Some clinically-accredited health apps may be failing to meet data protection regulations, new research suggests.
The international researchers, led by Imperial College London, reviewed 79 apps that were listed on the UK NHS Health Apps Library (a curated list of apps for patient and public use) for six months. The apps covered health areas such as weight loss, alcohol harm reduction, smoking cessation and long-term condition self-care.
It revealed that 70 of the apps transmitted information to online services and 23 of those sent identifying information over the internet without encryption, moreover 38 of the apps had an unclear privacy policy and four were found to be sending both identifying and health information without encryption.
Responding to the results Kit Huckvale, study author, said: “Our study suggests that the privacy of users of accredited apps may have been unnecessarily put at risk, and challenges claims of trustworthiness offered by the current national accreditation scheme being run through the NHS.”
At the moment, to be listed in the Health Apps Library, developers are required to declare any data transmissions and register with the UK’s Information Commissioner’s Office – the body that enforces the Data Protection Act.
Huckvale added: “It is known that apps available through general marketplaces had poor and variable privacy practices, for example, failing to disclose personal data collected and sent to a third party. However, it was assumed that accredited apps – those that had been badged as trustworthy by organisational programs such as the UK’s NHS Health Apps Library – would be free of such issues.”