The Future for Privacy Forum (FPF), a Washington DC think tank that seeks to advance responsible data practices, recently released the results of a survey relevant to medical apps and privacy.

A similar study was conducted in 2011. Changes since that time were assessed by FPF.

The survey focused on whether the most popular paid and free apps on leading app platforms provide users with privacy policies.

Of course, the existence of a policy alone does not guarantee that the company will adhere to the policy, but FPF viewed the policy as a minimum statement that developers were paying attention to this issue.

The study revealed some encouraging findings regarding the existence of privacy policies. Overall, free apps were more likely to have privacy policies than paid apps – a finding consistent with the 2011 survey. For the iOS App Store platform, free apps with a privacy policy grew from 40% to 84% since 2011.

Paid apps grew from 60% to 64%. For the Google Play platform, free apps moved from 70% to 76% and paid apps from 30% to 48%. With regard to the types of apps more likely to have privacy policies, the survey indicated that apps requiring location information have policies.

Beyond the existence of a policy, the survey also explored whether the policy could be viewed before being purchased. Less than half of the free (22.7%) and paid (20%) apps had privacy policies that could be viewed on the app store before purchasing apps.

However, customers also face barriers after buying apps with 48% of free apps and 32% of paid apps on all platforms providing access to privacy policies within the app. If the privacy policy is not within the app, consumers have to search for it. This begs for a standard for the platforms to make sure that existing policies be accessible within the app given that the person has already given the app developer money.

Unfortunately, the survey did not focus on health related apps or analyze data in a manner that focused on health apps. Also, the survey only looked at popular apps and not all apps or popular apps in certain fields of interest. Future research should examine whether health related apps which acquire data from users are meeting the basic standard of having a privacy policy. In addition, those which are developed by health care entities covered by HIPAA must meet HIPAA privacy standards.