Medical apps & privacy: where are we?

September 24, 2019 | Devin Morrissey

picture of an iphone

Image Source: Unsplash

Finding a new health-related app that tracks symptoms, increases self-care behaviors, or offers disease-specific education can be exciting for consumers. However, many apps share information with a host of other companies for marketing purposes. Often, these companies have nothing to do with healthcare and are not even  businesses the individual uses. This knowledge can be scary when you consider the number of cybercriminals who are looking to gain access to critical patient data.

Knowing the risks apps create may leave you looking for a checklist to protect health-related data for those using apps to increase overall health and wellness. The good news is that it is possible to keep the data safe. The not-so-good news is that consumers need to do their homework to understand better what information is vulnerable to hackers and how to keep their health details safe, which can be a challenging skill to teach.

Emergence of app-based health

It’s no secret that the healthcare industry has been slower than others to adopt technological advancements. For years, healthcare administrators and providers weighed the pros and cons of electronic health records. Today, the mobile health app market has pushed healthcare to embrace technology more rapidly. In 2018, there were over 300,000 health apps available to consumers. Health apps assist consumers with everything from medications, to diet and exercise, to pregnancy tips for expectant mothers.

Healthcare apps often teach consumers self-care behaviors that can keep them out of the hospital. Most apps are easy to use and provide the content the user needs instantly. Apps can also provide information to users that keeps them safe, such as notifying consumers of flu outbreaks in their city so that they can take the necessary precautions. Consumers can store information in apps that can be shared with doctors, nurses, and other providers who can help with health concerns. Health apps can even increase access to preventive and acute health services through appointments with qualified medical and mental health providers.

Teaching HIPAA privacy and security

One of the first things we must teach consumers is the difference between the HIPAA privacy and security rules. When HIPAA was first established, electronic health data was just emerging. Today, health-related data is stored on computers, tablets, phones, and in cloud-based electronic storage.

Health information privacy is related to the disclosure of patient data. Health security is focused on things like encryption and passwords that safeguard a person’s electronic health data. Both of these practices are critical to keeping information entered into apps safe. A few of the vulnerabilities lie with what companies consider covered entities and what truly constitutes an unlawful disclosure of information.

Protecting consumers

The trickiest aspect of health-related apps is that it can be challenging to know what is shared with other companies. Education on the dangers of downloading email attachments from strangers is everywhere. However, training on the risks of apps and other online searches isn’t as common. Even search engine giant Google made security changes so that users feel more secure when using their products.

Consumers must know that apps can contain viruses and malware. They can also steal personal information such as your contacts or passwords.  Here are a few strategies consumers should be taught to keep themselves and their health data safe.

Downloading security software

Most of us have software on our computers to keep us safe from malicious sites. However, not many people realize that it’s critical to download this on your phone, too. Essential security software can scan apps for anything that looks suspicious. More advanced software can even backup all of your data. This software goes for anything from free to up to about $40 a year.

Researching the app and developers

Consumers must understand that choosing health apps requires more than just picking one that gives you the tips, tricks, or information you need. It’s critical to select apps that keep you safe and don’t require protected health information to access the app.

It’s also important that they research the developer of the app by searching their name in the app store to see what other apps they’ve created. Pay attention to how long they’ve been developing health apps, and if they have any reputable associations with academic medical organizations or institutions. If the developers have no experience with health-related apps and no association with a reliable source, this is a red flag, and the consumer should keep searching.

Understanding permissions

When you download an app, it will ask for permissions. Many ask for more permissions than they really need. Consumers should understand what each of these permissions means and what data will be accessed. Here are a few to consider:

  • Device calls: This is often required by an app so that you can pause the application to get a phone call.
  • Location: Location permission is frequently requested so that marketing ads can be targeted to your area.
  • Personal information: Social media-based apps will likely ask for this type of permission so that they can access contacts to reach your friends.

Keep consumers safe into the future

Teaching consumers these skills can be challenging. However, it’s essential that healthcare professionals strive to safeguard patient’s data. Use this information to teach consumers you interact with how to understand permissions, research app developers, and take the necessary steps to identify malware before their data is vulnerable. Doing so will protect consumers and foster trust between all stakeholders involved.

Devin Morrissey

About the Author: Devin Morrissey

Devin prides himself on being a jack of all trades; his career trajectory is more a zigzag than an obvious trend, just the way he likes it. He pops up across the Pacific Northwest, though never in one place for long. You can follow him more reliably on Twitter.

Read more posts from Devin Morrissey ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial