Do Health Apps Threaten Privacy?

It may not occur to most users of a fitness app, for instance, that their personal data will be disclosed to the device manufacturers.

The growing use of smartphone apps and wearable devices to generate personal health and lifestyle data poses a dilemma for privacy. While individuals have much to gain using apps to help them manage health concerns, the privacy of the data itself may be at risk. Consumer-grade devices that link across internet networks are rather vulnerable to hacking. The levels of security that can be tolerated by users fall short of enterprise networks. The portability of wearables and smart devices, carelessness with passwords and lack of encryption mean confidential data is much more at risk of being stolen. See also: 5 Apps That May Transform Healthcare   Apps use a program interface (API) to access sensors in devices themselves -- GPS, messages, even the camera -- and to collect data. Many apps combine data to draw conclusions (accurate or otherwise) about the user’s health. Some insurers are already using activity data from fitness trackers to enhance products. It seems likely the trend will continue as apps become more sophisticated and hardware develops broader appeal. U.S. federal and state laws require published policies concerning the use, disclosure and safeguarding of personal data by mobile apps. Health data are subject to special restrictions. In addition to imposing restrictions on sale and disclosure on all personal data on apps, EU data protection directives and national laws have more restrictions for health data; for example, explicit consent requirements. Apps must comply with all applicable legal requirements for processing health data and personal data more generally, including consent requirements of various levels of specificity and explicitness for different types of uses and disclosures of different types of personal data. It may not occur to most users of a fitness app that their personal data will be disclosed to the device manufacturers, which may sell it to third-party advertisers or share it with data aggregators. The terms and conditions of apps are not always read, or the developer is based beyond national legal boundaries. The relatively short life cycle of many apps could also mean personal data may end up lost as the apps become defunct. A survey by the Global Privacy Enforcement Network found that, in 85% of the 1,200 apps reviewed, the owners failed to clearly explain how they were collecting, using and disclosing personal information. EMEI (unique serial) numbers of smartphones make identification of individuals simple, and many app users mistakenly believe their information stays private. See also: Wearable Tech Raises Privacy Concerns   I have previously written about how wearables and apps that use smartphones as a hub can play an important role in life and health insurance (see my slideshare: The Growing Impact of Wearables on Digital Health and Insurance). Research in the U.K. shows half the population now monitors their health problems this way, and 95% of doctors see more patients bringing their own data to appointments. The trend is expected to continue -- more than 140 million wearables are expected to be sold in 2020, up from around 70 million in 2014. Underwriters and claims assessors will process increasing levels of digital health data in their day-to-day work. However, if patients cannot believe the health data they store in apps is private, they may resist calls from clinicians to use them. It’s important to address concerns over data privacy or failures to protect individual’s sensitive information, so patients’ resistance does not stall this innovation. © Reproduced with the permission of General Reinsurance AG, 2017.

Ross Campbell

Profile picture for user RossCampbell

Ross Campbell

Ross Campbell is chief underwriter, research and development, based in Gen Re’s London office.


Read More