It seems health apps may pose a security risk more considerable that previously thought. Health apps sound great in theory. They help patients suffering from chronic illnesses receive proper care and medical monitoring at home. Health apps also contribute to the patients’ well-being and recovery once they have left the hospital. There is a wide variety of apps available nowadays and some have become very popular, but it seems that health apps may pose a security risk to their users.
A recently published study found that the privacy risks that some mobile health apps pose may be understudied. Previous research has shown that, by 2012, one-fifth of smartphone users had health apps installed on their devices and that 7 percent of primary care physicians were recommending health apps to patients. In fact, the prescription of some health apps has been approved by the US Food and Drug Administration.
However, many health apps monitor and track sensitive patient medical data, which is then transmitted to the health care provider in order to help medical professionals stay up to date on patients’ progress and current health issues. Sensitive information such as the patient’s disease status and medication compliance is recorded by these apps and transmitted to hospitals, primary care physicians, or specialists monitoring the patient’s case.
Understanding Why Health Apps May Pose a Security Risk
The connection between privacy disclosures and the practices of health apps has not been studied enough to understand the extent of the security risk that these apps could pose. Privacy risks and the security protocols used to guard sensitive patient information can vary greatly from one health app to another, so understanding the possible implications of using these apps to transmit medical data is important to protecting patients’ privacy.
A recently published study analyzed the connection between the privacy disclosures and practices of different health apps and the privacy risks associated with these practices. The study’s findings shed light on an issue many health app users never even considered: the security risks of transmitting medical data via these apps. Many consumers may not know exactly how private their medical records really are when they access a health app. The study found that some apps collected user data and even shared it with third parties and partners, sometimes transferring them to various countries around the world.
Analyzing health apps risk implies studying the possibility of a health data breach taking place. Medical records contain sensitive patient information such as personal and banking details as well as disease statuses and current treatments. The possibility of a data breach must be considered when assessing health apps threat, as there have been previous cases of malicious hacking for the purpose of stealing and selling medical data.
However, this recent study has found that health apps may be sharing the user data with third parties. This means that, even without a health data breach, health app users’ medical data may still be at risk because of the privacy practices of the app itself.
Recent Findings on Health Apps Privacy Policies
A recent study focusing on the privacy policies of Android diabetes apps and the sharing of health information found that health apps can collect sensitive patient data and store it for further use. The study found that, of the 211 diabetes apps that were identified and that remained available for the duration of the study, 81 percent did not even have privacy policies. Of the 19 percent (41 apps in total) that did have privacy policies, not all of the existing provisions actually aimed to protect user privacy.
The study began in January 2014 and researchers identified all the Android diabetes monitoring apps available on the Google Play platform. They then collected and analyzed the privacy policies and the disclosures of what apps could access and control on the smart device. They analyzed the apps that continued to be available 6 months after their original search.
At first, the researchers identified 271 diabetes apps available on Google Play for the Android OS. Within six months, 60 apps had become unavailable so the researchers studied the remaining 211. Out of the 211 apps studied, 65 were randomly selected for transmission analysis. After identifying the 41 apps that did have privacy policies, the researchers analyzed the permissions that these apps had.
Users must agree to a health app’s permissions in order to download and use that app. The permissions for these 41 apps were found to authorize the collection and modification of sensitive user data. 17.5 percent of these permissions included tracking the user’s location. 11.4 percent of them authorized the activation of the device’s camera and 3.8 percent authorized the activation of the microphone. A staggering 64 percent of these permissions allowed the modification or deletion of the collected information.
In the case of the transmission analysis performed on the 65 randomly selected apps, it was found that sensitive health information was being collected and shared with third parties and partners. Information such as insulin and blood glucose levels was routinely recorded and shared for several reasons. 56 of the 65 tested apps placed tracking cookies on the devices. Of these 65 tested apps, 41 did not have privacy policies and 24 did. 31 of the 41 apps without privacy policies shared user information with third parties. 19 of the 24 apps with privacy policies also shared user information.
How Health Apps May Pose a Security Risk for Users
It is disconcerting that only 41 of the 211 available apps had privacy policies to begin with. The fact that, of these 41 apps, only 8 did not collect user data and only 21 did not share the data they collected with third parties is even more distressing. 16 of the 41 apps had privacy policies that authorized the use of the collected data for advertisement purposes. 11 of the 41 apps could transfer the user data to other countries around the world.
Considering that these worrisome statistics are only based on the 19 percent of diabetes apps that did have any privacy policies at all, it makes sense to raise more questions concerning the possible medical data security risks involved with using health apps. 81 percent of the available apps did not even provide privacy policies. The study’s findings show that user data is by no means secure or private when using health monitoring apps. It is clear that more research is needed to find out exactly to what extent health apps may pose a security risk to patients’ private data.