Android diabetes apps lack privacy, data-sharing protection

Consumers using Android-based diabetes apps may mistakenly believe data collected and stored by the software isn't being shared and their privacy is being protected, according to a new study.

The research, published at the Journal of American Medical Association (JAMA),  advises physicians to consider privacy implications when prescribing the mHealth tool option. Many such Android apps are sharing data with third parties, which poses potential privacy risks, as there is no federal provision in place regarding sale or disclosure of mHealth app data with a third party.

"Health apps can transmit sensitive medical data, including disease status and medication compliance," the researchers, from the Illinois Institute of Technology Chicago-Kent College of Law say. "Privacy risks and the relationship between privacy disclosures and practices of health apps are understudied.," Researchers analyzed privacy policies and permissions on Android apps available in 2014.

Privacy concerns and data sharing have long posed a challenge to mHealth app use and adoption by both consumers and providers, given there are no clear and direct government rules. As the study letter notes, sensitive health data sharing via apps is "generally not prohibited," by the Health Insurance Portability and Accountability Act (HIPAA).

The JAMA study letter notes that 81 percent of the 211 apps reviewed did not have privacy policies, and that of the 19 percent (41 apps) which did, not all of the provisions protected privacy.

Just four policies stipulated it would query users for permission to share data. Regarding data sharing, 11 of 19 apps disclosed the data sharing activity.

"Patients might mistakenly believe that health information entered into an app is private [particularly if the app has a privacy policy], but that generally is not the case," the letter's authors say.

For more information:
- read the JAMA research letter

Related Articles:
HIPAA and mHealth: OCR unveils new guidance on role of developers
Lawmakers blast 'sluggish' response by HHS on HIPAA technical guidance
Safety-net providers face hurdles launching texting solutions
3 hurdles facing digital health IoT innovations