Do Health Apps Endanger Privacy?

Category: Privacy

Healthcare is one of the fastest-growing industries thanks to two factors: A younger health-conscious generation enamored with gadgets, and an aging population increasingly conscious of its frailty and mortality. More and more data is being collected to improve health through smartphones, smartwatches, websites, and other connected means. But that wholesome trend also creates opportunities for data brokers to invade your privacy and sell your most intimate secrets. Here's what you need to know...

Healthy or Anonymous: Pick One

Your new smartphone is probably loaded with apps to help you monitor and improve your health. Samsung's popular Galaxy phones have the S Health app. Apple's forthcoming iOS 8 (for iPhones and iPads) is loaded with new tools to collect and store your health data.

Maybe you've got a wearable device like a Fitbit, Smart Run, or FuelBand that can wirelessly transmit information about your sleep cycles, steps taken, calories burned and heart rate. But where is all that data going?

Have you registered at a health-related Web site to obtain access to health information, track your diet, or chart your fitness levels? Have you completed a “confidential” survey to get a discount coupon? Downloaded an app that monitors your blood pressure?
health apps and privacy

No law prevents the providers of such things from selling whatever data you voluntarily give them, to marketers, insurers, and other interested parties.

Depression, herpes, yeast infections, erectile dysfunctions, and bed-wetting are just a few of the highly sensitive characteristics for which consumer mailing lists are available. Most consumers assume such things are protected against exploitation by federal and state privacy laws; they are, but in limited healthcare contexts.

Only specific healthcare “entities” are prohibited from sharing your health-related information with others. Doctors, hospitals, pharmacists, and insurance companies cannot resell what they learn about you. But a whole lot of other entities can, and they even straight-up buy it from you.

The mere fact that you visited a Web site devoted to diabetes is marketable. Sure, you may not have diabetes yourself; you may have visited the site on a friend’s behalf, or as part of a research project. Such a visit, alone, won’t fill your mailbox with insulin offers. But it goes into a digital dossier whose diverse bits of data form a startlingly accurate and detailed profile of your health and health interests.

Who Wants to Know?

Highly specialized lists may be purchased and combined into one huge database of people and their health-related interests. The purchasers – drug companies, medical supply distributors, private investigators, and so on – don’t rent lists based on just one criterion that may be wide of the mark. They’ll specify “persons who have visited diabetes Web sites AND shopped for weight-loss products,” a much more certain indication that a matching subject does have diabetes.

Ads for furniture or remodeling services may follow your visit to a site about depression. Why? Because treatment often includes advice to “change your lifestyle” and brighten up your home, and people who are recovering from depression often experience an urge to splurge on self-rewards.

Vendors of health apps and wearables say their privacy policies will keep your sensitive data safe. But the U.S. Federal Trade Commission and other privacy advocates are still concerned. The fact that any data you give to a Web site – consciously or merely by your actions – may be sold to marketers is often buried deep in voluminous privacy policies and couched in nearly incomprehensible vagaries. You should assume that any site you visit is going to squeeze every nickel it can out of whatever you do there.

“We will never sell your email address” is a meaningless promise, and it’s unenforceable in the usual course of events. A site doesn’t have to sell your email address; someone else did, and it’s associated with your name, street address, and health-related data in several independently assembled databases. Besides, how would you know or prove that Site A sold your email address? You’ve left it everywhere, haven’t you?

Helpful (and not so helpful) Steps to Protect Your Health Privacy

“Use a different email address” is rather useless advice even though it would help you pinpoint who sold a given address to marketers. If you used only on one site, then any spam sent to that address is definitely that site’s fault. But how many different email addresses are you going to create?

“Actually read the entire privacy policy” is worse than useless; it wastes your time. Companies that don’t plan to use your personal data for marketing purposes don’t need privacy policies.

You can use cash to buy over-the-counter health items anonymously, and just say “no” if asked for any contact information. Online, you don’t have much choice but to provide a shipping address, at least. But use Paypal, Square Cash, Amazon Payments, or some other payment service that does not reveal your credit card or bank account data to strangers.

“Don’t over-share” on social media, especially if your posts are public by default. Discuss your visit to the doctor with friends and family via email, not on Facebook.

Finally, think long and hard before strapping a health-monitoring Internet-connected thingie to your wrist, or downloading one to your phone. You might be sharing a lot more than you assume.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 10 Jun 2014

For Fun: Buy Bob a Snickers.

Prev Article:
How NOT to Get Exploited

The Top Twenty
Next Article:
Geekly Update - 11 June 2014

Most recent comments on "Do Health Apps Endanger Privacy?"

Posted by:

10 Jun 2014

I've just started watching a television series aired in the UK in 2008 titled, "The Last Enemy." There are lots of stories going on, but one of the main "characters" is a system called "T.I.A." That stands for Total Information Awareness. Among the many things it does is project the likelihood of each individual to become ill or do illegal things based on the web sites visited, items purchased, etc. All of the data collected, as the sponsors of the system say, is for the protection of the citizens. Yeah, right! Just like what you stated in your article -- visit a web site about diabetes and that goes into your personal digital dossier.

Posted by:

Tom Van Dam
10 Jun 2014

This is very interesting as my boss just started wearing one of those digital health bands. I will have to tell him about this to increase his awareness of the potential for abuse.

Posted by:

Gloria Huffman
10 Jun 2014

Because of all this, I have been feeling quite trapped for a long time. Without the internet, I assume (often incorrectly) that I won't be able to find information as quickly as with it. (Go ahead and admit how many times you've literally lost an entire work day because you were sucked into the net that interred you!) But with the internet, I'm a tracked woman.

Posted by:

10 Jun 2014

A little parabolic, there Bob... "Companies that don’t plan to use your personal data for marketing purposes don’t need privacy policies."

Also, it should be noted that many people avoid sharing info with people over the internet who do NOT have a privacy policy, with good reason. You have a privacy policy _because_ you don't sell our info, and you get more subscribers, etc, _because_ you have a privacy policy that says as much.
You even have a banner add (probably targeted using non-personally-identifiable browser history data) at the bottom of your privacy policy page...

Bottom line - No privacy policy = no protection under the law. Privacy policy = protection under the law, within the limits imposed by that privacy policy. It is a legally binding contract (and has successfully been used as such in many court cases going both ways over the years). So yes, it is important to look for and read the privacy policy.
The lack of a privacy policy (or having one that's so convoluted and/or ladden with legal-ese that you can't understand it) is generally a red flag, if the site is using cookies, serving ads, or directly asking for your info in any way. A clear, plain-English policy like yours is generally a good sign.

Oddly, none of the sites I manage have privacy policies... just never got around to it. Every time I think of it, it makes me feel dirty, not having one... so thanks for that :-)

Posted by:

top squirrel
11 Jun 2014

I have several email addresses but neither my name nor my address or phone number is associated with any of them. Give any name like and leave blank other fields for contact information.
I have no Facebook account. I laugh at the spam emails I get from self-described hot women who think my Facebook picture is cute, that we live near each other and should meet.
Never buy anything online. Phone or send a mail order and pay NOT with a check or credit card but a money order or gift card. My bank sells money orders at no fee and gift cards for a small fee and when the credit is used up the card and its number are useless and you pitch it.
I have visited many health sites researching information for myself or friends. I never register and I have never got related spam.
I've never researched erectile disfunction but some of the spam I keep getting is for drugs like Viagara and Cialis.
I use one email address only to receive newsletters -- I never send anything from it, but I still get spam there. I trust the newsletters I get not to disclose my email but I wish I knew how the spammers get it.
I notice some spam gives emails to unsubscribe and they say if you send an email to that address they'll send you no more emails, but a friend tells me my sending them an email will allow them to hack into my email account, get my address list, read my emails. How about it, Bob? True?

Posted by:

17 Jun 2014

@top squirrel ... You made me laugh. :)

I go by the "name" of MmeMoxie and I get emails all the time, for Viagara and Cialis. It totally, cracks me up. In NO way, do I have ED, since, I am a woman. The worse place for an email address is with Yahoo!!! My email box there, can easily fill up with over 3000 SPAM emails, in 3 weeks time!!! I am not kidding. Guess who probably "sells" their Email Addresses??? Three guesses and the first two, do not count ... Yahoo!

Posted by:

Ramona Newotn
20 Oct 2015

I'm a youthful 62yr old woman doing my best to keep up only with what is necessary to operate my computer. I do like to research information on many subjects and Facebook and email. I know not to talk about personal things on the internet. I really don't want to be bothered with anything I didn't ask for. I don't have any apps and so far I don't anticipate the need for any given my simple lifestyle. My doctors office offered me the opportunity to put my medical information on a website that I would have access to for various reasons. I wouldn't dream of doing something like that! As for me, I try to keep things pretty simple. I appreciate your newsletter cause it has been helpful to learn what's going on in cyber world and how to protect myself. Thanks, Mona

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- Do Health Apps Endanger Privacy? (Posted: 10 Jun 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved