Last week we were hit with a Mobi Health News announcement: Less than a third of popular health apps have privacy policies, according to a study published in the Journal of the American Medical Informatics Association on August 21, 2014. In the study, titled “Availability and quality of mobile health app privacy policies,” authors Dr. Ali Sunyaev and Dr. Kenneth Mandl write, “Of the 600 most commonly used apps, only 183 (30.5%) had privacy policies.”
“Currently, mHealth developers often fail to provide app privacy policies,” they wrote. “The privacy policies that are available do not make information privacy practices transparent to users, require college-level literacy, and are often not focused on the app itself. Further research is warranted to address why privacy policies are often absent, opaque, or irrelevant, and to find a remedy.”
This is concerning given the current explosion of consumer-facing mobile health apps – there are over 35,000 mHealth apps available for iOS and Android. And the discussion on Mobi Health News in response to the recent announcement again brings up that Elephant in the room: Where is the intersection of health and medicine? When does the nimble world of health app development cross over into the creaky and highly regulated world of medical information gathering and storing, a world where privacy, security, and HIPAA concerns result in million dollar fines?
We caught up with lead investigators Ali Sunyaev, PhD, (a Professor of Management, Economics, and Social Sciences at the University of Cologne in Cologne, Germany) and Boston local Kenneth Mandl, MD, MPH (the Director of the Intelligent Health Laboratory at the Boston Children’s Hospital Informatics Program and Professor at Harvard Medical School) to get their take on this high-stakes problem.
Drs. Sunyaev and Mandl are light-hearted about the issue at first. They both chuckle, saying that despite their research, they’ve used health and fitness apps that have poor privacy policies. Dr. Sunyaev often uses a running activity tracker that shows distance, time and calories expended. Dr. Mandl reports that he used the Fitbit for 6 weeks, but then stopped. But Dr. Mandl isn’t as concerned about fitness apps that gather steps taken, steps climbed, and calories burned. The big concern, he says, centers on the lack of appropriate privacy policies for apps that deal with chronic disease and medication adherence.
In their study, Drs. Sunyaev and Mandl found that on average, the privacy policies that did exist in 30.5% of the most popular mHealth apps on the market were long and hard to read. The average length of a policy was 1,750 words and the average reading level was 16th grade, which means policies were often only understandable to someone with a college senior’s level of education or above (and let’s be honest, even with my M.D. I find that I don’t understand many of the privacy policies I’ve seen).
My passion is healthcare optimization, whether that is with innovation, making scientific discoveries, or improving delivery. I love bringing people and ideas together and making projects work. With this, medicine exists to improve lives, and I will strive to always help patients and those around me.
Send this to a friend