Software Integrity

 

Medical app users: How safe is your personal information?

I recently attended the MobCon Digital Health conference in downtown Minneapolis, which highlighted the healthcare hot topic: mobile digital health. The sessions I attended ranged from FDA representative Bakul Patel’s on FDA’s classification of mobile apps to PhysIQ and the Mayo Clinic’s combined talk about remote care platform opportunities and challenges.

While these sessions focused primarily on how personalized medicine is evolving to help treat individuals more quickly and cost effectively, mobile app security and privacy was consistently addressed as well—either as a planned topic or as a question from the audience. The common questions asked where, “Who owns the data?” “Who has access to the data?” and “How can patients protect themselves?”

These concerns are validated by the following eye-opening statistics:

  • One third of mobile medical apps have no privacy policy.
  • One third of mobile medical apps share data.
  • One third of mobile medical apps do not use encryption.

What does this mean to medical app users?

As a consumer, you should understand that when you provide information to utilize mobile medical apps, you may be handing over control of your private health data. The control is lost through one or more of the statistics provided above. Without a privacy policy, the company does not have to keep your data private, and they may even actively share it. The last statistic is alarming because encryption, which in the medical space should be a must-have before going to market, is missing from a large portion of apps. The impact is that, when you download a medical app, there is a significant probability that your data can be used for purposes you may not be aware of.

One example of how digital health information may be abused is the story of Henrietta Lacks and her immortal cells. Henrietta’s cells were taken by a doctor without her consent and handed off to a lab where they were cultured. 50 years later, her cells are still being used, profiting individuals and companies, all without her consent. While digital health is not quite the same, this exemplifies how data can be used indefinitely.

Another way the personal data you submit through a mobile application can be used (without your consent) is to link your biologic information to a potential medical disease. This creates ethical issues similar to those of genetic testing and 23andme. For example, should genetic testing results be communicated to you? If so, how should it be presented? What if you didn’t want to know if you were trending towards something that may not happen?

The solution

One start-up firm at the conference stated thirty percent of their technology budget was targeted at security and privacy. This is far more cost effective than addressing it later. This particular startup views security as the next barrier to entry in the market. They are planning for security to be a competitive advantage that will keep competitors away from their market share.

Security as an enabler of digital health is the approach we should all be taking. This will benefit patients as well as those companies providing products and services for patient care.