Report finds health, fitness apps lag in privacy polices compared to other apps

By Heather Mack
03:32 pm

Health and fitness apps may potentially reveal data-enabled insights into the daily lives of those who use them, but what they sometimes fail to reveal are the ways they use the data collected on users.

A recent study from the Future of Privacy Forum, a Washington, DC-based think tank that works to advance responsible data practices, found that -- compared with other apps in the iOS and Android marketplaces -- health and fitness apps lag in privacy policies, with about 60 percent offering such information compared to 76 percent of general apps. 

“While consumers might reasonably expect that any app that collects health and fitness information would be more than likely than general purpose apps to describe its privacy policies and practices, that is not always the case,” the authors write. “Given that some health and fitness apps can access sensitive, physiological data collected by sensors on a mobile phone, wearable, or other device, their below-average performance is both unexpected and troubling.”

Learn on-demand, earn credit, find products and solutions. Get Started >>

Top paid health apps trail behind general apps, the report found, with free apps marginally better at offering privacy polices. When the researchers examined sleep-tracking apps, only 66 percent had any privacy policy, and only a little more than half of those apps linked to their privacy policy from the app store. Period and fertility trackers were better – 80 percent of them had privacy policies, but only 63 percent of them included links to those privacy policies.

"While more apps may have privacy policies today than in years past, they are not always easily accesible by consumers," the report states. "A privacy policy that is only accessible on the developer's website or after an app has been downloaded or purchased is less helpful to consumers wanting to make informed decisions about sharing their personal data."

The report was undertaken as a follow up to similar studies conducted in 2011 and 2012 examining the prevalence of privacy polices in the most popular mobile, with this report building on previous findings to explore the privacy policies of the “most sensitive categories” of apps.

But whether the consumer has access to privacy policies for their apps is just the tip of the privacy spear. A study by the Department of Health and Human Services was much more concerned with the fact that wearable fitness trackers, social media sties where individual health information through specific social networks and other technologies of today did not exist when Congress enacted HIPAA. If an app is not offered by a HIPAA covered entity or a business association (as is the case with most wearables fitness trackers) it is outside the scope of HIPAA protections.

“Sharing information electronically can offer real benefits, such as saving time, improving services and increasing engagement,” the HHS study states. “However, it also exposes the shared information to additional risks.”

Pointing to the 2015 Federal Trade Commission’s report on the Internet of Things, the HHS report mentions the widespread nature of data sharing and collection have outpaced the ability to keep up with security protections of health information.

A major concern was social media, where consumers often share information without the awareness of possible future uses of health information. The report referenced one study examining social network sites targeting people living with diabetes and found less than half of the sites offered safeguards for protecting the individuals’ personal health information. It also found conflicts of interest, such as ties to the pharmaceutical industry, which were not disclosed to the people using these sites. 


The latest news in digital health delivered daily to your inbox.

Thank you for subscribing!
Error! Something went wrong!