Over half of Americans have a health-related mobile application on their phone. These apps can track vitals like weight and blood pressure, keep up with diet and exercise habits, and even offer medication reminders. Health and medical apps typically require users to register in order to create a personalized profile and to associate their logged information with their account. With pharmacy coupons at your fingertips and pill reminders in your pocket, these apps are marketed to mobile users as convenient, helpful, and even reliable or secure. Sounds like a dream come true for the plugged-in, health-conscious consumer! This in mind, I decided to take a closer look at some of the highest-rated medical apps’ privacy policies to find out what wasn’t being talked about in the app stores…
Health information can be considered a business asset to software companies. It is common for companies to sell or transfer customer data in business proceedings, such as mergers or bankruptcies. But for medical app software companies, the data can include sensitive health information collected from user accounts.
Many medical apps have vague security policies. Statements like “we cannot guarantee security” or “no transmission over the internet is 100% secure” sound much more like legal disclaimers than a protection policy. Also, third-party cloud service providers are often named responsible for ensuring the security of user data rather than the company itself.
Users may not have control over the deletion or retention of their collected information. Several medical app privacy policies stated that they retain all users’ collected information indefinitely. This could mean that simply closing the account or uninstalling the app would not result in deletion from their system. Additionally, when account history deletion is offered upon request, it is rarely backed by a guarantee.