Health Apps Sell User Data

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
A recent study from the BMJ found that many popular health apps share more data with advertisers than they probably should. The researchers analyzed 24 Android apps with scripts that simulate real world usage, and found that 19 of them shared potentially sensitive user data with 55 "unique entities." 14 of the apps transmitted the data over an unencrypted connection. The researchers stressed that the entities collecting the data not only have the ability to aggregate it with user information from other sources, but that they turn around and sell this information to other 3rd parties, which represents a huge potential privacy violation.

Sharing of user data is routine, yet far from transparent. Clinicians should be conscious of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy as part of informed consent. Privacy regulation should emphasise the accountabilities of those who control and process user data. Developers should disclose all data sharing practices and allow users to choose precisely what data are shared and with whom.
 

SvenBent

2[H]4U
Joined
Sep 13, 2008
Messages
3,166
you know.. its a real MYSTERY.. how all those free apps make money

:rolleyes:
Well to be fair some ppl atually make free softwar out of their good heart.
My project mercury is free
Keepass is free
etc
and non of them contains spying.

but yeah its definitely in the low end.
 

vegeta535

2[H]4U
Joined
Jul 19, 2013
Messages
3,845
What doesn't sell your info? If it is free them you are damn sure it is collecting data. You should expected paid ones to also do it.
 

Armenius

Fully [H]
Joined
Jan 28, 2014
Messages
21,405
HIPAA needs to be expanded to apply to things like this. Sharing health information unauthorized comes with some very serious penalties in the health care and health insurance industries. HIPAA needs to apply to anyone dealing with or handling PHI.
 

gdonovan

[H]ard|Gawd
Joined
Oct 7, 2004
Messages
1,817
People are stupid.

Just assume every app on the droid and apple platforms are selling your information and take steps to not use them or block as much as possible.
 
Last edited:

zkostik

Gawd
Joined
Sep 17, 2009
Messages
929
HIPAA needs to be expanded to apply to things like this. Sharing health information unauthorized comes with some very serious penalties in the health care and health insurance industries. HIPAA needs to apply to anyone dealing with or handling PHI.
AFAIK these are not considered *real* health apps and their data isn't accepted/used by doctors. I don't think HIPAA can apply to these, thought it probably should if it does collect any meaningful info that can be linked to a person.
 

Spidey329

[H]F Junkie
Joined
Dec 15, 2003
Messages
8,682
AFAIK these are not considered *real* health apps and their data isn't accepted/used by doctors. I don't think HIPAA can apply to these, thought it probably should if it does collect any meaningful info that can be linked to a person.

Seems the big players have made steps to be HIPAA compliant.

https://healthitsecurity.com/news/how-does-hipaa-apply-to-wearable-health-technology

Says it doesn't have to be HIPAA for "personal use." You'd think that the transfer of the data to servers outside of your control would make it require compliance.

I'm sure all these apps have a nice waiver in their ToS anyways. That's another thing our government needs to tackle, ToS contracts.
 

Fresch

n00b
Joined
Mar 14, 2018
Messages
41
You do know when you sign you release your info. under HIPPA to anyone in the health related fields, cops, government,
 

BloodyIron

2[H]4U
Joined
Jul 11, 2005
Messages
3,439
Lol every single one is drug related. That's a very concerning pattern right there. Glad to say none of them overlap with me. These seem like drug apps, not health apps. I'd adjust the title of I were you.
 

RanceJustice

Supreme [H]ardness
Joined
Jun 9, 2003
Messages
5,800
AFAIK these are not considered *real* health apps and their data isn't accepted/used by doctors. I don't think HIPAA can apply to these, thought it probably should if it does collect any meaningful info that can be linked to a person.
This is absolutely it, but except for those of us in the healthcare field the general populace is not aware of this. Don't get me wrong there are issues with HIPAA itself that need to be worked out, but the average person thinks "Well, these apps and the companies behind them claim they care about our privacy and since its health data they can't do anything unscrupulous with it, can they?". Of course the actual situation is that none of these apps or services claim they control real personal health information, are for personal wellness and amusement only, and generally have the obtuse TOS/EULA that most apps do that comes to 'We own your first born progeny ripped from the womb with a buzzsaw if we so choose, if you decide to install, create an account with, or use our app!". Some of them have even used really, really shifty justifications , such as 23AndMe and one of the other Ancestry sites starting to claim to do all kinds of health related tests, but instead continue to claim that their lab is for novelty/ancestry (and flawed as THAT is for a number of reasons) uses in the fine print. Of course, since it isn't PHI - legally defined personal and private health information, the kind of thing that is handled between doctors, pharmacists, legit labs etc.. that is regulated under HIPAA - they can pretty much do whatever they want with the data, in perpetuity.

There is great potential in data-driven personal health initiatives but the benefits of it will only be truly present - and more importantly, harm avoided - if we refocus the entire ideology of access and usage of health information. ALL of this data should be treated as PHI and even "voluntary" collection via app should be restricted under HIPAA and beyond, lest advertisers, insurance companies, or anyone else try to monetize the data or use it for their benefit. We need to revisit the notion of privacy entirely and reclaim it for the digital age, but health information is certainly an important place to start. There is a LOT of changes that need to be made structurally in terms of healthcare in this country (implementing a single-payer, public, universal healthcare program is a good start), without which technology and big data will not only fail to live up to their potential to improve our health but instead could be overall harmful, if not regulated so that they serve the best interests of the individual patient exclusively.
 

Laowai

Gawd
Joined
Aug 9, 2018
Messages
534
This is absolutely it, but except for those of us in the healthcare field the general populace is not aware of this. Don't get me wrong there are issues with HIPAA itself that need to be worked out, but the average person thinks "Well, these apps and the companies behind them claim they care about our privacy and since its health data they can't do anything unscrupulous with it, can they?". Of course the actual situation is that none of these apps or services claim they control real personal health information, are for personal wellness and amusement only, and generally have the obtuse TOS/EULA that most apps do that comes to 'We own your first born progeny ripped from the womb with a buzzsaw if we so choose, if you decide to install, create an account with, or use our app!". Some of them have even used really, really shifty justifications , such as 23AndMe and one of the other Ancestry sites starting to claim to do all kinds of health related tests, but instead continue to claim that their lab is for novelty/ancestry (and flawed as THAT is for a number of reasons) uses in the fine print. Of course, since it isn't PHI - legally defined personal and private health information, the kind of thing that is handled between doctors, pharmacists, legit labs etc.. that is regulated under HIPAA - they can pretty much do whatever they want with the data, in perpetuity.

There is great potential in data-driven personal health initiatives but the benefits of it will only be truly present - and more importantly, harm avoided - if we refocus the entire ideology of access and usage of health information. ALL of this data should be treated as PHI and even "voluntary" collection via app should be restricted under HIPAA and beyond, lest advertisers, insurance companies, or anyone else try to monetize the data or use it for their benefit. We need to revisit the notion of privacy entirely and reclaim it for the digital age, but health information is certainly an important place to start. There is a LOT of changes that need to be made structurally in terms of healthcare in this country (implementing a single-payer, public, universal healthcare program is a good start), without which technology and big data will not only fail to live up to their potential to improve our health but instead could be overall harmful, if not regulated so that they serve the best interests of the individual patient exclusively.
I was with you until you mentioned single-payer as some kind of positive. I will agree that our healthcare system needs some work but single-payer certainly is not the answer. Unless of course, your question is..."How do we fuck up healthcare for everybody in the States?"
 

MyNameIsAlex

Limp Gawd
Joined
Mar 10, 2019
Messages
313
the old news is figuring out when a guy is going to be hungry, and targeting him with food ads at a certain time etc

In 5 years the phone will have smell-o-receptors built in and if you walk past the smell of food or a resturant you will get targeted ads for food,
 

SvenBent

2[H]4U
Joined
Sep 13, 2008
Messages
3,166
Seems the big players have made steps to be HIPAA compliant.

https://healthitsecurity.com/news/how-does-hipaa-apply-to-wearable-health-technology

Says it doesn't have to be HIPAA for "personal use." You'd think that the transfer of the data to servers outside of your control would make it require compliance.

I'm sure all these apps have a nice waiver in their ToS anyways. That's another thing our government needs to tackle, ToS contracts.

There is no money in protection ppl
There is tons of money in protecting companies.
not gonna happen :(
 
Top