Health Apps are Sharing User Data and Aren’t Covered by HIPAA Laws

Health apps have begun to boom as users want to track various aspects of their health. Many are designed to encourage healthier living or to help with various health issues. Because of that, users are storing a great deal of private health-related information. However, many of these apps are also secretly sharing the information these apps collect with third parties without getting consent from the users. To make matters worse, these apps aren’t admitting to this policy. Most would consider this a HIPAA violation as their personal health information is being shared with third parties without the consent of the user. However, this isn’t the case. Read on to find out more.

A recent investigation by the Wall Street Journal found that the period tracking app, Flo, was sharing user’s period dates and pregnancy plans with Facebook. Other reports found that apps had been sharing user’s health information with advertising companies.

A new study by the journal JAMA Network Open, researchers studied health apps that dealt with depression and smoking cessation. They found that 33 of the 36 tested apps shared user data. This data would be able to give advertisers deep insights into user’s personal lives and health.

To make matters worse, half of the tested health apps didn’t disclose this sharing of private data to users. This data could be used to help advertisers better target customers. If you are using a health app to help you quit smoking, you could suddenly see ads for smoking cessation treatment.

The unfortunate side of this is that health app developers aren’t reimbursed by insurance companies for patients using their product. So they are left with either advertising or selling user data to make money. That’s how free apps work. If you can’t sell the app, you either show ads to the user or you sell the data the app collects to others.

Many health apps aren’t covered under HIPAA regulations

Because most of these apps aren’t created by Covered Entities or Business Associates, they aren’t under the HIPAA umbrella. These are developed by separate entities that have no connection to healthcare. Most of these are considered “Wellness apps”.

In addition, because patients are putting their own information into the apps, they are disclosing it themselves. Most health apps are under no obligation or protect the privacy of the data they collect.

This is often a shock to many end users since the common misunderstanding about HIPAA is that it protects your healthcare information no matter where it is.

The bigger issue is whether these apps are informing users about this data sharing with third parties. The recent study found that half were not. This is alarming because it means that users won’t know where their data is and who is using it.

When you start giving your private information to an app on your mobile device, remember that you don’t know where it’s going to end up. Think twice if it’s that important to you if you are storing especially sensitive data.