Home » News » mHealth Apps & Privacy Policies: What Next?

mHealth Apps & Privacy Policies: What Next?


Dr. Ali Sunyaev recently published a study with his colleague Dr. Kenneth Mandl about the privacy policies – or the lack thereof – of the world’s most popular mHealth apps. Photo provided.

Last week we were hit with a Mobi Health News announcement: Less than a third of popular health apps have privacy policies, according to a study published in the Journal of the American Medical Informatics Association on August 21, 2014. In the study, titled “Availability and quality of mobile health app privacy policies,” authors Dr. Ali Sunyaev and Dr. Kenneth Mandl write, “Of the 600 most commonly used apps, only 183 (30.5%) had privacy policies.”

“Currently, mHealth developers often fail to provide app privacy policies,” they wrote. “The privacy policies that are available do not make information privacy practices transparent to users, require college-level literacy, and are often not focused on the app itself. Further research is warranted to address why privacy policies are often absent, opaque, or irrelevant, and to find a remedy.”

This is concerning given the current explosion of consumer-facing mobile health apps – there are over 35,000 mHealth apps available for iOS and Android. And the discussion on Mobi Health News in response to the recent announcement again brings up that Elephant in the room: Where is the intersection of health and medicine? When does the nimble world of health app development cross over into the creaky and highly regulated world of medical information gathering and storing, a world where privacy, security, and HIPAA concerns result in million dollar fines?

We caught up with lead investigators Ali Sunyaev, PhD, (a Professor of Management, Economics, and Social Sciences at the University of Cologne in Cologne, Germany) and Boston local Kenneth Mandl, MD, MPH (the Director of the Intelligent Health Laboratory at the Boston Children’s Hospital Informatics Program and Professor at Harvard Medical School) to get their take on this high-stakes problem.

Drs. Sunyaev and Mandl are light-hearted about the issue at first. They both chuckle, saying that despite their research, they’ve used health and fitness apps that have poor privacy policies. Dr. Sunyaev often uses a running activity tracker that shows distance, time and calories expended. Dr. Mandl reports that he used the Fitbit for 6 weeks, but then stopped. But Dr. Mandl isn’t as concerned about fitness apps that gather steps taken, steps climbed, and calories burned. The big concern, he says, centers on the lack of appropriate privacy policies for apps that deal with chronic disease and medication adherence.


Dr. Kenneth Mandl is the Director of the Intelligent Health Laboratory at the Boston Children’s Hospital Informatics Program.

After giving my “Physicians and Social Media: What Practices Should Know” talk this week at the Massachusetts Medical Society and surveying the crowd, it’s clear that privacy, security, and HIPAA continue to be hot topics with strong emotion attached to them. When chatting with non-clinical colleagues, I’ve found that some of us are very comfortable with de-identifying our medical data for the greater good – for large scale, inexpensive, and quickly executed medical data analyses and learning. But others want to keep their information private. Dr. Sunyaev acknowledges the division of attitudes. “Some don’t care, but many do. Having an easy to understand, easy to find, and transparent privacy policy could be very important in building trust in many people who want to use apps but currently don’t.”

In their study, Drs. Sunyaev and Mandl found that on average, the privacy policies that did exist in 30.5% of the most popular mHealth apps on the market were long and hard to read. The average length of a policy was 1,750 words and the average reading level was 16th grade, which means policies were often only understandable to someone with a college senior’s level of education or above (and let’s be honest, even with my M.D. I find that I don’t understand many of the privacy policies I’ve seen).

Where should we be looking for viable privacy policy solutions, then? Dr. Sunyaev points to EBay’s privacy policies as a promising approach to a potential solution – offering a short version of the policy with pictures, and a longer detailed version for those who want to learn more. Dr. Mandl feels that Apple’s stringent developer requirements for partnering with HealthKit are also a good move in the right direction.

Jennifer M. Joe, MD

Jennifer M. Joe, MD

    My passion is healthcare optimization, whether that is with innovation, making scientific discoveries, or improving delivery. I love bringing people and ideas together and making projects work. With this, medicine exists to improve lives, and I will strive to always help patients and those around me.

    Similar posts

    1 Comment

      Follow us!

      Send this to a friend