Are Mobile Healthcare Apps Jeopardizing Your Privacy?
May 16, 2022 - Written By: Aston Martinez
For many people, it doesn’t come as much of a surprise that any online technology carries massive risks to our privacy. In fact, it has long been a topic covered in documentaries, debates, and even fictional movies. The data our phones collect through various apps and social media sites tracks hundreds of different data points that are then analyzed or sold to various marketing companies in order for them to better understand you – at least enough to tailor their ads to you for maximum effectiveness. However, this invasive strategy may also be being exploited to gather priceless information about our health.
What Information Is Collected & How
There are thousands upon thousands of apps available today that center on health, fitness, and medical care. The information being tracked and collected largely depends on the app being used and its intended function, but many health apps collect information such as:
Your diagnosed conditions
Your symptoms, as well as their frequency and severity
What medications and supplements you take
Care summaries from physician appointments
Fertility and menstruation cycles
Your mental/emotional health and struggles
Your vaccination records
Your tracked vitals or body measurements
Your health-impacting habits (sleep, diet, exercise, etc.)
Whether you drink or smoke
Your web browsing and social media history, behaviors, and interests
Your login information, email addresses, and/or phone number
Even if an app isn’t outright collecting and selling your data, anything involving such a wealth of valuable information is inevitably going to be subjected to data leaks or security breaches at some point or another. A report that studied the 30 most popular medical health apps available found that the apps were highly susceptible to attacks that allow unauthorized users to access your medical records, collected data, and other personally identifiable information (PII). (Chmielewski, 2021)
Why This Practice Is Harmful
While collected health information can be used in positive ways, such as to help the developers improve the app or allow them to connect you with resources specific to your diagnosed conditions, there will always be potential for that information to be exploited or used in discriminatory ways.
Yet another study performed in Canada raised some particularly troubling concerns. (Grundy et al., 2019) For starters, the laws that typically safeguard your protected health information (PHI) from a legal perspective actually don’t apply to medical apps. Another concern the researchers cited is the possibility that this information will make its way into our overall health scores, which are used by life and health insurance companies to determine how much it costs to insure you, thus making your insurance policies less affordable and accessible. Patient information has also historically been used by medical care cost-cutting systems in ways that have made access to medical care even more disproportionate. (Grundy et al., 2019)
Going even further, the study revealed that third parties then sold information to fourth parties, many of which couldn’t even be classified as belonging to the medical or healthcare industries whatsoever. (Grundy et al., 2019) The fourth parties noted by the researchers included multinational tech companies, digital advertising companies, telecommunications companies, and consumer credit reporting agencies.
The lead author of the report, Quinn Grundy, Ph.D., had this to say about the even further-reaching ramifications of the collection and use of patient data: “This, I think, is the world of algorithms, where user data is packaged, analyzed, and sold as a product that can be used to make decisions about things from whether someone should rent to you, or employ you, or give you benefits, and I think we’re seeing those sorts of products increasingly used.” (Grundy et al., 2019)
Protecting Your Privacy
Needless to say, many of these medical and health apps are so popular for a good reason – they can be incredibly helpful tools for tracking, understanding, and optimizing our healthcare experiences. If you’re currently worried about whether you’ll have to delete your favorite or most helpful apps, don’t fret. While deleting them is an option, it’s not the only available option for protecting your information.
So, what can we do about this? How do we go about protecting our privacy? Here are some steps you can take:
Opt for apps that are more likely to fall under privacy laws and protections, such as apps offered directly by your physician's office.
Be wary of apps that are free or ad-supported. Though these apps come at no monetary cost, they often come at the expense of user privacy because they harvest and sell user data to stay afloat.
Re-read the privacy policies at regular intervals. Policies that currently claim they don’t share user data can change at any point in the future.
Pay attention to the permissions that apps request access to and ask yourself whether it even makes sense for the app to need those permissions to function properly. For example, an app you use as a symptom tracker doesn’t necessarily need to know your current GPS location, enable your microphone, or access your contact list.
Familiarize yourself with and adjust your phone’s privacy settings - including location services, tracking across various apps, app permissions, data your phone collects for analytics and improvement, and settings regarding personalized advertisements.
Regardless of what we do on our end, it’s important to advocate for change and accountability when it comes to how apps are created, regulated, and marketed. We need to fight for more safeguards to be put in place to better protect consumer data and health information.
References and Resources
Chmielewski, D. (2021, February 9). Mobile health apps systematically expose PII and phi through apis, new findings from Knight Ink and Approov Show. Business Wire. Retrieved May 15, 2022, from https://www.businesswire.com/news/home/20210209005461/en/Mobile-Health-Apps-Systematically-Expose-PII-and-PHI-Through-APIs-New-Findings-from-Knight-Ink-and-Approov-Show
Grundy Q, Chiu K, Held F, Continella A, Bero L, Holz R et al. Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis BMJ 2019; 364 :l920 doi:10.1136/bmj.l920
Tangari G, Ikram M, Ijaz K, Kaafar M A, Berkovsky S. Mobile health and privacy: cross sectional study BMJ 2021; 373 :n1248 doi:10.1136/bmj.n1248
Aston Martinez is a writer, community-based activist, and aspiring public speaker. She lives with multiple rare diseases, and she's on a mission to bring more awareness and fairness to the rare disease community. She's also the VP of Content for Habit Nest and has a passion for writing fiction!