
Unfortunately, these risks aren’t unique to diabetes apps. They’re universal. And yet many consumers have no idea that third parties could gain access to such personal info. “I suspect that most people don’t fully realize what they’re getting into when they use these apps,” says David Kotz, a professor of computer science at Dartmouth College. “Surprisingly few [apps] have privacy policies, and if they do, they’re often vague in terms of what they say about what data is collected, who has access to it and what it’s used for.”
Indeed, when it comes to regulations, health and fitness apps fall into a bit of a no-man’s land. Health and fitness tracking apps that simply allow users to organize and monitor their health information and lifestyle habits aren’t covered by the Health Insurance Portability and Accountability Act, or HIPAA, because they’re outside the purview of health care providers. If an app is used as an accessory to a regulated medical device (such as an infusion pump) or uses an attachment to measure blood glucose levels or performs sophisticated health analyses, the Food and Drug Administration may or may not consider it a “mobile medical app” that must comply with certain guidelines (only a small subset fall into this category). The Federal Trade Commission recently created a web-based tool to help developers of health-related apps figure out which federal laws and regulations might apply to their apps, but the FTC doesn’t require sufficient protection for data that’s collected from users, says lawyer Marc Rotenberg, president of the Electronic Privacy Information Center, a public interest research center based in the District of Columbia.
Even apps that claim to have privacy policies often transmit your information unencrypted and over insecure network connections, which can allow anyone — your friends, family members, colleagues, neighbors and others — to capture that data, according to the Privacy Rights Clearinghouse, a nonprofit organization based in San Diego that’s devoted to helping people protect their privacy. Plus, apps that you can download for free often depend on advertisers for revenue, which means you may be deluged with personally targeted ads.
[See: Apps to Mind Your Mental Health.]
“Some people find it disconcerting to receive ads that are sensitive to their medical condition or behavior,” Kotz says. In fact, in a recent study of 43 health and fitness apps, the Privacy Rights Clearinghouse found that 43 percent of the free apps studied share user-generated personally identifiable information with advertisers, and 52 percent share collected aggregate data (without personally identifiable information) with marketers.
Another concern: “The apps are designed to extract from the user a great deal of information — about movement and nutritional habits, weight, smoking or alcohol use — that would be of interest to employers and insurers,” Rotenberg points out. “This could lead to an adverse determination in an employment context — it can affect decisions related to hiring or promotion — or in an insurance context — it can affect the rate setting for a life insurance policy.”
In other words, “people could use that information to make decisions about you based on their own perception about what that information means — and you’ll never know why that decision was made,” says George Annas, professor and director of the Center for Health Law, Ethics & Human Rights at the Boston University School of Public Health.
Since you can’t count on apps to protect your privacy, the onus is on you to do so, experts say. Here are tips to help you reap the potential benefits of keeping your health details at your fingertips while safeguarding your privacy:
Consider avoiding free apps. If you value the privacy of your health information, you may want to avoid apps that “are advertising-driven for their revenue,” Kotz advises. (Clues: Ads are generally embedded in the content, and these apps are usually free to users.) “Paying for an ad-free version helps reduce your risk” of having your data shared with third parties, Kotz says.
Investigate an app before you download or buy it. The goal is to find out who and how credible the app developer is. Try to find reviews of the app online, Kotz suggests, or through the app store — and check out the privacy policy (you may need to look on the developer’s website). Contact the developer with any lingering privacy-related questions.
Check out an app’s settings carefully. “There are often controls that allow you to turn on or off the collection and sharing of certain information,” Kotz says. “Understanding what those choices are is worth it to you.” If you can’t make sense of these often-confusing options on your own, enlist a tech-savvy friend to help you.
[See: 5 Common Preventable Medical Errors.]
Think carefully about what you’re willing to share. There’s nothing wrong with keeping private matters private, so consider whether your smoking or drinking habits could come back to haunt you if they were to become public knowledge. Also, consider whether you want data brokers or other third parties to know that you’ve had a mental-health condition or pregnancy problem. “Assume that your info will be shared — if you’re not comfortable with that, don’t use the app,” Annas advises, or omit those details when the app cues you for them.
More from U.S. News
HIPAA: Protecting Your Health Information
10 Seemingly Innocent Symptoms You Shouldn’t Ignore
How Private Are Health-Tracking Apps on Your Phone? originally appeared on usnews.com
