The terms of service associated with most apps or online services is something we often have but a passing association with as we rush to sign up. With apps designed to help our health, should we be paying closer attention?
Research from the University of Michigan highlights the need for us to take ownership of our medical data, while we still have the chance to do so. They argue that the average patient has little understanding of the rules around the health data collected by apps. Whereas medical institutions are often governed by rules preventing the sharing of medical data, private companies are often not.
“Some health data shared with a physician in the context of a health-related interaction is protected, but in a different context that same data is not protected,” the researchers say. “The way the U.S. addresses health data focuses on who is using the data, but not the data itself.”
Sensitive data
This fundamental lack of protection could potentially lead to our sensitive data becoming available to third parties. The authors highlight the growing range of digital health services entering the market, with many offering a wide range of benefits to users to help them manage their health effectively.
“We’re learning how to leverage digital technology, like smartphones and wearables, to engage patients in their health, improve remote monitoring of health conditions and potentially deliver targeted interventions outside of the clinic appointment,” they explain.
It’s certainly not their intention to scare the public about using such apps, as they accept that the advantages are considerable. Indeed, the benefits currently considerably outweigh the risks, but as the commercialization of data slowly enters the health domain, those risks may increase.
“We simply think it’s important to make sure providers who are encouraging their patients to use this technology are also able to have conversations with their patients about data privacy,” the authors say.
A need for education
The authors believe two things need to change to help make the situation safer. The first of these is greater education for providers so that health data can still be used for research purposes but without patients being compromised. The second is legislation to ensure this occurs and privacy and trust are not breached.
“It could be helpful for patients to provide doctors with their heart rate and blood pressure measurements collected using wearable devices,” the authors say. “But this means we have a responsibility to educate patients and ourselves about potential downstream uses of that data.”
This is likely to be difficult for patients to tackle on their own, especially as a growing number of big players enter the market, such as Apple and Google. This will likely require the government to step in to ensure that consumer data is protected, as the responsibility shouldn’t rest solely on the shoulders of consumers themselves.
“The U.S. is living in the past with regard to data protection,” they conclude. “We’ve got privacy law from a world where health data means what your doctor writes in your medical chart. We’re not in that world anymore. The law needs to change.”
