A recent study published in the Journal of the American Medical Association has found that a majority of diabetes medical apps are sharing personal data without disclosure or explanation.
Privacy & data security are not new issues when it comes to medical apps. Prior studies have raised concerns that personal information isn’t being adequately protected. And most medical apps aren’t subject to HIPAA, avoiding more stringent oversight and requirements.
In this study, researchers from the Illinois Institute of Technology looked at a total of 211 diabetes apps. For 65 apps they did a more detailed analysis of data transmission while for the remainder they looked at the privacy policies of the diabetes app.
Consistent with other studies, privacy policies were rare – only 19% actually had privacy policies. And of those 41 apps, only 4 stated explicitly that they would ask for permission before sharing data. And yet, many apps could access sensitive data on the smartphone – for example, 17.5% of apps collected location data, 11% could access the camera, 6% could read user contacts, and 4% could record audio.
Privacy & data security are a growing concern with apps in general but medical apps in particular given the potential sensitive nature of the data being collected. Many clinicians and consumers mistakenly believe that the same protections that apply to their medical records apply here.