TL; DR: Consumers need to play an active role in their cyber-health and fight for health data ownership whenever possible. You are safest when you own and control your health data.
The old wild west may be long over, but a new one has just begun as COVID-19 caused a flood of users into the digital health marketplace. While health apps can be regulated to some degree by the companies that sell them, there are still a host of other potential risks outside of their control. A recent analysis of 100 health apps from around the globe, including COVID-tracking apps, and found 71% having at least one high level security vulnerability. Consumers are concerned, and have every right to be. As privacy concerns grow, there continues to be a gap in education, leaving users unaware of the risks and unable to even ask the right questions when deciding which apps to share their precious health data with.
There is a myriad of evidence suggesting that health apps can have numerous health benefits, but part of the trade off is inputting your personal health information, which has the potential to be hacked, and used by organizations that collect data for a variety of purposes (e.g., targeted advertising). Essentially, stolen health data can be used for unregulated health research, such as creating profiles that organizations could use to discriminate people in a variety of scenarios such as employment, insurance, and criminal justice for example. More often, this tends to affect marginalized groups to a greater degree (Callier & Fullerton, 2020).
You are not alone in this fight, as there are regulatory bodies and state regulations that may mitigate some privacy concerns, such as the European Union’s General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) respectively. However, innovation in digital health is outpacing the regulatory bodies that are trying to keep consumers safe. As a result, all users need to take their privacy and security into their own hands, become more cyber-conscious, and make informed decisions.
The challenges ahead for consumer protection:
Assessing user interfaces and privacy policies are more tricky, as they are more complex and less objective, especially on the policy side. Experts are urging for a more detailed rubric for policy assessment so policies can be equally assessed across each other (i.e., comparing apples to apples).
Securing data aside, researchers also caution how much data is being collected on each user. This could make your data more likely to be targeted as the more data points you have on a user, the more lucrative it becomes to third party companies.
There is still a long way to go, and a scale or scoring system that can measure the criteria objectively, and include some legal basis for evaluation is desperately needed by this growing ecosystem. Another recent review (Galvin & DeMuro, 2020) also suggests the need for an organization that acts on behalf of the users best interest, a ‘healthcare fiduciary’ of sorts.
Consumers are taking an interest and demanding more
Overall, it seems that most people have concerns surrounding privacy of their data (Zhou et al., 2019). Regarding security features, users also seemed to prefer regular password updates, remote wipe, user consent, and access control. Interestingly, it appears that most of these concerns do not vary by demographic variables, save for example some older cohorts (age 50-65 years) that might be more concerned about privacy of their data. All this to say, everyone to a significant degree seems to be concerned about health information privacy, whether you are a Gen Z or a baby boomer.
In sum, users indicated that the cost of downloading these apps, and a lack of security features were the biggest barriers to adoption. Overall, this research suggests that app designers may want to consider having a free download (and generate revenue from other sources), effective and accessible security features, and easy to understand privacy policies to increase downloads of their apps. Essentially, app designers should take a Privacy by Design approach, which is a globally recognized standard that embeds privacy in every step of the engineering process.
What can consumers do to protect themselves?
If you still are unsure if you want to share your personal information, do some more research. Read up on the company and ensure they have health care professionals, engineers, and scientists working together to build holistic and safe digital health solutions.
For the most part, perception does match reality, as users are concerned about the privacy issues that digital health companies are working to solve. In this climate, consumers need to play an active role in their cyber-health and fight for health data ownership whenever possible. You are safest when you own and control your health data.
Benjumea, J., Ropero, J., Rivera-Romero, O., Dorronzoro-Zubiete, E., & Carrasco, A. (2020). Privacy assessment in mobile health apps: scoping review. JMIR mHealth and uHealth, 8(7), e18868.
Callier, S., & Fullerton, S. M. (2020). Diversity and Inclusion in Unregulated mHealth Research: Addressing the Risks. The Journal of Law, Medicine & Ethics, 48(1_suppl), 115-121.
Galvin, H. K., & DeMuro, P. R. (2020). Developments in Privacy and Data Ownership in Mobile Health Technologies, 2016-2019. Yearbook of Medical Informatics, 29(1), 32.
Zhou, L., Bao, J., Watzlaf, V., & Parmanto, B. (2019). Barriers to and Facilitators of the Use of Mobile Health Apps From a Security Perspective: Mixed-Methods Study JMIR Mhealth Uhealth 2019;7(4):e11223.