Are Fitness Apps Fit for Privacy Protection? | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Are Fitness Apps Fit for Privacy Protection?

September 28, 2016
by William A. Tanenbaum and Lourdes M. Turrecha, Arent Fox LLP
| Reprints

Healthcare professionals who are in a position to recommend the use of fitness apps need to be aware that patients’ personal data can be used in ways that HIPAA would prohibit and that will surprise patients who are trying to be smart about fitness in a smartphone world. 

The privacy and security requirements of HIPAA, the Health Information Privacy Protection Act, do not apply to fitness app data, which is similar to regulated health data. The exceptions are where regulated health data is collected through an app by a healthcare provider, healthcare clearinghouse or health plan, or the app company is a statutory business associate of one of them. Because these exceptions are infrequent, healthcare professionals and consumers must look to a specific fitness app’s privacy policy to determine which type of data is private as well as the converse—which and how much personal information is disclosed to and used by third parties.   

However, the percentage of fitness apps that have privacy policies is in fact less than the percentage of the so-called “top apps” in all categories that have such policies, according to a recent study,  “The Future of Privacy Forum’s August 2016 Mobile Apps Study.”  The difference is noteworthy, because fitness apps by their nature collect information that is more intimate and sensitive than the information collected by general apps.  According to this study, 76 percent of the top apps have a privacy policy while only 70 percent of fitness apps do.  Thirty percent of fitness apps have no privacy policy at all. 

This article analyzes the risk factors under the privacy policies of 70 percent of the fitness apps that do have some type of privacy policy. We identify the red flags that arise under the policies and make recommendations for selecting a fitness app to maximize privacy protection. 

The Customer is Not the User

Webinar

How Enterprise-Wide Communications Platforms are Transforming Clinical Workflows

In this webinar, leading healthcare market strategist Gregg Malkary of Spyglass Consulting shares important findings gleaned from the new whitepaper, "How Enterprise-Wide Communications Platforms...

The consumer is the user, not the customer of the app company.  The customer is the advertiser.  The user provides data that the app sells to advertisers to generate revenue. This business model goes a long way to understanding the limitations on privacy protection, especially with free apps. 

What Fitness Data is Collected and Therefore at Risk?

Fitness data includes a wide range of data, including:  (1) archetypal personal data provided by the user, such as name and address; (2) fitness and health-related data provided by the user, such as height, weight, and fitness activities; (3) information collected by the app during use; (4) information shared through the app’s social media component; (4) information measured by sensors on the mobile device, such as heart rate;  (5) information provided by the mobile device itself, such as geolocations; (6) aggregated data from the above; (7) behavior tracking data prepared by third party analytics firms; and (8) user data collected by advertisers during use.  “Behavior tracking” is a set of online techniques used to collect and interpret the fitness app user activity as they use apps, visit websites, and engage in other Internet activity.  Advertising and marketing agencies use behavior tracking to tailor advertisements for specific users.  

Privacy Polices Available at App Store vs. Only Within the App

Users can read some privacy policies in the app store listing page before the app is downloaded.  Others are available only within the app itself, which means that the privacy policy can be read and assessed only after it is downloaded.  The inference is that an in-app only policy will be less protective.  Significantly, according to the FPF Study, 71 percent of the top apps have policies accessible from the app store while only 61 percent of fitness app privacy policies are available there. 

Long vs. Short Privacy Policies

Perhaps counterintuitively, longer privacy policies are most often less protective of privacy than are shorter ones.  Long policies generally protect the app developer more than the user.  The length is driven by the need to explain all the ways in which the user’s information will be used and give and get notice and consent to third party use.

Free vs. Paid Apps

Free apps rely more on advertising for revenue than do paid apps. Paid apps receive revenue from direct payments from users, and thus have less need for ad revenue. The more detailed the information about their users that free apps provide, the more attractive the apps’ fitness data is to advertisers. Accordingly, in almost all cases, free apps collect more personal information than do paid apps because the business model of the free apps requires collecting information and selling it. 

Research conducted for the Privacy Rights Clearinghouse and reported in the “Technical Analysis of Data Practices and Privacy Risks of 43 Popular Mobile Health and Fitness Applications” (the “Technical Analysis”) found that compared with the 45 percent of paid fitness apps, 75 percent of the free apps use behavior tracking, often by multiple analytics services. It also found that most free apps and half of the paid apps sent user data to as many as five different third party analytics sites, often within minutes after the user begins using the app.

HTTP vs. HTTPS

“HTTP” means “Hyper Text Transfer Protocol”—the Internet protocol used to send between a user’s browser and the website to which he or she is connecting.  In “HTTPS,” the “S” stands for secure, and “secure” means encrypted.  HTTPS is an example of the use of “SSL,” or “Secure Socket Layer,” a technology that encrypts data so that it cannot be read while in transit.  In contrast, data transferred over plain HTTP is transmitted in the “clear.”  As an example, an HTTP transfer allows third parties with access to the data in transit to see the website the user is looking at or the behavioral analytics generated by the fitness app.   The encryption vs. non-encryption issues apply whether the app is a free or paid app.

According to the technical analysis, only 6 percent of the free apps and only 15 percent of the paid apps sent behavior tracking information to third party analytics services using HTTPS or some other form of encrypted SSL connections.  Thus at least 85 percent—a high percentage indeed—of such data about app users is sent in unprotected form using only HTTP whether a fee or paid app is used.

Key Conclusions

What fitness app should you choose? Even without reading a privacy policy, the following factors indicate the apps likely to provide stronger privacy protection:

(1) A short privacy policy, not a long one;

(2) A paid app, not a free app; and

(3) A privacy policy available on the app store’s listing page, and not only after downloading. 

These factors can be used to balance the benefits of a fitness app against a broad use of personal fitness data by companies other than the app company.  

William A. Tanenbaum is the co-head of technology transactions group at the law firm of Arent Fox LLP and the leader of the firm’s healthcare IT practice. Lourdes M. Turrecha is a privacy attorney at the firm.


2018 Raleigh Health IT Summit

Renowned leaders in U.S. and North American healthcare gather throughout the year to present important information and share insights at the Healthcare Informatics Health IT Summits.

September 27 - 28, 2018 | Raleigh


/article/mobile/are-fitness-apps-fit-privacy-protection
/news-item/mobile/humana-taps-new-fitbit-connected-platform-its-members

Humana Taps New Fitbit Connected Platform for its Members

September 24, 2018
by Rajiv Leventhal, Managing Editor
| Reprints

Fitbit and Humana are expanding their partnership to help members adopt and implement healthy behaviors to help prevent and manage chronic conditions, officials from both companies announced last week.

Humana has selected Fitbit Care, a connected health platform for health plans, employers, and health systems that combines health coaching and virtual care through the new Fitbit Plus app. The new solution will now be the preferred health coaching solution for Humana’s employer group segment.

Through this partnership, which has been ongoing for about five years, officials noted, more than 5 million Humana members will have the potential to access Fitbit wellness solutions or health coaching.

The Fitbit Care health coaching solution combines Fitbit’s 11 years of experience helping consumers make meaningful behavior changes with the clinical knowhow of Twine Health, a coaching platform Fitbit acquired in early 2018. Coaches work with participants to create personalized care plans and connect with members through multiple channels that include in-app communications, phone and in-person meetings, giving people the flexibility to choose what works best with their lifestyle.

Humana, meanwhile, serves members through a comprehensive range of wellness programs and capabilities, such as Go365 and the Humana Employee Assistance Program (EAP), with the goal to help employers control rising costs related to worker health, such as increased healthcare consumption and lost productivity. Fitbit Care is the latest aspect of this endeavor.

“With healthcare costs and rates of chronic disease increasing, there is a clear need for innovative tools and services to help people make the lifestyle and behavior changes necessary to reverse this trend,” said Adam Pellegrini, general manager, Fitbit Health Solutions. “Expanding our partnership with Humana allows us to accelerate our common goal of helping more people get and stay healthy, and I'm confident that together we can help drive better health outcomes.”

Added Jeff Reid, Humana’s senior vice president of wellness solutions, “By adding Fitbit Care’s new health coaching capabilities, we can offer even more personalized, meaningful support to our members who are focused on specific health goals, such as smoking cessation or weight loss, or the management or prevention of chronic condition.”

More From Healthcare Informatics

/blogs/david-levin/who-will-watch-apple-watch

Who Will Watch the Apple Watch?

| Reprints
Designing and deploying devices like the Apple Watch Series 4 is the easy part. The hard part is building systems of care that actually improve health based on the information supplied by technology.

Years ago, when I was a medical student, one of my mentors regularly told us to order a test on a patient only if we knew how the result would change the plan of care. This was his way of teaching us the difference between data and actionable information. I was reminded of this foundational wisdom as I read reports and was interviewed about the new Apple Watch Series 4 (AW4) with fall-detection and electrical heart-rate sensor capabilities. It’s clear AW4 will generate new data. It’s less clear how that data can be harnessed to improve health outcomes in the real world.

Health IT has been “Data-Rich, Information Poor” (DRIP) for decades. It’s essential that data from devices like AW4 be turned into useful, actionable information. So, hoping to gain additional insights on some possible practical applications of AW4, I called up my old friend and colleague Deepak Talreja, M.D., F.A.C.C., a practicing interventional cardiologist and experienced medical informaticist.

There is exciting potential in devices like AW4. They represent a significant step on the journey towards the Internet of Things (IoT) for healthcare. As Talreja noted, “Similar innovations have already reached the marketplace—with step-counting and biometrics of ‘Fitbit’-type wearable devices, CardioMEMS™ for heart failure, and the Alivecor Kardia portable phone peripheral that also offers an optional e-cardiology ‘over-read’ for an additional monthly fee.”

Talreja and I agree that the widespread deployment of a diverse array of devices that connect, communicate and collaborate to promote better health is inevitable. While this vision is full of promise for the long run, it will face many challenges and limitations in the near term. Ultimately the “Iron Triad” of people, process, and technology will determine the success of these efforts so, it’s worth thinking about AW4 from this perspective.

“The competition between consumer-driven wearables and medical-grade devices will test the limits of HIPAA privacy laws, medical-provider and subspecialist access, the willingness of providers to evaluate nontraditional data streams both during scheduled visits and after hours, and medicolegal laws and precedents,” Talreja said. For devices like AW4, he concluded, “One key will be to ferret out what measurables are both useful and interpretable by consumers.”

They will also test the reimbursement system since someone will have to cover the cost of all of this. The devices aren’t free. Providers are rightly reluctant to give their services away. It is unclear at this time who will pay for the device or services. Sure, some patients will pay out of pocket, but that’s not a scalable or sustainable approach.

The Limits of Technology

It’s important to be precise about capabilities when it comes to functions like electrocardiogram (ECG) production and analysis. AW4 is FDA-cleared to identify normal heart rhythms or signs of Atrial Fibrillation (AFib). Essentially, AW4 can tell if you are “fine” or should "get this checked out.” Also, it does not address other important, common and lethal cardiac arrhythmias like Ventricular Fibrillation.

AFib itself can be benign or lethal. Analysis based on the available FDA data suggests AW4 will have a positive predictive value of around 45 percent. This means more than half the time the ECG app flags a problem, it will be wrong. Throw in the expectation that the population of AW4 owners is likely to skew towards younger and healthier and the number of false positives will be even higher.

This raises the real possibility of needlessly scaring a lot of people and wastefully taxing an already overburdened healthcare system. Based on his experience with remote monitoring and consumer devices, Talreja points to theimportant implications of increasing utilization of primary care and subspecialty medical services, additional medical testing, and emergency room and urgent care visits by anxious patients who in some cases will be responding to monitoring artifacts.”

Interoperability with the rest of the health IT ecosystem is another big challenge. AW4 “interoperability” appears to be limited to production of a PDF. This will be highly limiting and potentially counter-productive. How will that PDF flow into the system of care in a timely and reliable manner? EHRs (electronic health records) are already overstuffed with PDFs which can be hard to find and are unstructured. Will this PDF be one more “needle” in that “haystack”? And who, exactly, is supposed to read and act upon these reports?

People and Process: Who is Watching the Watch?

It does no good to have devices like AW4 generating data if we don’t know what to do with it or don’t have processes in place to reliably respond. Designing and deploying devices like AW4 is the easy part. Building the systems of care that can act upon the information they supply will be much harder and essential if they are to have a significant impact on health.

And, this is a consumer-facing device so an effective system of care is highly likely to include the patient, their family, other caregivers in addition to traditional healthcare providers. It will not be easy to sort this all out into a reliable, scalable system. AW4’s fall-detection function provides an excellent window into these kinds of people and process challenges.

The AW4 app can detect when the wearer has fallen and send an alert. I’m a member of the sandwich generation. The idea that I could support my elderly mom in her efforts to live independently and safely by having her watch tell me if she has “fallen and can’t get up” is appealing.

But I have concerns about process and making the info actionable. What if I am out of range, busy, asleep or incapacitated in some way? Who is “watching the watch” and able to act if I can’t?  Those concerns are magnified if there are issues with sensitivity, specificity or if the device is prone to user error. There are also very basic “people” questions like, “Will Mom consistently wear the watch?”

The Cure for DRIP: A Population Health – AI Mash-up   

Talreja believes it’s feasible to build “a reliable, scalable and useful IoT for healthcare out of devices like AW4, but this will ultimately require a combination of population health and advanced analytics.” He’s right. As the number and variety of devices grows, the tidal wave of data they generate will have to be filtered for human consumption and action. If we don’t, we will just make DRIP worse.

For patients, there is the promise of AI-assisted interpretation and decision support that empowers them to better sort out what’s going on and what they should do. For providers, it is the promise of automated monitoring and notification—air traffic control as it were—to help them find and focus on the individual patients with serious problems. The addition of automated protocols for routine care will further reduce the burden on human providers while advanced decision support will assist them in dealing with complex situations even more effectively.

The Best Day or the Worst?

As several others have noted, upon hearing about the AW4, Ethan Weiss, M.D., a University of California, San Francisco cardiologist, tweeted, “I can’t figure out whether today is the best day in the history of Cardiology or the worst.” Talreja and I agree the answer to Dr. Weiss’s question is “Yes.” It will be some of both. Eventually, a well-designed IoT for healthcare comprised of many such devices will be a boon to better heath at lower cost. However, the combination of limited functionality, weak interoperability, low positive predictive value and lack of well-defined care process points to a rocky start and limited benefits at first.

Achieving meaningful success will be a challenge with many ups and downs and frequent reminders that turning data into actionable information requires serious attention to people, process and technology. Otherwise, it’s just more DRIP, DRIP, DRIP.

Dave Levin, M.D., has been a physician executive and entrepreneur for more than 30 years. He is a former Chief Medical Information Officer for the Cleveland Clinic and serves in a variety of leadership and advisory roles for health IT companies, health systems and investors. You can follow him @DaveLevinMD or email DaveLevinMD@gmail.com.

Deepak R. Talreja, M.D., F.A.C.C. is a practicing interventional cardiologist and medical informaticist. You can follow email him at  talreja@yahoo.com.

Related Insights For: Mobile

/article/mobile/apple-s-launch-ecg-device-digital-health-leaders-cardiologists-see-possibilities-and

With Apple’s Launch of an ECG Device, Digital Health Leaders, Cardiologists See Possibilities, and Limitations

September 18, 2018
by Heather Landi, Associate Editor
| Reprints
Click To View Gallery

Tech giant Apple made a splash last Wednesday, September 12, when it unveiled its new Series 4 Apple Watch with advanced heart tracking capabilities, including an electrocardiogram (ECG) function, as well as fall detection capabilities.

The ECG sensor, and the software that supports it, received clearance from the U.S. Food and Drug Administration (FDA) on September 11. Apple’s development of an ECG app within the Apple Watch is notable as it signifies Apple’s intention of transitioning its smartwatch from just a consumer device to a medical device. What’s more, many healthcare industry leaders have noted that Apple’s efforts to get FDA clearance points to the scope of its investment in the digital health space.

During Apple’s annual fall product event in Cupertino, California last week, in announcing the new Series 4 Apple Watch, Jeff Williams, Apple’s chief operating officer, said it is the “first-ever ECG app offered directly to consumers.”

However, it is not the first over-the-counter ECG device to get FDA clearance. Mountain View, California-based AliveCor, an artificial intelligence company that develops personal electrocardiogram technology, received FDA clearance in November 2017 for its KardiaBand, a medical-grade device accessory for Apple Watch. According to the company, KardiaBand can record an ECG in 30 seconds and can detect abnormal heart rhythms. AliveCor also released machine-learning software called SmartRhythm, which continuously analyzes data from the watch’s built-in heart-rate sensor and accelerometer to spot unexpected patterns.

While KardiaBand is an add-on accessory to the Apple Watch, the new ECG app announced by Apple is built into a consumer product.

Webinar

How Enterprise-Wide Communications Platforms are Transforming Clinical Workflows

In this webinar, leading healthcare market strategist Gregg Malkary of Spyglass Consulting shares important findings gleaned from the new whitepaper, "How Enterprise-Wide Communications Platforms...

According to Apple’s press release, the Apple Watch Series 4 enables customers to take an ECG reading right from the wrist using the new ECG app, which takes advantage of the electrodes built into the digital crown and new electrical heart rate sensor in the back crystal. With the app, users touch the digital crown and after 30 seconds, receive a heart rhythm classification.

The app can classify if the heart is beating in a normal pattern or whether there are signs of atrial fibrillation (AFib), a heart condition that could lead to major health complications, according to Apple. According to a STAT article, based on a review of a study of the new device that Apple submitted to the FDA, the heart monitoring app can accurately detect that a person has an irregular heart rhythm 99 percent of the time.

The heart sensor features and ECG app are a gamechanger for how consumers can track their health, says Daniel Kivatinos, chief operating officer and co-founder of Sunnyvale, Calif.-based DrChrono, an electronic health record (EHR) vendor. The company launched the first EHR platform for the iPad, iPhone and Apple Watch and is part of Apple’s Mobility Partner Program.

Many digital health and clinical leaders see Apple’s development of an ECG app built into a consumer device as a significant step on the journey towards the Internet of Things for healthcare, while also voicing a healthy dose of skepticism.

“We are inevitably on a course where there will be widespread deployment of a diverse array of devices that connect, communicate and collaborate for healthcare,” says Dave Levin, M.D., chief medical officer at Sansoro Health and former chief medical information officer (CMIO) for Cleveland Clinic. Levin also currently serves in a variety of leadership and advisory roles for healthcare IT companies, health systems and investors. “It’s an important step forward and full of promise in the long run, but likely to have many challenges and limitations in the near term,” he adds.

Sharing his thoughts on Apple’s ECG app, Sanket Dhruva, M.D., attending cardiologist at the San Francisco VA Health Care System and assistant professor of medicine, UCSF School of Medicine, says, “The detection of patients who have atrial fibrillation through the ECG feature of the Apple Watch is an important technological feat. We can expect an explosion of continuous data and more diagnoses of atrial fibrillation that would previously have been undetected.”

Joon Sup Lee, M.D., an interventional cardiologist and co-director of the UPMC Heart and Vascular Institute at the Pittsburgh-based UPMC Health System, notes that similar heart monitoring devices have been available, but have not been as integrated. “Obviously, this really changes the scenario given Apple’s size, market share and their overall power. It’s really the beginning, in the sense in that I think there will be many more monitoring abilities and services that will continuously come out to the technology market, but this represents a big step forward,” notes Lee, who also is the chief of the cardiology division of the University of Pittsburgh School of Medicine.

Lee adds, “Like most technological advances, it raises some very fascinating possibilities for the medical field, but a host of still unanswered questions.” From a healthcare provider perspective, the ECG app will generate a significant amount of data, Lee notes, “and exactly how good the software will be between distinguishing a worrisome rhythm, versus a false alarm, I think that remains to be answered. Obviously, Apple has a good idea of how accurate it is, but most of us haven’t seen it.” He adds, “[The ECG app] has the ability to both generate increased concern, but also it can catch potentially worrisome episodes that might have otherwise not been caught.”

Potential Limitations and Integration Challenges

One particular concern among cardiologists is whether use of the ECG app will lead to false positives or false negatives, and a potential increase in unnecessary healthcare utilization. On September 12, when Apple announced the ECG app, Ethan Weiss, M.D., a cardiologist with the University of California, San Francisco, tweeted in response: "I can’t figure out whether today is the best day in the history of cardiology or the worst."

Lee sees the potential for use of the ECG app to increase utilization of medical resources, in the short term. “It’s something that we should be aware of, that it may actually lead to increased utilization of medical resources from a societal standpoint and from an insurer and government payers’ standpoint, because it would detect things both real, and inevitably, there will be some false alarms.”

Dhurva notes that while the ECG app is a technological innovation, “the clinical implications are less certain.” “Currently, most people with atrial fibrillation are diagnosed through symptoms or heart rhythm monitors that are interpreted by cardiologists. Most of these people have risk factors for stroke and, therefore, are prescribed blood-thinning medications (aspirin or anticoagulants) to reduce their stroke risk. But with the Apple Watch, many people will diagnose themselves with brief periods of atrial fibrillation that they would not have otherwise noticed. We do not know if people with brief atrial fibrillation will benefit from these blood-thinning medications. It’s likely that the early detection will reduce stroke risk for some patients – which will be great. However, others may be placed on blood-thinners and suffer from bleeding risk to which they would not otherwise have been exposed.”

He also adds, “And I would not discount the stress and anxiety that people may feel from having an abnormal heart rhythm – even if it is not clinically significant—and being on blood thinners, which could lead them to curtail heart-healthy activities like vigorous exercise.”

Levin notes that, at least on paper, the detection capabilities of Apple’s ECG app are limited. “It is FDA cleared to identify normal heart rhythms or signs of AFib. Essentially the watch can tell the patient either ‘you are fine’ or ‘you should get this checked out for possible AFib.’ This may be useful but is also very limited. AFib can be benign or lethal. We don’t know the sensitivity and specificity of this device, but presumably they are not that great so there will be false negatives and false positives. The device does not address other important, common and lethal cardiac arrhythmias like ventricular fibrillation (VFib),” he says.

In addition, the ECG app platform is not currently linked to any EHR systems, and Levin notes that the lack of interoperability could be a major barrier to effective use.

According to Apple, the Series 4 Apple Watch offers a feature that enables consumers to export their heart monitoring data, in a PDF format, to their physicians. Kivatinos says this feature significantly changes the dialogue between providers and patients and enable doctors to gain valuable insights about their patients.

Levin has a more skeptical view: “This will be highly limiting. How will that PDF flow into the system of care in a timely and reliable manner? EHR’s are already overstuffed with PDFs which can be hard to find and are unstructured. Will this PDF be one more ‘needle’ in that ‘haystack’?”

As with other patient-generated data, Lee notes that healthcare provider organizations will need to develop new protocols to integrate the heart monitoring data into their EHRs. “If everybody with one of these suddenly starts sending PDFs to emergency rooms, that could cause a resource utilization issue.”

Beyond technical integrations, healthcare providers will need to have processes in place to make the heart monitoring data actionable, Levin notes. “Designing and deploying these kinds of devices is the easy part. Building the systems of care that can act upon the information they will supply will be much harder and essential if they are to have a significant impact on health.”

Taking in all of these factors, Levin says, “The combination of limited functionality, little interoperability, undefined sensitivity and specificity and lack of well-defined care process points to a rocky start and limited benefit.”

However, with the rapid pace of digital health innovation and growing use of consumer and clinical health devices, healthcare provider organizations are increasingly seeing the need to integrate patient-generated health data into clinical processes. According to Lee, future efforts will focus on "smarter" software and advanced solutions to not only collect all this data from consumers but also more efficiently cull through the data, pull out the most important and most useful medical data, and then incorporate it into the EHR.


See more on Mobile