Many common health apps are sharing potentially sensitive medical data with third parties, study finds
- Health apps are a treasure trove of medical information for third parties
- An analysis of some of the most popular apps show data sharing is common
- The types of info they share include drugs taken, conditions, and browsing
- How and when information is shared is currently unregulated, study notes
By now, anyone connected to the internet is familiar with the concept that their data — whether through social media, search engines, or other apps and interfaces — is far from private.
According to a recent study, the same holds true for what is considered to be among peoples’ most sensitive personal information: medical history.
The report, released in the British Medical Journal (BMJ) says that the medical information from personal health apps is routinely shared with third parties in a process that is both unregulated and often lacking in transparency.
Medical information, among the most guarded categories of data, is now being traded by a growing number of health and fitness apps.
WHICH DATA IS SHARED BY HEALTH APPS?
A new report found that some of the most popular medical apps for Android in the U.S., U.K. and Australia are sharing user data with third parties.
This includes Medscape, Ada, and MedicineWise.
Among the most common categories of medical information shared by health apps according to a report are:
-Browsing (38 percent)
-Drugs taken (25 percent)
-Medical conditions (17 percent)
‘Mobile health apps are a booming market targeted at both patients and health professionals,’ reads the study.
‘These apps claim to offer tailored and cost-effective health promotion, but they pose unprecedented risk to consumers’ privacy given their ability to collect user data, including sensitive information.’
According to the study, the ubiquity of data sharing among the health apps is also a of major concern for patients and physicians.
Of the 24 apps studied, 19 of them, or 79 percent, engaged in data sharing practices.
These include some of the most popular medical apps for Android in the U.S., U.K. and Australia like Medscape, Ada, and MedicineWise.
While the type of shared information ranged among the apps studied, a significant portion of the subjects exchanged direct medical data like lists of drugs taken by a patient, names, and medical conditions — valuable data sets that can be sold to interested parties like drug manufacturers and insurance companies.
As to where that data is going, the recipients are seemingly wide open.
Among the harvesters of medical data are tech giants like Google, Amazon, and Microsoft, but also lesser known cloud companies like MongoDB, Rackspace, and Tier 3.
Alphabet, Google’s parent company, was the biggest recipient of medical data through apps.
The impact of medical apps’ unfettered sharing with third parties not only brings to light serious privacy concerns, according to researchers, but also opens the door to the threat of medically-based discrimination.
Some of the most popular apps in the U.S. and U.K. share to large tech companies like Google, Amazon, and Microsoft.
‘Privacy will become an important social determinant of health, and regulators should reconsider whether sharing user data for purposes unrelated to the use of a health app,’ reads the study.
‘At minimum, users should be able to choose precisely which types of data can be accessed and used by apps (eg, email, location), and to have the option to opt-out for each type of data.’
An examination of how data is shared through these types of apps comes at a particularly crucial time, say researchers, as the popularity and volume of them continue balloon.
An analysis by Flurry Analytics — which is coincidentally one of the third party recipients of health data listed by the study — shows that in just three years leading up to 2017, health and fitness app usage grew by a whopping 330 percent.