More than 165,000 health-related apps are available to download on smart phones, but a majority of them are unregulated, raising concerns for both doctors and those in the legal community.
Health apps run the gamut from fitness to fertility, mental health to diabetes. Consumers often input their most intimate information without knowing the full story of where their data is going, according to Lori Andrews, a professor at IIT-Chicago Kent College of Law.
“These are miniature surveillance devices,” said Andrews. “(Our phones) are on us at all times.”
Andrews studied a random sample of the top 400 health apps and says she found alarming holes in data privacy. For one, Andrews said an overwhelming majority of the apps did not have privacy policies.
“We found over 70 percent shared that intimate health information with data aggregators, some of them who provided that information to life insurers and health insurers,” Andrews said.
What’s problematic, Andrews said, is app developers aren’t breaking the rules by doing so. While doctors and medical institutions are bounded by federal HIPAA laws to safeguard data privacy and health-related information, those same regulations do not apply to a majority of app developers.
“The consumer might get the impression that she’s just monitoring her own health. She may not realize there are real downsides to that information being shared with third parties like life insurers who might then deny her insurance because she’s not keeping her diabetes in check or she’s had too many miscarriages or things that might indicate a larger health problem,” Andrews said.
According to a July 2016 Consumer Reports study, findings found the popular Glow Pregnancy App had security flaws that “would be easy for stalkers, online bullies or identity thieves to use the information they gathered on Glow’s users.” The report said Glow worked quickly to correct the vulnerabilities and updated the app.
According to Andrews and doctors, a chief concern of health apps is that many are not backed by sound science. A minority of medical apps consult a physician or healthcare provider in development, according to Dr. Sherif Badawy, a hematologist and oncologist at Lurie Children’s Hospital.
In Badawy’s published report on health-related smartphone apps, he highlighted some risks, including one example where inconsistencies were found in apps that purported to help with opioid conversion calculations.
“That can be dangerous and lethal,” said Badawy. “No one is supervising it so a patient can download an app, open it, but maybe that information is inaccurate.”
The Food and Drug Administration only regulates mobile apps that function as a medical device, for example, an app that hooks up to an EKG heart monitor.
“The FDA focuses its regulatory oversight on only a small subset of mobile applications that may impact the performance or functionality of currently regulated medical devices and may pose a risk to patients if they don’t work as intended,” said an FDA spokeswoman in an email.
In recent years, the Federal Trade Commission has cracked down on apps for false advertising.
In 2015, the FTC settled with one app developer whose “Mole Detective” family of apps instructed users to take a photograph of their moles, then purported to determine the users’ risk of melanoma. The company settled the complaint with the FTC and agreed to stop making claims concerning the app’s ability to detect melanoma without having sufficient evidence to back up those claims.
“You just need to know what you’re getting yourself into and understand the risk and benefits which many of these companies don’t explain,” said Badawy.