Health Apps Sell User Data

Discussion in 'HardForum Tech News' started by AlphaAtlas, Mar 21, 2019.

  1. AlphaAtlas

    AlphaAtlas [H]ard|Gawd Staff Member

    Messages:
    1,713
    Joined:
    Mar 3, 2018
    A recent study from the BMJ found that many popular health apps share more data with advertisers than they probably should. The researchers analyzed 24 Android apps with scripts that simulate real world usage, and found that 19 of them shared potentially sensitive user data with 55 "unique entities." 14 of the apps transmitted the data over an unencrypted connection. The researchers stressed that the entities collecting the data not only have the ability to aggregate it with user information from other sources, but that they turn around and sell this information to other 3rd parties, which represents a huge potential privacy violation.

    Sharing of user data is routine, yet far from transparent. Clinicians should be conscious of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy as part of informed consent. Privacy regulation should emphasise the accountabilities of those who control and process user data. Developers should disclose all data sharing practices and allow users to choose precisely what data are shared and with whom.
     
  2. thenapalm

    thenapalm Limp Gawd

    Messages:
    413
    Joined:
    Dec 6, 2001
    Duuuuuuuuuuuuuuuuuh.
     
    YeuEmMaiMai and AceGoober like this.
  3. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,987
    Joined:
    Nov 15, 2016
    you know.. its a real MYSTERY.. how all those free apps make money

    :rolleyes:
     
    Laowai and AceGoober like this.
  4. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,141
    Joined:
    Sep 13, 2008
    Well to be fair some ppl atually make free softwar out of their good heart.
    My project mercury is free
    Keepass is free
    etc
    and non of them contains spying.

    but yeah its definitely in the low end.
     
    Baenwort likes this.
  5. vegeta535

    vegeta535 2[H]4U

    Messages:
    3,322
    Joined:
    Jul 19, 2013
    What doesn't sell your info? If it is free them you are damn sure it is collecting data. You should expected paid ones to also do it.
     
  6. Armenius

    Armenius I Drive Myself to the [H]ospital

    Messages:
    19,063
    Joined:
    Jan 28, 2014
    HIPAA needs to be expanded to apply to things like this. Sharing health information unauthorized comes with some very serious penalties in the health care and health insurance industries. HIPAA needs to apply to anyone dealing with or handling PHI.
     
    GSDragoon, Hruodgar and AlphaQup like this.
  7. TordanGow

    TordanGow [H]ard|Gawd

    Messages:
    1,287
    Joined:
    May 25, 2015
  8. gdonovan

    gdonovan [H]ard|Gawd

    Messages:
    1,815
    Joined:
    Oct 7, 2004
    People are stupid.

    Just assume every app on the droid and apple platforms are selling your information and take steps to not use them or block as much as possible.
     
    Last edited: Mar 21, 2019
    Laowai, AlphaQup and Armenius like this.
  9. zkostik

    zkostik Gawd

    Messages:
    929
    Joined:
    Sep 17, 2009
    AFAIK these are not considered *real* health apps and their data isn't accepted/used by doctors. I don't think HIPAA can apply to these, thought it probably should if it does collect any meaningful info that can be linked to a person.
     
  10. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,676
    Joined:
    Dec 15, 2003

    Seems the big players have made steps to be HIPAA compliant.

    https://healthitsecurity.com/news/how-does-hipaa-apply-to-wearable-health-technology

    Says it doesn't have to be HIPAA for "personal use." You'd think that the transfer of the data to servers outside of your control would make it require compliance.

    I'm sure all these apps have a nice waiver in their ToS anyways. That's another thing our government needs to tackle, ToS contracts.
     
    Baenwort, AceGoober and zkostik like this.
  11. Fresch

    Fresch n00b

    Messages:
    41
    Joined:
    Mar 14, 2018
    You do know when you sign you release your info. under HIPPA to anyone in the health related fields, cops, government,
     
  12. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,440
    Joined:
    Jul 11, 2005
    Lol every single one is drug related. That's a very concerning pattern right there. Glad to say none of them overlap with me. These seem like drug apps, not health apps. I'd adjust the title of I were you.
     
  13. RanceJustice

    RanceJustice [H]ardness Supreme

    Messages:
    6,033
    Joined:
    Jun 9, 2003
    This is absolutely it, but except for those of us in the healthcare field the general populace is not aware of this. Don't get me wrong there are issues with HIPAA itself that need to be worked out, but the average person thinks "Well, these apps and the companies behind them claim they care about our privacy and since its health data they can't do anything unscrupulous with it, can they?". Of course the actual situation is that none of these apps or services claim they control real personal health information, are for personal wellness and amusement only, and generally have the obtuse TOS/EULA that most apps do that comes to 'We own your first born progeny ripped from the womb with a buzzsaw if we so choose, if you decide to install, create an account with, or use our app!". Some of them have even used really, really shifty justifications , such as 23AndMe and one of the other Ancestry sites starting to claim to do all kinds of health related tests, but instead continue to claim that their lab is for novelty/ancestry (and flawed as THAT is for a number of reasons) uses in the fine print. Of course, since it isn't PHI - legally defined personal and private health information, the kind of thing that is handled between doctors, pharmacists, legit labs etc.. that is regulated under HIPAA - they can pretty much do whatever they want with the data, in perpetuity.

    There is great potential in data-driven personal health initiatives but the benefits of it will only be truly present - and more importantly, harm avoided - if we refocus the entire ideology of access and usage of health information. ALL of this data should be treated as PHI and even "voluntary" collection via app should be restricted under HIPAA and beyond, lest advertisers, insurance companies, or anyone else try to monetize the data or use it for their benefit. We need to revisit the notion of privacy entirely and reclaim it for the digital age, but health information is certainly an important place to start. There is a LOT of changes that need to be made structurally in terms of healthcare in this country (implementing a single-payer, public, universal healthcare program is a good start), without which technology and big data will not only fail to live up to their potential to improve our health but instead could be overall harmful, if not regulated so that they serve the best interests of the individual patient exclusively.
     
    zkostik likes this.
  14. Laowai

    Laowai Gawd

    Messages:
    534
    Joined:
    Aug 9, 2018
    I was with you until you mentioned single-payer as some kind of positive. I will agree that our healthcare system needs some work but single-payer certainly is not the answer. Unless of course, your question is..."How do we fuck up healthcare for everybody in the States?"
     
  15. MyNameIsAlex

    MyNameIsAlex Limp Gawd

    Messages:
    313
    Joined:
    Mar 10, 2019
    the old news is figuring out when a guy is going to be hungry, and targeting him with food ads at a certain time etc

    In 5 years the phone will have smell-o-receptors built in and if you walk past the smell of food or a resturant you will get targeted ads for food,
     
  16. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,141
    Joined:
    Sep 13, 2008

    There is no money in protection ppl
    There is tons of money in protecting companies.
    not gonna happen :(