Data-sharing is such a part of the modern era that patients often don’t think twice about it. They download an app, check a box at the bottom of a giant block of text about rights and permissions (which no one really reads), and get started. And by started, we mean start sharing with said app a mountain of information, which, if it’s health-related, can include stuff they might rather keep private — things like what drugs they’re are taking and how often.
But we’re in the era of concerning digital privacy practices, so it shouldn’t be a surprise that nearly 80 percent of medicine-related apps shared user data. This finding comes from an analysis of 24 of the top-selling apps published in March in the BMJ. The list was culled from 821 different Android apps available on Google Play in the UK, US, Canada and Australia. Of those, 83 percent were free apps (although some of them contained in-app purchasing options or advertising).
What the Study Found
The research, led by Quinn Grundy, RN, an assistant professor of nursing at the University of Toronto, found that users’ data were shared with 55 unique entities, from 46 different parent companies. Some were first parties (the developers or parent company) or third parties (such as pharma companies and health insurers). And these third parties advertised their ability to share the data with 216 fourth parties. The interactive apps gathered info regarding dispensing, administration and use of medication. For example, they included pill identifiers, dose calculators, the ability to order a prescription refill, symptoms checkers, and drug adherence reminders.
Apps sharing user data is often routine and legal, the researchers note. But how transparent creators are about data collection and sharing practices is much murkier. For example, the authors note that in Australia, a medical appointment-booking app called HealthEngine was sharing user data with law firms that handle personal injury lawsuits. Although the company said they informed users, it provided this info in a separate “collection notice” and users couldn’t use the app unless they opted in.
Why The Study Matters
“Mobile health apps are a booming market targeted at both patients and health professionals,” the authors write. “These apps claim to offer tailored and cost-effective health promotion, but they pose unprecedented risk to consumers’ privacy given their ability to collect user data, including sensitive information.”
In the study, 38 percent of apps shared a user’s email, 25 percent shared the list of drugs a user was taking, 17 percent shared users’ medical conditions, and 4 percent shared the name of their doctor, their current mood (happy, sad, anxious), and the location of their favorite pharmacy.
Although apps don’t collect or sell “personally identifiable” information, like a person’s name, the aggregation of large amounts of data by some companies means that people could be “easily and uniquely identified, if not by name,” the authors write.
They add that “privacy regulation” should hold “those who control and process user data” accountable and that developers should allow users to pick and choose exactly what data of theirs gets shared. But a legal overall like that is likely years away.
What Should Care Providers Do?
For your own app usage, you should be “conscious of privacy risks,” the authors conclude. For your patients, when you “recommend apps,” be sure to “explain the potential for loss of privacy as part of informed consent.”
Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis, British Medical Journal.
Last updated on 10/1/19.