Medical Apps: When Sharing Goes Too Far

There’s an app for that.

Ever since Apple claimed primacy over the smartphone universe, we’ve all become familiar with that refrain. And as noted in a recent report on NPR, mobile medical applications are hot property. Even the stodgy American Medical Association (AMA) has introduced an iPhone app that keeps track of your medications.

It’s all good. Or is it?

We’ve discussed the benefits of electronic medical records. But when it comes to apps, as convenient as such medical assistants might be, there is reason to be concerned about breaches of privacy. That might not induce worry if your techno assistant is helping you adhere to a healthful diet, but some monitor blood sugar, blood pressure and screen for depression. Are you comfortable with strangers having that information?

Medical apps aren’t covered by HIPAA, the federal privacy law that controls how doctors and health-care providers store and share patient health information. “They are offering to store and share some pretty sensitive information,” Deven McGraw, director of the health privacy project at the Center for Democracy and Technology, told NPR.

Because of that hole in the law, what you consider private, personal information might be little more than marketing data to a medical app manufacturer. As McGraw said, “If their privacy policy says, ‘From time to time we will share your information with advertisers,’ they can do that.”

And what if you lose your phone? What if it’s stolen? What if you share your phone so someone else can peruse your photos-what’s to prevent him or her from perusing other information you might otherwise choose to keep private?

Some app developers, including the AMA’s, offer password protection. That’s good but not impenetrable. Here’s what the AMA app disclaims:

When you purchase this application, you will be responsible for protecting the privacy and security of the information that you enter, and for deciding who to disclose, and give access to, the information. The AMA assumes no responsibility, and shall have no liability, for protecting the privacy or security of the information entered in the application or shared with others either intentionally or unintentionally.

Some med apps invite users to share their medication info with their doctors, pharmacist, family, etc., via email, but anyone who hasn’t recently moved here from Jupiter knows that email is hackable. And who hasn’t made the mistake of sending an email to the wrong recipient? A survey of doctors’ email habits concluded that most didn’t even follow AMA email protocol.

You’d think oversight of med app privacy would fall to the FDA, but last summer that agency was considering limiting its watch-dogging to apps that “could present a risk to patients if the apps don’t work as intended.” If it’s a consumer convenience and not a medical device intended for treatment, the FDA is going to pass.

That leaves the protection of your privacy up to you. In the era of sharing, of Facebook, of tweeting every thought that crosses your mind, the security of medical information seems awfully vulnerable.

Patrick Malone & Associates, P.C. listed in Best Lawyers Rated by Super Lawyers Patrick A. Malone
Washingtonian Top Lawyer 2011
Avvo Rating 10.0 Superb Top Attorney Best Lawyers Firm
Contact Information