Privacy Issues in Medical Apps

Much of the focus on privacy and apps has been on the unknowing collection of location information.  Medical apps, while useful to patients, such as provding medication reminders and tracking prescriptions, have their own set of privacy concerns.

Unless the app provider is a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)  there is a likelihood that the information you provide to the app, as well as any information the app collects on its own, will be sold.  HIPAA covered entities include health care providers, health care clearinghouses and health care plans.  Application developers, even if they are providing medical apps, are not HIPAA covered entities.

HIPAA covered entities have stringent laws protecting how your health data is secured and disclosed.  Since app developers are not covered entities there is no clear law as to how the information the apps collect about you is secured or how application developer, or anyone else, may use it.

In some ways, this is similar to the privacy issues that arise when you use your credit card to purchase your prescriptions from your pharmacist.  While the pharmacy is a HIPAA covered entity, your privacy protections with credit card company is governed under the Graham-Leach-Bliley Act (GLB).  GLB allows the disclosure of your transaction information among all of the credit card companies “affiliated entities.”  So, while the pharmacy can’t leverage your health care information, your credit card provider can.

While medical apps may be very useful, with regards to privacy they should be used at your own risk.