Previous Story
NHS backed health app could put users’ privacy at risk
Posted On Sep 25 2015
Comment: Off
It is now estimated that one and a half billion smartphone users have a health app installed and this number is set to treble in the next three years.
They investigated how data was protected in the NHS Health Apps Library and identified that unencrypted personal and medical data was sent over the internet.
The study found that “70 transmitted data over the internet and 38 had a specific privacy policy that did not state what information would be sent”.
The apps were assessed over a six-month period by inputting simulated information, tracking the handling of this information and looking at how this agreed with any associated privacy policies. “Accreditation programs should, as a minimum, provide consistent and reliable warnings about possible threats and, ideally, require publishers to rectify vulnerabilities before apps are released”.
Kit Huckvale, lead researcher for the project, told the Press Association that it is “known that apps available through general marketplaces had poor and variable privacy practices, for example, failing to disclose personal data collected and sent to a third party”.
As part of the review process, all the apps endorsed on the website must “comply with the Data Protection Act to make sure they hold and use your information appropriately”.
“Four apps sent both identifying and health information without encryption”, said the study.
Mr Huckvale said the most of the data the apps gathered and shared was about a person’s phone or their identity, with only a handful collecting information about the health of users.
The study looked at 79 NHS apps, all created to help people live healthier lives by exercising more and cutting out or cutting back on things like alcohol and tobacco.
NHS Choices said the apps on the NHS Health Apps Library had been reviewed following the concerns and were found to be clinically safe and compliant with the Data Protection Act.
The results of the study are published in the open access journal BMC Medicine.
This is an issue that needs to be addressed by regulators, the report concluded, as data security concerns could put some users off using these apps, despite their clinical value.
One such programme is the UK’s National Health System (NHS) Health Apps Library, which is a curated list of apps for patient and public use.
“We were made aware of some issues with some of the featured apps and took action to either remove them or contact the developers to insist they were updated”.
NHS England told the BBC that numerous worst offending apps have been removed and the service is launching a “new, more thorough NHS endorsement model for apps”.
