Do Health Apps Endanger Privacy?
Healthcare is one of the fastest-growing industries thanks to two factors: A younger health-conscious generation enamored with gadgets, and an aging population increasingly conscious of its frailty and mortality. More and more data is being collected to improve health through smartphones, smartwatches, websites, and other connected means. But that wholesome trend also creates opportunities for data brokers to invade your privacy and sell your most intimate secrets. Here's what you need to know...
Healthy or Anonymous: Pick One
Your new smartphone is probably loaded with apps to help you monitor and improve your health. Samsung's popular Galaxy phones have the S Health app. Apple's forthcoming iOS 8 (for iPhones and iPads) is loaded with new tools to collect and store your health data.
Maybe you've got a wearable device like a Fitbit, Smart Run, or FuelBand that can wirelessly transmit information about your sleep cycles, steps taken, calories burned and heart rate. But where is all that data going?
Have you registered at a health-related Web site to obtain access to health information, track your diet, or chart your fitness levels? Have you completed a “confidential” survey to get a discount coupon? Downloaded an app that monitors your blood pressure?
No law prevents the providers of such things from selling whatever data you voluntarily give them, to marketers, insurers, and other interested parties.
Depression, herpes, yeast infections, erectile dysfunctions, and bed-wetting are just a few of the highly sensitive characteristics for which consumer mailing lists are available. Most consumers assume such things are protected against exploitation by federal and state privacy laws; they are, but in limited healthcare contexts.
Only specific healthcare “entities” are prohibited from sharing your health-related information with others. Doctors, hospitals, pharmacists, and insurance companies cannot resell what they learn about you. But a whole lot of other entities can, and they even straight-up buy it from you.
The mere fact that you visited a Web site devoted to diabetes is marketable. Sure, you may not have diabetes yourself; you may have visited the site on a friend’s behalf, or as part of a research project. Such a visit, alone, won’t fill your mailbox with insulin offers. But it goes into a digital dossier whose diverse bits of data form a startlingly accurate and detailed profile of your health and health interests.
Who Wants to Know?
Highly specialized lists may be purchased and combined into one huge database of people and their health-related interests. The purchasers – drug companies, medical supply distributors, private investigators, and so on – don’t rent lists based on just one criterion that may be wide of the mark. They’ll specify “persons who have visited diabetes Web sites AND shopped for weight-loss products,” a much more certain indication that a matching subject does have diabetes.
Ads for furniture or remodeling services may follow your visit to a site about depression. Why? Because treatment often includes advice to “change your lifestyle” and brighten up your home, and people who are recovering from depression often experience an urge to splurge on self-rewards.
Vendors of health apps and wearables say their privacy policies will keep your sensitive data safe. But the U.S. Federal Trade Commission and other privacy advocates are still concerned. The fact that any data you give to a Web site – consciously or merely by your actions – may be sold to marketers is often buried deep in voluminous privacy policies and couched in nearly incomprehensible vagaries. You should assume that any site you visit is going to squeeze every nickel it can out of whatever you do there.
“We will never sell your email address” is a meaningless promise, and it’s unenforceable in the usual course of events. A site doesn’t have to sell your email address; someone else did, and it’s associated with your name, street address, and health-related data in several independently assembled databases. Besides, how would you know or prove that Site A sold your email address? You’ve left it everywhere, haven’t you?
Helpful (and not so helpful) Steps to Protect Your Health Privacy
“Use a different email address” is rather useless advice even though it would help you pinpoint who sold a given address to marketers. If you used [email protected] only on one site, then any spam sent to that address is definitely that site’s fault. But how many different email addresses are you going to create?
You can use cash to buy over-the-counter health items anonymously, and just say “no” if asked for any contact information. Online, you don’t have much choice but to provide a shipping address, at least. But use Paypal, Square Cash, Amazon Payments, or some other payment service that does not reveal your credit card or bank account data to strangers.
“Don’t over-share” on social media, especially if your posts are public by default. Discuss your visit to the doctor with friends and family via email, not on Facebook.
Finally, think long and hard before strapping a health-monitoring Internet-connected thingie to your wrist, or downloading one to your phone. You might be sharing a lot more than you assume.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 10 Jun 2014
|For Fun: Buy Bob a Snickers.|
How NOT to Get Exploited
The Top Twenty
Geekly Update - 11 June 2014
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Do Health Apps Endanger Privacy? (Posted: 10 Jun 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved