As regular readers of this blog and the companion site, DataBreaches.net, already know, much of our health/medical data is not well-protected by the federal law known as HIPAA. Part of the problem is that HIPAA does not cover all entities that collect, store, or use health information. In some cases, the FTC Act may apply if an entity violates its privacy policy assurances to consumers or if it fails to use reasonable data security, but for the most part, let’s just say that there are a ton of apps and businesses that have health info on us that is either not well protected or is being shared beyond our wildest nightmares. In April 2016, the FTC published a guidance for mobile health app developers, but of course a guidance is not a regulation or statute.
Germany’s data protection regulators have tended to be more protective than the U.S. government, and now they’ve issued yet another statement putting businesses – and consumers – on notice that while consumers may want to shape up, app developers and businesses better shape up, too.
Telecompaper reports that the German Commissioner for Data Protection and Freedom of Information conducted a test of privacy protection among apps and wearables. Among the findings:
In many cases, health data was processed by external third parties, putting user privacy at risk. While some manufacturers alert users to the potential for data-sharing with third parties, users often do not know who these third parties are or how to lodge an objection.
The Commissioner also identified an issue with data deletion. Uninstalling the app does not delete the data from manufacturer databases, the Commissioner warned, and there is often no recourse for users who wish to destroy existing data files.
Read more on Telecompaper.
In the meantime, if you use any kind of fitness app or health-related app – particularly those that might contain sensitive info like mood data, pregnancy/conception data, medication information, etc., think about where your data could wind up without your knowledge or consent. And then think about how it could be used against you.
There are some great apps out there, to be sure, but not all may be worth the risk they could pose to your privacy.