Study highlights privacy risk in some clinically-accredited health apps

Despite being accredited by medical authorities, some smartphone health apps may not handle user's data properly, putting their privacy at risk, according to a study published Friday by Imperial College London.

As a way of reassuring users about the quality and safety of health apps, several app accreditation programs have been launched.

One such program is Britain's National Health Service (NHS) health apps library, which is a curated list of apps for patient and public use. Registered apps undergo an appraisal process that examines clinical safety and compliance with data protection law.

"It is known that apps available through general marketplaces had poor and variable privacy practices, for example, failing to disclose personal data collected and sent to a third party. However, it was assumed that accredited apps ... would be free of such issues," said lead researcher Kit Huckvale, from Imperial College London.

The researchers from Imperial College London and France's Ecole Polytechnique CNRS, reviewed 79 apps, available on Android and iOS platforms, that were listed on the NHS health apps library in July 2013. The apps covered health areas such as weight loss, alcohol harm reduction, smoking cessation, etc.

After a six-month assessment, researchers found that 70 of the apps transmitted information to online services and 23 of those sent identifying information over the internet without encryption. Four apps were found to be sending both identifying and health information without encryption.

"Our study suggests that the privacy of users of accredited apps may have been unnecessarily put at risk, and challenges claims of trustworthiness offered by the current national accreditation scheme being run through the NHS," Huckvale said. Endit