It's estimated that nearly two thirds of adults in the United States now own a smartphone (source). Smartphones have become an integral part of our daily lives, keeping us connected to friends, family and the entire world. But a new study has found privacy concerns in mobile health apps.

Researchers from the Illinois Institute of Technology Chicago-Kent College of Law embarked on a mission to discover whether or not diabetes health apps for Android devices had secure privacy policies. They first began by identifying all of the respective diabetes health apps for Android, at which point they installed a random number of these apps to see if data was being transmitted to any third-party entities.

At the end of the six-month study, researchers discovered that 211 of the original apps remained on the Android marketplace. Of those 211 apps, 80% had no privacy policies in place. And the select apps that did have privacy policies lacked the proper provisions to protect its users. Researchers also found that roughly 80% of the diabetes health apps tested collected users' data, and 50% shared this data. Only a mere four of the apps tested had privacy policies asking for users' permission to share their data.

Note: health apps for Apple devices were not tested during this study.

"This study demonstrated that diabetes apps shared information with third parties, posing privacy risks because there are no federal legal protections against the sale or disclosure of data from medical apps to third parties," wrote the study's authors. "Patients might mistakenly believe that health information entered into an app is private (particularly if the app has a privacy policy), but that generally is not the case. Medical professionals should consider privacy implications prior to encouraging patients to use health apps."

Of course, there's been a growing a concern regarding the privacy (or lack thereof) of mobile health apps in recent years. With more and more doctors using these apps to facilitate their operations, it raises concerns in regards to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The Office for Civil Rights (OCR) has even launched a portal to assist health app developers in creating compliant apps.

Whether you are a doctor, physician or any other entity covered under HIPAA, you should tread cautiously when using health apps. If Protected Health Information (PHI) is transmitted or stored on the app, certain precautions must be taken to remain compliant with HIPAA while protecting users' privacy.

This study was published in the Journal of the American Medical Association (JAMA).

Subscribe to our mailing list

* indicates required