Mobile health apps present privacy and efficacy risks, studies find
Privacy risks and poor data regarding the efficacy of mobile health apps should give clinicians pause when recommending these hugely popular apps to patients, two recent studies suggest.
A detailed analysis of the workings of 24 popular mobile health apps, published in the March edition of the BMJ, found that the apps disseminated a wide range of information, including personal health information, to a broad array of companies, posing "unprecedented risk to consumers' privacy."
The study further concluded that "little transparency exists around third party data sharing, and health apps routinely fail to provide privacy assurances, despite collecting and transmitting multiple forms of personal and identifying information." The authors suggested that clinicians should be conscious of these privacy risks. Moreover, they should explain the potential for loss of privacy to the patient as part their informed consent process.
The apps studied were ranked among the most highly rated healthcare apps available through Google Play in the UK, US, Canada and Australia. Through an in depth traffic, content, and network analysis, the study discovered that 17 of the 24 apps transmitted user data outside the app. Most of these transmissions were encrypted but 6% were in clear text.
App developers frequently claim that no "personally identifiable" information is collected or shared by their creations. But the study points out that it is common for data obtained to be used for targeted advertising. As a result, by bringing various data streams together, users can indeed be uniquely identified by advertisers, if not by name.
A further concern about mobile health apps relates to their efficacy. A separate study published in NPJ Digital Medicine last year found that very few health apps currently available have robust science showing them to be effective.
"At present, anyone can create and publish health and medical apps in the app stores without having to test them, and patients must experiment with apps by trial and error," noted the authors of this study. "If [doctors] are to prescribe health apps, then they must be confident that the apps are shown to work, have fair privacy and data safety policies, and are usable at the very least."
Concerns about both the efficacy and the privacy risks of mobile health apps are clearly pertinent to the risk exposures of healthcare providers who recommend them. Given the enormous popularity of these apps, healthcare providers and their brokers would do well to ensure that their liability insurance provides appropriate coverage.
About the author:
Kyle joined Beazley in January 2017 as an underwriter on our Private Enterprise team, specializing in Miscellaneous Medical risks. Prior to working with us, he previously underwrote small non-profit business at United States Liability Insurance and mid-market/large healthcare accounts at AIG. Kyle received his bachelor’s degree in Finance from Saint Joseph’s University in Philadelphia where he was also a member of their Division 1 Track & Field Team.