Health app accreditation doesn't assure security of data, user privacy

Accredited mobile healthcare apps are not as secure and data is not as protected as many may believe, new research concludes.

The study, recently published in BMC Medicine, reveals apps offered by the United Kingdom's National Health Service Health Apps Library are sharing unencrypted information. The study assessed 79 apps available in the library as of July 2013 to see if they complied with data protection regulations and principles relating to information privacy.

The researchers found that 70 apps transmitted information to online services and 23 sent identifying data via the Internet without encryption. Of 38 apps boasting a privacy policy and transmitting data, the policy did not state what confidential data would be included in the transmissions. Four apps sent both identifying and health information without encryption.

Data protection and consumer information security have long been cited as a prime hurdles in mHealth app and device adoption by consumers, providers and caregivers. This past summer, Verizon security analyst Suzanne Widup said that mHealth security was not being put front and center, especially in relation to how data is being exchanged from patients to devices. In addition, a recent BlackBerry demonstration illustrated how easy it is for a hacker to alter a medication drip in an IV infusion pump.

Lead researcher Kit Huckvale, of the global eHealth unit at Imperial College London, said the findings suggest user privacy may be unnecessarily at risk.

"The results of the study provide an opportunity for action to address these concerns, and minimize the risk of a future privacy breach," he said in an announcement. "To help with this, we have already supplied our findings and data to the NHS Health Apps Library."

For more information:
- here's the announcement
- read the study