Healthcare apps have become a crucial part of our daily lives, providing an easy and convenient way to track our health and wellness progress. But have you ever stopped to think about who might be accessing your personal health information (PHI) when you use a health app?
Despite strict regulations like the Health Insurance Portability and Accountability Act (HIPAA), some loopholes put your healthcare data at risk. The consequences of these risks—data breaches, cyber-attacks, unauthorised access to sensitive information by advertisers and other malicious activities—are far-reaching and can range from identity theft to medical fraud.
In this article, we uncover shocking truths about how health apps use your PHI. Let’s dive in.
The potential dangers of healthcare apps
Healthcare apps have transformed how we take charge of your health and well-being, offering a sleek and user-friendly experience to monitor your progress. However, the vast amounts of health data these apps collect are a treasure trove for unethical activities.
While advertisers can use this information and create targeted ads to manipulate you into buying products you don’t need, the risks go far beyond annoying ads. Hackers can use your PHI for identity theft, insurance fraud and phishing scams, risking your personal and financial security.
In some cases, the consequences of a data breach can be life-threatening, as medical data can be manipulated or misinterpreted. But how do hackers get a hold of your PHI?
Loopholes in health companies’ privacy regulations
In the era of fast-growing digital health innovation, many healthcare companies struggle with privacy practices. This has led to various loopholes, making it easier for companies to misuse sensitive health data. These companies aren’t necessarily breaking the law but operate in a grey area where regulations haven’t kept up with advancements in technology.
For example, in the US, HIPAA governs how health data is collected and used by healthcare providers. However, it doesn’t strictly apply to many direct-to-consumer apps that provide health information. This lack of regulation makes it easier for companies to collect, store and use health data without adequate privacy protections.
How do health apps share data?
Health apps you rely on for your daily health management aren’t always as trustworthy as you think. Recent cases of health app data breaches have brought to light the extent of data sharing that takes place behind the scenes.
From big tech companies like Facebook and Google receiving health information from hospital websites to mental health apps sharing data with unlisted third parties, there’s a growing concern over the mishandling of your sensitive PHI.
While the shared data may not directly identify you, it often includes a string of numbers called an “identifier” linked to your devices and keywords from the content you visit. This information, along with other data points, could be pieced together by data collectors—brokers or ad companies—to build a profile of your health concerns and behaviours.
An investigation conducted by The Washington Post revealed several popular android health apps like Drugs.com Medication Guide, WebMD: Symptom Checker and Period Calendar Period Tracker sharing information, including user identifiers and keywords such as ‘herpes’, ‘HIV’ and ‘depression’ with advertisers. These companies claim that the data transmitted is not sensitive and ads are relevant to the content, but privacy experts say otherwise.
Adtech companies like ID5 and Equativ, which received data from these health apps, claim that their job is to identify customers, not to know who they are. But, this identification is often used to put consumers into ‘interest categories’, enabling advertisers to target people with specific health concerns or conditions.
Therefore, you must be aware of the extent of data sharing, taking place behind the scenes in health apps, and consider the potential consequences of using these apps.
Responsibility of digital health companies
With healthcare data fetching up to $250 in the black market, it’s a lucrative opportunity for cybercriminals. But more than that, it’s a matter of trust and privacy. Imagine a world where your PHI is secure and not used for commercial gain. It starts with companies adopting strong security measures—data encryption and access control.
Healthcare apps must also be transparent about their data practices, giving you control over your information. But that’s not all. Ethical considerations play a crucial role too. Companies must prioritise the protection of sensitive health data and not use it for revenue purposes. It’s a delicate balance, but one that is necessary to create a trustworthy digital health ecosystem.
How can you protect your healthcare data?
You must understand the privacy policies of these apps and the potential trade-offs of sharing your data. Before uploading any sensitive information, you must read the terms and conditions to know how your PHI will be used and shared. You can limit the information shared by not linking the app to social media or Google accounts during sign-in and declining extra data-sharing permissions.
You can also reset your Android Ad ID or tighten your phone’s privacy settings to further protect your PHI. You must proactively protect your health data, as small bits of information can be combined to reveal much about your life.
Parting words
It’s critical for both individuals and digital health companies to prioritise the protection of PHI. This information is not only sensitive but can have a significant impact on your life if it falls into the wrong hands.
For now, we can only work together as users, digital health companies and regulators to ensure that our sensitive health information remains safe and secure. By taking control of our health data, we empower ourselves to protect our privacy and make informed choices about our health and wellness.
What do you think? Let us know in the comments.
