IIT Chicago-Kent Researchers Discuss the Findings of a Study of Diabetes Apps and Privacy

Researchers at IIT Chicago-Kent College of Law discussed the findings of a forthcoming study on medical apps related to diabetes at last week’s “Health on the Go: Medical Apps, Privacy and Liability” conference which drew medical app developers, lawyers, regulators and health care professionals.

The study was conducted by Sarah Blenner and Melanie Koellmer of the Institute for Science, Law and Technology (ISLAT) and the Center for Diabetes Research and Policy (CDRP), both at IIT Chicago-Kent. The researchers analyzed 275 diabetes-specific apps available in the Google Play Store to determine their functions, privacy policies, and whether the apps claimed to be approved by the Food and Drug Administration (FDA). The Chicago-Kent researchers also reviewed the law and policies that govern the design and use of health and fitness apps.

Among their findings were that the vast majority of diabetes apps available in the Google Play Store did not have privacy policies readily available prior to downloading the app. The apps that did have a privacy policy available often did not provide helpful or easily understandable tools to control privacy.

*Fewer than 10%-only 25 out of 275- of the diabetes-specific apps available in the Google Play Store had privacy policies or linked to privacy policies in the app’s description on the Google Play Store.

*Of the 275 diabetes apps available in the Google Play Store, only five apps had privacy policies stating that no personally identifiable information would be sold.

*Of the 275 diabetes apps available in the Google Play Store, only eight apps had privacy policies stating that the app used electronic safeguards for data protection.

According to the researchers, the public is increasingly accessing health information “on the go” through health applications, games and social networks. Citing data from the Pew Research Center’s Internet & American Life Project, they say more than half of the adult smartphone users in the U.S. use the devices to search for medical information and 20 percent have downloaded a health care app.

“Apps serve as a platform for structured communication between parties such as a caregiver and an elderly parent or a child and the school nurse,” said researcher and CDRP director Sarah Blenner. “Apps provide a repository for data, including compliance with medication regimens, activity notes, and food logs that can be shared with a doctor to identify trends and troubleshoot health issues.

“But what happens to private health information entered into web searches or health care apps? That information may be used against you by credit card agencies, employers, or life insurers. Unlike health care information in the hands of doctors or hospitals, medical information from web searches, medical apps, and health-related digital games is not protected by the federal health privacy law,” Blenner warned.