User Privacy at Risk with Health Apps, Experts Warn
- Health apps' popularity grows
- Experts warn of privacy risks
- Google's Fitbit acquisition
- Health apps advice
Time is a crucial decider between life and death during heart attacks. And regularly monitoring your blood pressure and heart rate are key to surviving a one. Along with other indicators, like shortness of breath and fatigue, you can know beforehand if you’re going to have a heart attack and take all the necessary measures.
Thanks to health apps, people no longer have to make hospital visits or doctor appointments to take certain health tests. Just a few clicks after you install the app, and you’ll have all the information you need. And it doesn’t just involve heart rate and blood pressure. These applications will display a lot more useful data, like weight, sleep analysis, and walking or running distance.
But although health apps are very useful, and sometimes lifesaving, they pose significant privacy risks. They collect users’ sensitive data and share it with third parties like marketing companies. Experts started to warn consumers about these threats, urging lawmakers to protect patient privacy.
The Rise of Health Apps
Mobile health, or mHealth for short, is taking the world by storm. Today, there are around 250,000 health applications on app stores like Google Play Store or Apple’s App Store. Most of them are fitness and activity trackers, while the rest of the apps are for health professionals and patients. They offer a wide range of functions, like text message reminders, disease management, and monitoring users’ heart rate, blood pressure, sleep, weight, and exercise.
And according to the National Center for Biotechnology Information (NCBI), that number will continue to grow over the next few years. A 2018 NCBI study expects mHealth app free downloads to reach 3 million, while paid apps will hit 300,000 purchases in the US alone.
Smartphones and tablets aren’t the only compatible devices with health apps. You can also install them on smartwatches and other wearable technology. Fitbit, for example, is a fitness and consumer electronics company that manufactures smartwatches and develops mobile apps. You can install it on your phone or buy a wearable device.
As of May 2018, Fitbit was the most popular fitness app in the United States. At that time, it gathered 27.4 million users, followed by MyFitnessPal and S Health (for Samsung) with 19.1 million and 14.9 million users, respectively. Today, Fitbit has over 50 million downloads worldwide on the Google Play Store.
Experts Expose Health Apps Risks
Despite their convenience, functionality, and multiple benefits, health apps pose a serious threat to user privacy. Experts warn that these applications share customer data with third parties. That includes marketing companies and tech giants like Google, who use this information to deliver targeted ads. So you can kiss your doctor-patient confidentiality goodbye.
Health-related information is under the protection of HIPPA, a 1996 law that safeguards medical data privacy and security. However, this legislation’s scope doesn’t cover mobile applications, allowing developers to do whatever they want. In May, the American Medical Association (AMA) urged lawmakers to protect patient privacy in the digital realm by introducing “regulatory guardrails.”
A study on privacy issues and apps was presented during AMA’s recent Hypertension Scientific Sessions. The event took place virtually from 10-13 September due to the COVID-19 outbreak. The study investigated 35 apps that monitor diabetes and discovered that all of them share data with third parties. That includes the ones that promised otherwise in their privacy policy.
“Right now, there are no limitations on what companies can do with this data.”
Mohammed Abdullah, medical student at the University of Texas Medical Branch
Dr. David Grande, policy director at the Leonard Davis Institute of Health Economics and author of another similar study, said that health privacy is growing significantly. However, people still don’t have a full grasp of the matter. He added that data collection in the US means the information will be available online forever. Meanwhile, in Europe, users can request the removal of data logs, thanks to the GDPR law.
Google’s Fitbit Acquisition
Google announced last year that it had acquired Fitbit in a deal worth $2.1 billion. The tech company isn’t a stranger to privacy controversies, regularly facing lawsuits worldwide. It also aids law enforcement agencies by providing user information, thanks to its location history database, Sensorvault. And Google products like Chrome and Home Mini constantly collect, store, and share data.
But the Fitbit acquisition allows Google to access a whole new range of information: Health. Data like heart rates, blood pressure, and sleeping habits are now available for the tech giant. So brace yourself for more health-related ads.
However, Google and Fitbit both denied they would sell sensitive data to advertising companies and other third parties. Nonetheless, users and government agencies expressed their concerns over the acquisition. EU regulators are worried about the amount of sensitive data Google will access, and the advantage Fitbit will have over its Play Store rivals.
Australia’s Competition and Consumer Commission (ACCC) also fears a Google/Fitbit monopoly, which could prevent startups from competing.
“Buying Fitbit will allow Google to build an even more comprehensive set of user data, further cementing its position and raising barriers to entry to potential rivals.”
Rod Sims, ACCC Chairman
Furthermore, 20 other consumer advocacy groups are looking into the deal, which is still pending regulatory approval.
Expert Advice for Health App Users
Dr. Grande said most people don’t understand the digital footprint they leave behind when using health apps. One of the reasons behind it is not reading the privacy policy, which can be difficult and complicated. Nonetheless, Abdulla urged users to take five minutes of their time and read the terms and conditions instead of blindly agreeing to everything.
As for privacy-concerned consumers, seeing ads in your health app is a definite red flag. It means that the service sells the info it collects to third parties. You can limit the amount of data gathering by disabling features like location sharing. However, deactivating privacy settings may interfere with the app’s functionality and make it harder to use.
Alternatively, Abdulla said the best thing to do until new regulations come out is to install paid health apps. These services don’t need ad-generated revenue as they make a profit from subscriptions. As for free applications, the only way they can make money is through advertisement, i.e., selling your data.
Health App Privacy Risks – Final Thoughts
Every app we download and install on our device collects sensitive data. Heck, they even require permission to access our contact list, location, camera, microphone, and media gallery. But health apps collect more sensitive data like sleeping patterns, walking steps, and blood pressure. And tech giants or advertising companies getting their hands on such information is a significant invasion of privacy.
Therefore, it’s better to use paid health apps instead of free ones because they mostly don’t sell data to third parties. And if you wish to maintain your online privacy when using the web, use anonymity tools like VPNs. They encrypt your traffic and change your IP address.
Do you use fitness or health apps? Let us know below.