Health-Apps: Increasing Danger for Data Privacy

Wearable fitness trackers and wellness app technology use innovation to let consumers quantify and track their health. One burgeoning trend is the smartwatch. Smartwatches are equipped to track exercise, heart rate, GPS location of the wearer, and just about anything else. Apple released its new Watch Series that allegedly quantifies the number of stairs climbed per day. Fitbit also announced its new watch that more accurately measures: heart rate, blood oxygen levels, sleep, and activity levels of different exercises. Amidst market competition and growing consumer interest in tracking individual health, the market for wearable smartwatches has grown almost 70% in 2017. This increased interest and flourishing market for health insights, has consequently inspired scientific innovators to turn their attention to fashioning technology that can track actual medical conditions — such as asthma — and that can diagnose diseases. While this innovation introduces much needed preventative healthcare apps that can be accessible to a high volume of the population, it also raises serious questions about data privacy and fraud that must be considered.

Several health and fitness app makers have already come under fire for fraudulent health claims and lax data security. New York Attorney General Eric Schneiderman fined three popular health app makers — Cardiio, Runtastic, and My Baby’s Beat — collectively $30,000 for making health claims not backed by data or FDA-approval and for collecting and sharing users personally identifying information with third parties without the user’s consent. Additionally, an app called the Pact that either rewarded or penalized consumers monetarily for achieving or failing at their weekly goals, was fined 1.5 million dollars for withdrawing money from users accounts without authorization.

Fitness tracking apps may record and store an individual’s food intake, exercise for the week, sleep patterns and water intake. Even when users are not manually inputting their activity information, data collection is ubiquitous and invisible. These data points, consumer’s dietary patterns and measures of physical activity, are known as health determinants. Health determinants reveal some of the most private information about an individual. This means when apps decide to share user’s information without their consent, the app makers are actually sharing private information about life expectancy and various predictable health outcomes about the consumer.

Faced with the growing number of health app and data collection technologies, the Federal Trade Commission (FTC) has had to grapple with how to deal with fraudulent advertising practices and privacy concerns. The first challenge for the FTC is monitoring health apps that bring false claims of diagnosis or claim to cure illnesses and medical conditions. In one case, the FTC brought suit challenging the mobile device app, Melapp, for making deceptive claims about the ability to diagnosis cancerous moles on an individual’s body by simply taking a photograph and inputting other information about the mole. The court held for the FTC, declaring that Melapp misrepresented their product by implying they could detect or diagnose melanoma or risk factors of melanoma. Any marketing or advertising of a product must have substantiated claims — express or implied.

The second challenge for the FTC in monitoring health apps concerns privacy issues. App makers have the ability to collect private data regarding consumer’s health status on an ongoing basis without the consumer ever knowing with whom that data is shared with. In one case addressing private data abuse, the FTC filed against PaymentsMD, LLC for using the sign-up process on their “Patient Portal” to trick consumers into consenting to data sharing. PaymentsMD is just one of many cases where health-oriented technology services are fraudulently collecting private and confidential information to sell to third parties.

In response to the increasing fraud and security issues over health tracking services, the FTC has created a webpage to help mobile health app designers know the laws surrounding health care and data collection, and which ones apply to their app. The FTC also created a “Best Practices” webpage laying out the guidelines or privacy and security. Designers of new health apps will hopefully utilize these WebPages to know the laws surrounding data security and privacy before putting their product on the market. With the overwhelming rate of innovation, the FTC sees its next steps as taking a meaningful look at the sensitive uses of data, rather than continue to focus on sensitive data. The FTC would rather work on preventing consumer’s private data from being misappropriated in the first place, rather than bring a flurry of court cases merely as ex-post facto measures. App users probably feel the same way.

Leave a Comment