Your Android Diabetes App is Probably Selling Your Health Info
And federal regulators aren’t stopping them.
Be careful what health info you share on Android-based apps, according to a Fierce HealthCare report.
In a new study, researchers found that Android-based diabetes apps sometimes collect private health data and share it with outside third parties without warning users. Researchers with the Illinois Institute of Technology Chicago-Kent College of Law found that 81 percent of the 211 Android-based diabetes apps reviewed did not have privacy policies. Only four of these apps asked users for permission to access and share private data with outside corporations.
The findings were reported in the Journal of the American Medical Association.
On the other side of the smartphone fence, Apple did warn health app developers that those wishing to share data on its new HealthKit platform would not be allowed to sell health data of users. However, this doesn’t mean that every Apple health app should be considered more secure than an Android health app. Those IOS apps that don’t use HealthKit aren’t bound by the same rules, and might sell the data.
Of course, app data security is about more than privacy policies – where and how the data is stored matters. Information gathered from iOS apps that utilize Apple’s Health Kit is encrypted, making it more secure from hacks. Once information leaves Apple’s cloud, however, it becomes vulnerable again. Also, telemedicine researchers at the University of Valladolid in Spain warned that many health apps, both Apple- and Android-based, don’t do enough to adequately protect health data from attacks.
Currently, there isn’t much federal oversight of apps to ensure health data privacy. Sensitive health information shared on apps is not under HIPPA protection. Also, regulation of such apps falls into a grey area between two regulatory bodies – the FDA and the FTC (Federal Trade Commission). According to commentary by the International Association of Privacy Professionals, the FDA decided only to regulate apps it deems to be medical devices or might pose a health risk. Meanwhile, the FTC usually only intervenes if an app uses deceptive marketing or makes false medical claims.
Such privacy concerns should be put into perspective, however. All information shared in the cloud is vulnerable to being shared, legally or illegally. We weigh the risk of this everyday and still decide to do everything from online banking to email. The researchers issued the report to get physicians and diabetes educators to start thinking about privacy concerns when considering the risks versus rewards of suggesting their patients use diabetes apps.
Thanks for reading this Insulin Nation article. Want more Type 1 news? Subscribe here.
Have Type 2 diabetes or know someone who does? Try Type 2 Nation, our sister publication.