Published: September 10, 2020

Health apps pose privacy risks, but experts offer this advice

By Thor Christensen, American Heart Association News

Please note: This article was published more than two years ago, so some information may be outdated. If you have questions about your health, always contact a health care professional.
Feodora Chiosea/iStock, Getty Images
(Feodora Chiosea/iStock, Getty Images)

Like ordering a ride or food delivery on your smartphone, keeping track of your heart rate, blood pressure or weight is just a few taps away thanks to thousands of free or inexpensive health apps.

But with each click, you may be unwittingly handing over your health data to a third party.

As health apps skyrocket in popularity, experts and medical organizations have begun warning consumers of the hidden dangers. In May, the American Medical Association called on lawmakers and the health care industry to install "regulatory guardrails" to protect all types of patient privacy in the digital age.

Until that happens, health app users are largely unprotected from having their data passed along to tech giants and marketing companies that might target them with ads, said Mohammed Abdullah, senior author of a new study about privacy issues and apps.

The study, being presented at the American Heart Association's virtual Hypertension Scientific Sessions that begins Thursday, examined 35 diabetes mobile apps and found that all of them gave data to a third party, even in cases where the app's privacy policy said it wouldn't. The research is considered preliminary until published in a peer-reviewed journal.

"Right now, there are no limitations on what companies can do with this data," said Abdullah, a medical student at the University of Texas Medical Branch in Galveston. "As technology and health care become further intertwined and companies spend billions of dollars on health care-related apps, it's becoming more and more important to make sure we have checks and balances in place."

That's because the data on health apps, he said, is not safeguarded by HIPAA, the 1996 law that protects health information gathered by doctors and health systems.

"Right now, it's like the Wild West, with zero protection," said Dr. David Grande, author of a study about health privacy in the digital age published in July in JAMA Network Open. "Health privacy concerns are growing at an astronomical pace, but we still have a very antiquated view of them."

For example, Grande said many Americans are unaware that once their health data is collected, it's available online forever. In Europe, "right to be forgotten" online privacy laws offer consumers some protection. But in the U.S., digital health info is "immortal," he said.

"People don't understand all the digital footprints they're leaving behind each time they interact with heath apps, and frankly, it's very hard to understand. Who on earth would want to read a long, complicated privacy agreement?" said Grande, policy director at the University of Pennsylvania's Leonard Davis Institute of Health Economics in Philadelphia.

As arduous as that task might seem, Abdullah urges people to take five minutes to read the agreements and find out what might happen to their data once they click "agree."

"You have to weigh the risks and benefits," he said. "The app might help patients track their blood sugar, but is it worth using if you know your data might possibly be shared?"

For consumers concerned with privacy, one red flag is the presence of ads on the health app.

"If you open the app and find ad services, you can be sure your data is being sent off to a third party in some way, shape or form," Abdullah said.

Another tip is to check the app's automatic settings and make changes that will protect privacy, like turning off your location. But that, too, has a drawback, Grande said. "In some cases, turning off privacy settings makes an app harder to use."

Like many internet-based services, health apps are usually free to download, with app-makers earning money through advertising or selling data to third parties, he said.

However, that business model could change if lawmakers start enacting stricter guidelines and consumers become more willing to pay for health apps.

"Consumers put health very high on their list in terms of where they want privacy protection," Grande said. "As they grow more uncomfortable with every aspect of their life being tracked, I think the thirst for regulation and privacy control will grow, too."

If you have questions or comments about this story, please email [email protected].

American Heart Association News Stories

American Heart Association News covers heart disease, stroke and related health issues. Not all views expressed in American Heart Association News stories reflect the official position of the American Heart Association. Statements, conclusions, accuracy and reliability of studies published in American Heart Association scientific journals or presented at American Heart Association scientific meetings are solely those of the study authors and do not necessarily reflect the American Heart Association’s official guidance, policies or positions.

Copyright is owned or held by the American Heart Association, Inc., and all rights are reserved. Permission is granted, at no cost and without need for further request, for individuals, media outlets, and non-commercial education and awareness efforts to link to, quote, excerpt from or reprint these stories in any medium as long as no text is altered and proper attribution is made to American Heart Association News.

Other uses, including educational products or services sold for profit, must comply with the American Heart Association’s Copyright Permission Guidelines. See full terms of use. These stories may not be used to promote or endorse a commercial product or service.

HEALTH CARE DISCLAIMER: This site and its services do not constitute the practice of medical advice, diagnosis or treatment. Always talk to your health care provider for diagnosis and treatment, including your specific medical needs. If you have or suspect that you have a medical problem or condition, please contact a qualified health care professional immediately. If you are in the United States and experiencing a medical emergency, call 911 or call for emergency medical help immediately.