Some clinically-accredited smartphone health apps may be sending unencrypted personal and health information, putting the privacy of users at risk, a new study has found.
It is currently estimated that one and a half billion smartphone users have a health app installed and this number is set to treble in the next three years.
One quarter of US adults have reported using one or more health apps and a third of physicians have recommended an app to a patient.
One such programme is the UK’s National Health System (NHS) Health Apps Library, which is a curated list of apps for patient and public use.
Registered apps undergo an appraisal process that examines clinical safety and compliance with data protection law.
Researchers from Imperial College London, UK, and Ecole Polytechnique CNRS, France, reviewed 79 apps that were listed on the UK NHS Health Apps Library in July 2013.
The apps covered health areas such as weight loss, alcohol harm reduction, smoking cessation and long-term condition self-care.
The apps were assessed over a six-month period by inputting simulated information, tracking the handling of this information, and looking at how this agreed with any associated privacy policies.
Of the apps reviewed, it was found that 70 of them transmitted information to online services and 23 of those sent identifying information over the internet without encryption.
Of the 38 apps that had a privacy policy and transmitted information, the privacy policy did not state what personal information would be included in the transmissions.
Four apps were found to be sending both identifying and health information without encryption.
“Our study suggests that the privacy of users of accredited apps may have been unnecessarily put at risk, and challenges claims of trustworthiness offered by the current national accreditation scheme being run through the NHS,” said lead researcher Kit Huckvale, from Imperial College London.
“The results of the study provide an opportunity for action to address these concerns, and minimise the risk of a future privacy breach,” said Huckvale.
The study was published in the journal BMC Medicine.
It is currently estimated that one and a half billion smartphone users have a health app installed and this number is set to treble in the next three years.
One quarter of US adults have reported using one or more health apps and a third of physicians have recommended an app to a patient.
Also Read
As a way of reassuring users about the quality and safety of health apps, several app accreditation programmes have been launched.
One such programme is the UK’s National Health System (NHS) Health Apps Library, which is a curated list of apps for patient and public use.
Registered apps undergo an appraisal process that examines clinical safety and compliance with data protection law.
Researchers from Imperial College London, UK, and Ecole Polytechnique CNRS, France, reviewed 79 apps that were listed on the UK NHS Health Apps Library in July 2013.
The apps covered health areas such as weight loss, alcohol harm reduction, smoking cessation and long-term condition self-care.
The apps were assessed over a six-month period by inputting simulated information, tracking the handling of this information, and looking at how this agreed with any associated privacy policies.
Of the apps reviewed, it was found that 70 of them transmitted information to online services and 23 of those sent identifying information over the internet without encryption.
Of the 38 apps that had a privacy policy and transmitted information, the privacy policy did not state what personal information would be included in the transmissions.
Four apps were found to be sending both identifying and health information without encryption.
“Our study suggests that the privacy of users of accredited apps may have been unnecessarily put at risk, and challenges claims of trustworthiness offered by the current national accreditation scheme being run through the NHS,” said lead researcher Kit Huckvale, from Imperial College London.
“The results of the study provide an opportunity for action to address these concerns, and minimise the risk of a future privacy breach,” said Huckvale.
The study was published in the journal BMC Medicine.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%