The study, titled “Commercial health apps: in the user’s interest?“, looked at 24 popular health apps. Of the 24, it was found that 19 of them shared user data with other companies. These third parties included Facebook, Google and Amazon. It also stands that these big tech players could easily sell on the data to other companies, without the user of the app being aware that this has happened. The security issue raises new concerns about who owns personal data – the company that owns the app or the user of the app?
Who owns health data?
There are many people or entities who could claim ownership over a patient’s medical information. Does the physician own it? The medical institution? Some third party? The complexity arises between ownership of information belonging to either the individual or the company who created the means to obtain the information.
The complexity arises because some countries and indeed most states in U.S. do not have law to confer specific ownership of medical data to patients.
Questions of data ownership and what happens to the data are important, given the ever growing popularity of health apps. In a Rock Health survey, 90 percent of respondents reported using at least one digital health tool; this was an increase from 80 percent from the preceding 12 month period.
The new research looked at apps developed for the Android mobile platform and which are commercially available in the U.K., U.S., Canada and Australia.
The study, led by Quinn Grundy at the University of Toronto, and published in the BMJ throws out a further concern given that health data was shared despite statements from the developers that they do not collect personally identifiable information. However, the medical researchers showed that data could be traced back and hence users could be easily identified by piecing together data trails or metadata (‘data about data’), like the user’s Android phone’s unique address.
The study recommends that doctors should be warning their patients about the threat to their privacy from using such health apps and that government regulators need to consider that loss of privacy is not a fair cost for the use of digital health services.
