JAMA study is the latest to examine health app privacy policies

By Aditi Pai

Some 81 percent of diabetes apps in the Google Play store did not offer privacy policies, according to a study of 211 apps published in the Journal of the American Medical Association.

The study is just the latest to examine health app privacy policies. In 2013 Privacy Rights Clearinghouse published a study that found 74 percent of free apps and 60 percent of paid apps had a privacy policy in the app or on the developer's website, while the remaining percentage of apps had no privacy policy at all. A year later a study co-authored by a researcher at Boston Children's Medical Center found that only 183 out of 600 popular health apps, or about 30 percent, had privacy policies.

This most recently published JAMA study was conducted by researchers from the Illinois Institute of Technology Chicago-Kent College of Law in 2014. In January of that year the team identified a total of 271 diabetes-focused Android apps by searching the Google Play store for the term diabetes and chose a random 75 for further analysis. The researchers then waited six months, in which time 60 of the apps became unavailable, so researchers ended up with 211 apps total and 65 that would be further examined.

In an analysis of the 41 apps that did have privacy policies, researchers found that 17 percent of the privacy policy provisions said data may be disclosed to advertisers. Additionally, 48 percent of the provisions said cookies would be used, 61 percent said they would share the data if required by law, and 43 percent said the data would be stored in the developer’s system.

"This study demonstrated that diabetes apps shared information with third parties, posing privacy risks because there are no federal legal protections against the sale or disclosure of data from medical apps to third parties,” study authors wrote. “…Patients might mistakenly believe that health information entered into an app is private (particularly if the app has a privacy policy), but that generally is not the case. Medical professionals should consider privacy implications prior to encouraging patients to use health apps."

The analysis of the 65 apps selected randomly, researchers found that 76 percent of the apps didn’t have privacy policies and within this group, 11 apps disclosed the fact that they shared data with third parties, while eight didn’t. In the randomly selected group, 86 percent of the apps had tracking cookies.