0
We're unable to sign you in at this time. Please try again in a few minutes.
Retry
We were able to sign you in, but your subscription(s) could not be found. Please try again in a few minutes.
Retry
There may be a problem with your account. Please contact the AMA Service Center to resolve this issue.
Contact the AMA Service Center:
Telephone: 1 (800) 262-2350 or 1 (312) 670-7827  *   Email: subscriptions@jamanetwork.com
Error Message ......
Research Letter |

Privacy Policies of Android Diabetes Apps and Sharing of Health Information FREE

Sarah R. Blenner, JD, MPH1; Melanie Köllmer, PhD1,2; Adam J. Rouse, JD, LLM1; Nadia Daneshvar, MPH1; Curry Williams, AS1; Lori B. Andrews, JD1
[+] Author Affiliations
1Illinois Institute of Technology Chicago-Kent College of Law, Chicago, Illinois
2now with Almirall Hermal GmbH, Reinbek, Germany
JAMA. 2016;315(10):1051-1052. doi:10.1001/jama.2015.19426.
Text Size: A A A
Published online

Mobile health apps can help individuals manage chronic health conditions.1 One-fifth of smartphone owners had health apps in 2012,2 and 7% of primary care physicians recommended a health app.3 The US Food and Drug Administration has approved the prescription of some apps.4 Health apps can transmit sensitive medical data, including disease status and medication compliance. Privacy risks and the relationship between privacy disclosures and practices of health apps are understudied.

On January 3, 2014, we identified all Android diabetes apps by searching Google Play using the term diabetes. Android is the most popular mobile operating system worldwide with 82.8% market share (compared with Apple iOS’s 13.9%).5 We collected and analyzed privacy policies and permissions (disclosures of what apps can access or control on the device) for apps that remained 6 months after our initial search. Because consumers may want to know about privacy protections before choosing an app, we determined which apps had policies available predownload and what the policies protected. Then we installed a random subset of apps to determine whether data were transmitted to third parties, defined as any website not directly under the developer’s control, such as data aggregators or advertising networks.

We performed χ2 tests of independence (Excel 2010, Microsoft) to determine whether apps with privacy policies were more likely to protect personal information than apps without privacy policies. A 2-sided P value less than .05 was considered significant.

We identified 271 diabetes apps and chose a random sample of 75 for the transmission analysis. Within 6 months, 60 apps became unavailable, leaving 211 apps in the sample and 65 apps in the subset. Most of the 211 apps (81%) did not have privacy policies. Of the 41 apps (19%) with privacy policies, not all of the provisions actually protected privacy (eg, 80.5% collected user data and 48.8% shared data) (Table 1). Only 4 policies said they would ask users for permission to share data.

Table Graphic Jump LocationTable 1.  Privacy Policy Provisions for the 41 Apps With Privacy Policies (19% of the 211 Apps)a

Permissions, which users must accept to download an app, authorized collection and modification of sensitive information, including tracking location (17.5%), activating the camera (11.4%), activating the microphone (3.8%), and modifying or deleting information (64.0%) (Table 2).

Table Graphic Jump LocationTable 2.  Permission Listings of 211 Android Diabetes Appsa

In the transmission analysis, sensitive health information from diabetes apps (eg, insulin and blood glucose levels) was routinely collected and shared with third parties, with 56 of 65 apps (86.2%) placing tracking cookies; 31 of the 41 apps (76%) without privacy policies, and 19 of 24 apps (79%) with privacy policies shared user information, which was not statistically significantly different (N = 65; χ21  = 0.11, P > .25). Of the 19 apps with privacy policies that shared data with third parties, 11 apps disclosed this fact, whereas 8 apps did not.

This study demonstrated that diabetes apps shared information with third parties, posing privacy risks because there are no federal legal protections against the sale or disclosure of data from medical apps to third parties.6 The sharing of sensitive health information by apps is generally not prohibited by the Health Insurance Portability and Accountability Act.

This study is limited to Android apps and privacy policies available predownload in 2014, and the apps in the subset may not be a representative sample due to withdrawal of some apps. In November 2015, 143 of the 211 original apps, and 53 of the 65 apps in the subset (23 with and 30 without privacy policies) were still available. There were no major changes in the number of privacy policies (only 2 in the subset added policies), and policies had not been modified to protect consumer data from being shared with third parties.

Patients might mistakenly believe that health information entered into an app is private (particularly if the app has a privacy policy), but that generally is not the case. Medical professionals should consider privacy implications prior to encouraging patients to use health apps.

Section Editor: Jody W. Zylke, MD, Deputy Editor.

Corresponding Author: Sarah R. Blenner, JD, MPH, Illinois Institute of Technology Chicago-Kent College of Law, 565 W Adams St, Ste 530, Chicago, IL 60661 (sblenner@gmail.com).

Author Contributions: Ms Blenner had full access to all of the data in the study and takes responsibility for the integrity of the data and the accuracy of the data analysis.

Study concept and design: Blenner, Köllmer, Williams, Andrews.

Acquisition, analysis, or interpretation of data: Blenner, Köllmer, Rouse, Daneshvar, Williams, Andrews.

Drafting of the manuscript: Blenner, Köllmer, Rouse, Daneshvar, Williams, Andrews.

Critical revision of the manuscript for important intellectual content: Blenner, Köllmer, Andrews.

Statistical analysis: Rouse, Daneshvar, Williams.

Administrative, technical, or material support: Blenner, Köllmer, Rouse, Williams, Andrews.

Study supervision: Blenner, Andrews.

Conflict of Interest Disclosures: All authors have completed and submitted the ICMJE Form for Disclosure of Potential Conflicts of Interest and none were reported.

Wang  J, Wang  Y, Wei  C,  et al.  Smartphone interventions for long-term health management of chronic diseases: an integrative review. Telemed J E Health. 2014;20(6):570-583.
PubMed   |  Link to Article
Pew Internet and American Life Project. Mobile Health 2012.http://www.pewinternet.org/files/old-media//Files/Reports/2012/PIP_MobileHealth2012_FINAL.pdf. Accessed December 10, 2015.
Bauer  AM, Rue  T, Keppel  GA, Cole  AM, Baldwin  LM, Katon  W.  Use of mobile health (mHealth) tools by primary care patients in the WWAMI region Practice and Research Network (WPRN). J Am Board Fam Med. 2014;27(6):780-788.
PubMed   |  Link to Article
US Food and Drug Administration (FDA). Response to FDA feedback on 510(K) K 100066.http://www.accessdata.fda.gov/cdrh_docs/pdf10/K100066.pdf. Accessed December 10, 2015.
International Data Corporation. Smartphone OS Market Share, 2015 Q2.http://www.idc.com/prodserv/smartphone-os-market-share.jsp. Accessed December 10, 2015.
Andrews  LB. I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy 17-32. New York, NY: Free Press; 2013.

Figures

Tables

Table Graphic Jump LocationTable 1.  Privacy Policy Provisions for the 41 Apps With Privacy Policies (19% of the 211 Apps)a
Table Graphic Jump LocationTable 2.  Permission Listings of 211 Android Diabetes Appsa

References

Wang  J, Wang  Y, Wei  C,  et al.  Smartphone interventions for long-term health management of chronic diseases: an integrative review. Telemed J E Health. 2014;20(6):570-583.
PubMed   |  Link to Article
Pew Internet and American Life Project. Mobile Health 2012.http://www.pewinternet.org/files/old-media//Files/Reports/2012/PIP_MobileHealth2012_FINAL.pdf. Accessed December 10, 2015.
Bauer  AM, Rue  T, Keppel  GA, Cole  AM, Baldwin  LM, Katon  W.  Use of mobile health (mHealth) tools by primary care patients in the WWAMI region Practice and Research Network (WPRN). J Am Board Fam Med. 2014;27(6):780-788.
PubMed   |  Link to Article
US Food and Drug Administration (FDA). Response to FDA feedback on 510(K) K 100066.http://www.accessdata.fda.gov/cdrh_docs/pdf10/K100066.pdf. Accessed December 10, 2015.
International Data Corporation. Smartphone OS Market Share, 2015 Q2.http://www.idc.com/prodserv/smartphone-os-market-share.jsp. Accessed December 10, 2015.
Andrews  LB. I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy 17-32. New York, NY: Free Press; 2013.
CME
Also Meets CME requirements for:
Browse CME for all U.S. States
Accreditation Information
The American Medical Association is accredited by the Accreditation Council for Continuing Medical Education to provide continuing medical education for physicians. The AMA designates this journal-based CME activity for a maximum of 1 AMA PRA Category 1 CreditTM per course. Physicians should claim only the credit commensurate with the extent of their participation in the activity. Physicians who complete the CME course and score at least 80% correct on the quiz are eligible for AMA PRA Category 1 CreditTM.
Note: You must get at least of the answers correct to pass this quiz.
Please click the checkbox indicating that you have read the full article in order to submit your answers.
Your answers have been saved for later.
You have not filled in all the answers to complete this quiz
The following questions were not answered:
Sorry, you have unsuccessfully completed this CME quiz with a score of
The following questions were not answered correctly:
Commitment to Change (optional):
Indicate what change(s) you will implement in your practice, if any, based on this CME course.
Your quiz results:
The filled radio buttons indicate your responses. The preferred responses are highlighted
For CME Course: A Proposed Model for Initial Assessment and Management of Acute Heart Failure Syndromes
Indicate what changes(s) you will implement in your practice, if any, based on this CME course.

Multimedia

Some tools below are only available to our subscribers or users with an online account.

3,076 Views
2 Citations
×

Related Content

Customize your page view by dragging & repositioning the boxes below.

Articles Related By Topic
Related Collections
Jobs
JAMAevidence.com

The Rational Clinical Examination: Evidence-Based Clinical Diagnosis
Diabetes, Foot Ulcer

The Rational Clinical Examination: Evidence-Based Clinical Diagnosis
Diabetic Peripheral Neuropathy