FTC mobile health privacy revelations deserve more attention

A new Federal Trade Commission study reveals that data sharing from mobile health and fitness apps to third-party services providers is taking place, yet there seems to be little public outrage over the trend.

The study focused on data sharing in relation to 12 mobile apps. Data was determined to be shared with 76 third-party vendors. One app maker is sending data to an ad company; while other third-party companies are receiving detailed insight on consumer sleep patterns and exercise insight such as running routes, eating habits and how a user walks or runs.

One reason for the poor public outcry may be that users are OK with data sharing. According to a survey published last month, 90 percent of responding consumers often are more than willing to share personal data if it results in improved care for themselves or others, as long as they can do so anonymously.

That's all well and good, but according to the FTC, anonymity is not happening, given that shared data includes device use, location, device display info, email addresses and user names, and in some cases, first names.

It's not clear why this study isn't hitting home with lawmakers on the federal level or, at the very least, the state level. Privacy and protection of patient information has been a focal point for years in the halls of the Congress.

For instance, stricter HIPAA audits are on the horizon, according to the U.S. Department of Health & Human Services Office for Civil Rights. The health privacy law impacts both providers and business associates of entities sharing protected health information, and covered entity audits in 2015 will focus on issues including computing device and storage media security controls, transmission security, and HIPAA safeguards such as procedures and staff training. The focus in 2016 will include physical access, encryption, decryption and other issues.

What's more, according to a recent White House report on big data, the health industry might need special data-use authorities to fully take advantage of the data's potential while still protecting patient privacy. The authors of the 85-page report "Big Data: Seizing Opportunities, Preserving Values," say that modernizing the healthcare data privacy framework "will require careful negotiation between the many parties involved in delivering healthcare and insurance to Americans."

Still, not one lawmaker has even made a statement on the FTC study's revelations.

It's anyone's guess as to why, but that needs to change quickly. With as much hype as mobile medical and fitness apps are getting, security must be a priority. -  Judy (@JudyMottl and @FierceHealthIT)