Check apps for unauthorized data transmission

As a matter of course, hospitals should always vet the health apps they and their staff use, or that they recommend to patients, to ensure they aren't disclosing inappropriate information to third parties. With that in mind, the Wall Street Journal, last week, reported on efforts by federal investigators in New Jersey with regard to allegations that smartphone apps may be sending transmissions of users' location and other information to unauthorized third parties.

The report indicates a number of online industry players have been called to explain the practice, including online music service, Pandora Media, which admitted in an SEC filing that it has been subpoenaed to testify before a grand jury, although it says it is not a target of the investigation.

The problem: A Journal review of more than 100 apps found that more than half actually transmitted information about the users' cell phones, including unique identifier number and location, to unauthorized parties. A small percentage even transmitted data on users' age and gender, as well, the Journal reports.

For non-healthcare companies, the legality of the transmissions is still a bit murky, although it could violate the federal Computer Fraud and Abuse Act. For healthcare providers, however, the risks should be far clearer, if any of the transmitted information is considered protected health information. For example, if a patient is in the hospital or a physician's office when his or her location information is collected, that information could be considered protected, Sharon Goott Nissim, consumer privacy counsel for the Electronic Privacy Information Center tells FierceMobileHealthcare. "Thinking about that is a little scary," she adds.

Hospitals should immediately begin asking questions about the apps they use, including what information is being transmitted, how it is being stored, how long it is being kept, and whether patients are being notified that the data is even being collected, Nissim recommends.

Either way, this "hopefully...will bring about a big change in the industry and make companies be more responsible in what data is being collected," Ginger McCall, EPIC's assistant director told the Journal.

For more information:
- read the Wall Street Journal article

Related Articles:
Smartphone apps: Are insurers harnessing their potential?
10 Egregious Patient Privacy Breaches