“A European study has found that half of health apps could be sharing sensitive personal data via insecure connections, and the majority of these apps share health-related data with third-party companies. The study involved a collaboration of researchers from the University of Pireus, Greece, and Rovia I Virgili University, Spain, who are working to develop improved solutions to protect European citizens’ online privacy. The researchers looked at 20 free apps available on Google Play, all of which had been downloaded between 100,000 and 10 million times and had a minimum rating of 3.5/5. They studied how the apps stored and monitored personal data, such as information about past health conditions. Of the apps analysed in the study, 80 per cent shared health-related data to third-party companies, with the other 20 per cent storing data on the users’ phones. This data included text as well as images, such as X-rays”
While I recognise we have a dire situation in which caring Healthcare Professionals are shaking in their shoes for making the decision to share their mobile number with their Patients I find it amazing that people are really surprised by this finding. I wonder how people who think this is the big issue of the day react to discovering that the biggest Cancer Charities in the world are using private investigators to research the families of people who have cancer so that they can then profile them for highly targeted donation strategies based on their personal wealth etc?
The reality is most of these app users will have public Facebook profiles and likes that would probably tell you more about them than you’ll achieve by hacking the citizens mobiles or the websites they’re interacting with. With some resources and considered use of keyword advertising you can probably engage them too (because as we know most Patients are googling their condition/diagnosis).
I also think the research could’ve had a lot more impact had the top line findings included the names of the 20 free apps, the developers and their partners, if there was evidence that they were being recommended by Medics and Patient Associations, how long Patients used these apps for (we know most apps just get downloaded and soon after are deleted), etc.
I can easily point you to 20 free ‘health’ apps on Google Play that fall into their criteria that are just nonsensical and have 3.5* ratings and 100,000 downloads but they’ve got that because they’ve just gaming the app store, making money via scams and users aren’t Patients but are citizens using it for fun/discovery. Here’s one I found within 5 seconds that meets all the researchers criteria and there are thousands of cookie-cutter similar apps that promise like this one does to give a ‘Doctor Diagnosis’ based on a paint by numbers approach to collecting basic symptoms:
There is probably also no way that the researchers could identify if these apps weren’t just being used by ‘users’ that weren’t actual people/Patients eg. click farm operations can make lots of money from dumb mobile advertisers if they get the context right (it’s easy to imagine the dumb drug companies and the ‘charities’ they sponsor would be very gullible to spending on these type of ads), etc.
I’m a huge fan of Patient Champions and think it would be interesting to see what level of endorsement the apps reviewed by the researchers were getting from Patients (I don’t think that a +3.5 star app store rating is a proxy for this), Medical Professionals and healthcare provider organisations.
“According to the study, the majority of the apps did not meet legal requirements or standards intended to protect users from inappropriate data use and disclosure to third parties. “We strongly support the use of mobile health apps, but users must know that apps’ popularity does not ensure privacy and security,” said Professor Agusti Solanas of Rovira I Virgili’s department of computer engineering and mathematics”
I think it’s clear this is like other minimally regulated markets (eg. the $B supplement industry) and I think a better piece of advice would be for Patients to download and use apps that have been recommended to them by their Healthcare Professionals (who have undertaken quality mHealth training from an accredited training body).
“The issue of health data being shared insecurely has been a concern for years. It has been reported that UK doctors frequently use their phones to share personal health data with their colleagues, including sending text and pictures via SMS to request their professional opinion. In 2015, the NHS was forced to remove health apps from its library of accredited apps after they were found to be leaking patients’ medical details online”
Of course Health data shouldn’t be shared insecurely but there are also issues with how health data that is being shared securely is being used and shared that this report doesn’t seem to touch on eg. Patients in the UK’s NHS gave their health data to medics and it was then given free of charge of an advertising company in the USA that we know is making billions in profits from doing things like selling adverts to referral agents that are masquerading as free helplines for addicts etc.
*** UPDATE 8 Feb 2018: LINK TO THE JOURNAL PAPER ***