Video: Every Case Tells a Story| Webinar: ACR/CHEST ILD Guidelines in Practice

An official publication of the ACR and the ARP serving rheumatologists and rheumatology professionals

  • Conditions
    • Axial Spondyloarthritis
    • Gout and Crystalline Arthritis
    • Myositis
    • Osteoarthritis and Bone Disorders
    • Pain Syndromes
    • Pediatric Conditions
    • Psoriatic Arthritis
    • Rheumatoid Arthritis
    • Sjögren’s Disease
    • Systemic Lupus Erythematosus
    • Systemic Sclerosis
    • Vasculitis
    • Other Rheumatic Conditions
  • FocusRheum
    • ANCA-Associated Vasculitis
    • Axial Spondyloarthritis
    • Gout
    • Psoriatic Arthritis
    • Rheumatoid Arthritis
    • Systemic Lupus Erythematosus
  • Guidance
    • Clinical Criteria/Guidelines
    • Ethics
    • Legal Updates
    • Legislation & Advocacy
    • Meeting Reports
      • ACR Convergence
      • Other ACR meetings
      • EULAR/Other
    • Research Rheum
  • Drug Updates
    • Analgesics
    • Biologics/DMARDs
  • Practice Support
    • Billing/Coding
    • EMRs
    • Facility
    • Insurance
    • QA/QI
    • Technology
    • Workforce
  • Opinion
    • Patient Perspective
    • Profiles
    • Rheuminations
      • Video
    • Speak Out Rheum
  • Career
    • ACR ExamRheum
    • Awards
    • Career Development
  • ACR
    • ACR Home
    • ACR Convergence
    • ACR Guidelines
    • Journals
      • ACR Open Rheumatology
      • Arthritis & Rheumatology
      • Arthritis Care & Research
    • From the College
    • Events/CME
    • President’s Perspective
  • Search

Health Apps Often Lack Privacy Policies & Share Our Data

Lisa Rapaport  |  March 10, 2016

(Reuters Health)—Just because a health app has a privacy policy doesn’t mean the data will remain private, an analysis of mobile tools for diabetes suggests.

In fact, privacy policies appear rare, and when they do exist, most state that user data will be collected and half warn that medical information will be shared with third parties.

ad goes here:advert-1
ADVERTISEMENT
SCROLL TO CONTINUE

“Simple privacy policies can help patients protect their personal information, but only 19% of the apps in our study had a privacy policy available pre-download,” said lead author Sarah Blenner, who did the study at ITT Chicago-Kent College of Law and is currently a public health researcher at the University of California, Los Angeles.

“App developers avoid privacy policies because they want to be able to share health information to advertisers without the knowledge of the users,” Blenner added by email.

ad goes here:advert-2
ADVERTISEMENT
SCROLL TO CONTINUE

One-fifth of smartphone owners had health apps in 2012, and 7% of primary care physicians recommended a health app to their patients, Blenner and colleagues write in their report in JAMA on March 8.

To get a sense of how well patient privacy is protected by apps for managing chronic disease, the research team focused on one common condition—diabetes.

They analyzed 211 apps available for download in Google Play, the online marketplace for the Android operating system that powers about 83% of smart phones worldwide.

For the subset of 41 apps with any privacy policy at all, only four said they would ask users for permission to share data, the study found.

Slightly more than half of the apps with privacy policies said they would collect data when the app was used or when people registered for an online account.

Just six of these apps, or 15%, explicitly stated that they would not collect personal information from children.

Sixteen, or 39%, said user data may be used for advertising purposes.

One limitation of the study is that the analysis focused on privacy policies available prior to downloads, not features available within the apps, the authors note. The study also excluded apps made for iPhones.

Even so, the findings likely apply to a wide variety of apps for different types of diseases, said George Annas, director of the Center for Health Law, Ethics and Human Rights at Boston University School of Public Health.

“Most apps want to sell medical information to marketers and are likely to think fewer people would use their app if they knew this,” Annas, who wasn’t involved in the study, said by email.

“Only patients who think it is OK for their physicians to sell all or parts of their medical records are likely to agree to this practice,” Annas added.

Generally, apps aren’t required to have clear privacy policies and there’s little incentive for them to provide specifics because it increases the odds that they could face liability for disclosing incorrect information, said Scott Kambler of KamblerLaw LLC in New York.

“Plus, we often see companies that just don’t know what’s happening with personal data,” Kambler, who wasn’t involved in the study, said by email. “They code apps and send data to third party affiliates or partners, but they don’t know what the third parties do with the data. In fact, the company offering the app may have hired a third party to develop the app and may not know what it does behind the scenes.”

Page: 1 2 | Multi-Page
Share: 

Filed under:AppsTechnologyTechnology Tagged with:diabeteshealth apphealth informationprivacy

Related Articles

    Healthcare Providers Must Get Compliant with HIPAA Privacy Practices

    August 1, 2013

    Failure to have an updated Notice of Privacy Practices by September 23, 2013 could result in fines and penalties

    Expansion of Mobile Health Apps Makes Physicians’ Job Easier

    April 2, 2014

    Rheumatologists choose, review top mobile health devices

    Tech Talk: Apps Put More Rheumatology Information at Fingertips

    June 10, 2012

    With more and more mobile devices and apps coming onto the market, more and more information is available to rheumatologists on the go.

    HIPAA Privacy Rules Bring New Enforcement Guidelines

    November 1, 2014

    Focus shifts from voluntary to punitive; makes business associates more accountable for breaches of personal health information

  • About Us
  • Meet the Editors
  • Issue Archives
  • Contribute
  • Advertise
  • Contact Us
  • Copyright © 2025 by John Wiley & Sons, Inc. All rights reserved, including rights for text and data mining and training of artificial technologies or similar technologies. ISSN 1931-3268 (print). ISSN 1931-3209 (online).
  • DEI Statement
  • Privacy Policy
  • Terms of Use
  • Cookie Preferences