mHealth App Use: Is Data Truly Protected?

One of the reasons why consumers, healthcare providers, investors, the government and others have been slow to adopt mobile health applications and software (apps), are concerns about the privacy and security of data collected through the apps. For instance, Appthority, a service provider that offers an app risk management solution, recently reported that the iPharmacy Drug Guide and Pill ID app “is playing fast and loose with your personal info.” iPharmacy is a free app that allows consumers to maintain a personal health record on their prescription drugs, look up information on a drug, provide reminders, and maintain pharmacy discount cards. Appthority found that while the app description states that it encrypts personal information, it only uses a common encoding scheme and does not protect user info when the consumer searches for information about a drug through the app. Appthority also claims that the app sends personal information to advertising networks. Another example of a legitimate privacy and security concern relates to cloud storage. Many mHealth apps collect physiological data through sensors affixed to the body, store the data in the cloud, and provide the data to a physician or other provider. If the cloud storage vendor does not provide adequate security protections, the provider could be implicated as a party to the app’s use. mHealth apps offer tremendous opportunities to advance a more sophisticated and connected healthcare environment – but the modes of connection need to be solid from a data protection perspective. Good risk management is key.