Healthcare Apps and Data Privacy/Security Risks
By Susan Walberg, JD MPA CHC
Healthcare apps have become increasingly prevalent, with people using them for counting steps, monitoring their calories, or linking to various medical devices, to name just a few examples. Since the COVID outbreak, however, and the explosion of telehealth as a healthcare option, these apps have proliferated at an insane rate. As of 2020, there were 325,000 healthcare apps on the market, with more coming all the time.
Whether you are a consumer who uses such apps, or a provider who wants to develop an app for patients to use, it’s important to understand some of the privacy and security risks that may accompany the use of such tools, and what to watch out for.
What are Healthcare Apps?
An ‘app’ is a small program that can be loaded onto a phone or mobile device to perform a specialized function. In healthcare, there are two main types of healthcare apps, in terms of privacy and security regulations, and the rules governing them vary accordingly.
The first type are the applications that are used by your healthcare provider. They may be used to store your lab or radiology results or might be integrated with a medical device for tracking/monitoring purposes, such as an electrocardiography device that monitors heart activity. Or they may be used to coordinate your care.
The second type are personal or private healthcare apps, those that an individual can get at an app store to track and manage their diets, exercise, or specific health conditions. There are apps for mental health, Diabetes, and, of course, COVID, to name just a few. Many of these apps are free.
Nothing in Life is Free
First, let’s talk about those ‘free’ apps.
Free apps, how cool is that? Depending on your view, an application that tracks and shares your personal information might not really be ‘free.’
If you go online and look for a free app to help you count calories or manage your diet, for instance, the odds are good that there are advertisements on the app, right? Well, most of those ‘free’ apps, with the ads included, will be sharing your information with the advertisers and perhaps even with other companies, such as the ‘big tech’ companies or other stakeholders or investors.
You may expect this, and you might not care. After all, any online Google search leads to targeted Facebook ads relating to that same subject matter, right? We may not like it, but we are getting used to the fact that our online activity is not really private.
But when you choose one of those apps, think about what information you are entering because it is probably not private. How much of your medical information is being collected in order to help you manage your Diabetes or exercise program? And do you know where that information might be shared? You may accept the fact that your use of the app is not private, just like your Google searches seem to have a direct pipeline to Facebook. But think about the data collected, because that’s not private either. And that’s not illegal in this situation.
But…But…HIPAA
How can this health information NOT be private? There must be regulations protecting your privacy, especially when it comes to your healthcare information, right? We hear all the time about HIPAA (The Health Insurance Portability and Accountability Act of 1996) and how your health information can’t be shared.