Skip to content Skip to navigation

Study: Popular Mobile Health Apps Carry Considerable Privacy Risks

July 19, 2013
by Rajiv Leventhal
| Reprints

Many of the most popular mobile health and fitness apps (both free and paid) carry considerable privacy risks for users—and the privacy policies for those apps that have policies do not describe those risks, according to a new study from the Privacy Rights Clearinghouse.

For the study, Privacy Rights Clearinghouse evaluated 43 popular health and fitness apps from both a consumer and technical perspective. Consumers should not assume any of their data is private in the mobile app environment—even health data that they consider sensitive.  Users must weigh the benefits of the service with the realistic possibility that they are revealing information about their health not only to the app developer or publisher but also to third parties, the report concluded.

Of the free apps reviewed, just under half (43 percent) provided a link to a website privacy policy. Of the sites that posted a privacy policy, only about half were accurate in describing the app's technical processes.

Other key findings included:

  • Many apps send data in the clear—unencrypted—without user knowledge.
  • Many apps connect to several third-party sites without user knowledge.
  • Unencrypted connections potentially expose sensitive and embarrassing data to everyone on a network.
  • Nearly three-fourths, or 72 percent of the apps assessed presented medium (32 percent) to high (40 percent) risk regarding personal privacy.
  • The apps which presented the lowest privacy risk to users were paid apps.  This is primarily due to the fact that they don't rely solely on advertising to make money, which means the data is less likely to be available to other parties.


CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.