Privacy Concerns Over NHS-accredited Apps
Smartphone health apps approved by the NHS and included in NHS England's Health Apps Library have been found to leak data. The Library tests apps to make sure they meet clinical and data safety standards. A study has found that the leaked data could be used for identity theft and fraud.
The most severely compromised apps have now been removed from the Library.
Even though the apps had been vetted, the study by Imperial College London found that some breached appropriate standards of privacy, and sent unencrypted data.
Kit Huckvale, a PhD student and one of the co-authors, said “If we were talking about health apps generally in the wider world, then what we found would not be surprising.” What did come as a surprise was that these apps, which had been vetted and approved, did not protect the user’s data as they should.
Purpose
The researchers tested apps for weight loss, giving up smoking, reducing alcohol consumption, and increasing physical activity. Over a period of six months they tested 79 apps by inputting fake data to see how it was handled.
Seventy of the apps sent personal data to online services. Twenty-three of the 70 failed to encrypt the data. Even worse, Mr Huckvale and his colleagues discovered that four apps forwarded data, including personal and health information, with no protection from possible eavesdropping.
He said the data could be used for fraud and identity theft if it was intercepted.
Although more than half the apps had a privacy policy, many were vague and failed to explain the type of data that was being shared. Most of the information gathered and shared was about a user’s phone or identity. Very few collected health information.
Mr Huckvale added that the NHS needed to work harder on testing because of how apps were likely to be used in the future.
Response
NHS England said: "We were made aware of some issues with some of the featured apps and took action to either remove them or contact the developers to insist they were updated.
"A new, more thorough NHS endorsement model for apps has begun piloting this month."
The study follows the government announcement that patients could soon access their medical records by smartphone, with the NHS being urged to adopt more mobile technology. The Health Secretary, Jeremy Hunt, wants to get 15 per cent of NHS patients routinely reading and adding to their online medical records using smartphone apps within the next year.
The results of the study are published in the open access journal BMC Medicine.
We would really love to get your response to this story, please click here to email us and we'll add your comments below. Thank you.