Before you download that next popular tracking app you may want to consider what kind of information you’re sharing. Or, at the very least, know that it’s very likely you won’t only be sharing this data with only the app.
Mobile health systems are becoming more and more commonplace and now watchdogs and advocates alike are questioning how safe these apps are. Lawyer Steven Roosa wrote a detailed look at the health app ecosystem for the International Association of Privacy Professionals. In it, he precisely what could be at stake when you hook up your vitals to your smartphone.
The biggest issue with health apps isn’t the data that they collect, but the third-parties with whom they share this data. Roosa writes,
The risk with health and wellness apps is that companies will not realise the large amount of data that their apps collect and share with third parties, such as advertising entities, analytics companies, social networks and hosted solutions. The FTC has been inclined to bring down the enforcement hammer on apps like the Android flashlight app, which shared a persistent device ID and geolocation with a third-party advertiser.
Switch over to a health-related app, and imagine that the app transmitted data allowing third parties to fairly infer that the end-user was pregnant, taking chemotherapy medication, being treated for AIDS, recovering from alcoholism or the like.
This means that while it may be helpful for an app to track and analyse your blood pressure, for example, it could also be sharing this data with other companies. And as it stands now, there are no regulations stopping app-makers from doing just this.
Currently the mobile health industry is in the midst of a sea change. Big guns like Apple and Google are launching their own initiatives to propel mobile health programs, but regulators have yet to follow suit. For example, most health-related tracking apps are not regulated by the FDA or covered by HIPAA.
Apple, for its part, is trying to be extra judicious about what apps it allows on HealthKit. The company says only those with clear privacy policies will be allowed into the HealthKit program.
Non-HealthKit apps, however, likely won’t have the same rigid policies. Apps that focus on personal health statistics but aren’t regulated may very well “use third parties that are not sensitised to the appropriate handling of such data,” explains Roosa.
It’s unclear the extent of any future regulation. The FTC is looking to enter into the health app space, but it may scrutinize the most blatant health app privacy issues. Until regulation catches up it’s important for consumers to know and understand where their information is going.
As Roosa puts it, “The best way to reduce these risks is through education, awareness and risk-mitigation strategies that address information sharing and collection at the technical level.”