Do you use an app to help you count steps? Or does your company offer an app to monitor your health?
Nearly every facet of our lives can be tracked now, but they can be detrimental to your privacy. Some health apps are reevaluating their relationships with Facebook FB, +0.28% after a Wall Street Journal report revealed they send sensitive personal details to the social media platform without users knowing, underscoring the privacy risks with such apps.
HIPAA regulations that require patient-doctor confidentiality do not apply to wearable devices or the data they collect, making any device or app that monitors health information risky.
At least four apps the WSJ contacted as part of its reporting cut off transmission of sensitive data to Facebook. “The apps that made the change include Flo Health Inc.’s Flo Period & Ovulation Tracker and Azumio Inc.’s Instant Heart Rate: HR Monitor,” it reported.
“It’s common for developers to share information with a wide range of platforms for advertising and analytics,” a Facebook spokeswoman told MarketWatch. “We require the other app developers to be clear with their users about the information they are sharing with us, and we prohibit app developers from sending us sensitive data.”
Many fitness apps can access GPS to track a user’s jogging and cycling routes and can store that data and potentially share it with third parties, marketing firms, and advertisers. They may also be able to collect and sell data on users’ fitness level, heart rate, and fertility, the WSJ report showed.
Facebook said it’s telling the apps highlighted in coverage to stop sending it data and will work with regulators in states where there are such concerns. “We also take steps to detect and remove data that should not be shared with us. All that being said, we look forward to assisting Governor Cuomo and the relevant officials in New York State,” the Facebook spokeswoman said.
This kind of data could end up costing you more than your privacy if it’s sold to insurance companies, said Ray Walsh, privacy expert at BestVPN.com. Under the Affordable Care Act, insurers can no longer deny coverage to those with preexisting conditions or charge a higher premium to people who lead more unhealthy lifestyles, but there is still a risk of policy choices being made based on this information
“Fitness apps can deduce a lot about a person’s fitness levels and wellness,” he said. “That data is valuable because it could be used to ascertain whether someone is eligible for life insurance, or a risk to insurers,” he said. “For this reason, fitness tracking data could, in theory, be used to allow firms to form unduly prejudiced decisions against the people that use them.”
Health Insurance Portability and Accountability Act (HIPAA) regulations that require patient-doctor confidentiality do not apply to wearable devices or the data they collect, making any device or app that monitors health information risky, said Mark Weinstein, privacy advocate and founder of social media site MeWe.
“Here’s the reality of life as a wearable device owner — there’s no doctor/patient privacy or patient privacy or any privacy, for that matter,” he said. “Monitoring yourself with a fitness tracking app that is collecting data is like publishing your own medical autobiography online. These neat little devices are hard to resist, but I will admire fitness tracking apps from afar.”
What’s more, tracking health data may not always be so reliable. In fact, bioethicists said in a January study many health apps pose potential health risks, with unreliable research to report their efficacy and little regulatory oversight.
Tracking health data may not always be so reliable. Some bioethicists say many health apps pose potential health risks, with unreliable research to report their efficacy and little regulatory oversight.
The “neurotechnologies” industry is worth close to $3 billion, the study published by the University of Pennsylvania School of Medicine said. This includes apps that purport to diagnose mental states, improve cognition, or “read” one’s emotional state. It suggested better oversight on such products including a working group responsible for surveying direct-to-consumer neurotechnologies, which are currently under the jurisdiction of the Federal Trade Commission.
“With thousands of health and wellness apps and devices, oversight is ill-suited to monitor and regulate the industry effectively,” the report said.
Although the revelations that health apps send data to Facebook have sparked backlash from consumer groups, such practices are perfectly legal, noted Francis Dinha, chief executive officer of privacy company of OpenVPN. Generally such practices are clearly outlined in the terms of service and privacy policies of these platforms.
“This particular situation wasn’t the result of a hack or external attack. Rather, it was the apps themselves sending personal information to Facebook,” Dinha said.
“We take users’ privacy and data security extremely seriously, which is why Flo has never sold any data point to Facebook as well as we never used sensitive data from Facebook Analytics for advertisement,” Flo spokeswoman Kate Romanovskaia told MarketWatch. “We utilized Facebook Analytics tool, as many other apps do, for us to ensure our app offers the best experience for our users.”
“We also adhere to all legislation around data privacy and security,” she added. “As a precaution, we have deleted the Facebook SDK from the app and have requested to delete all user data from Facebook Analytics. We will also be conducting a comprehensive data privacy external audit and would encourage any user with concerns to contact us via our dedicated email [email protected]”
By downloading an app, however, a user often consents to their data being shared. This is the kind of fine print users should be on the lookout for, Walsh said. People should avoid using Facebook or Google accounts to connect with an app and, instead, start a new account with an email address and password, he added.
Even if you feel confident that they are popular and trusted, always read their conditions closely, just as you would any form you sign in the doctor’s office. “Start by make sure you read the terms and conditions before hitting ‘agree,’” Dinha said. “Otherwise, you might be signing away your right to that data privacy without knowing it. Additionally, make sure you research an app before you download. Do they have a reliable reputation?”