Although the study applies to a small subset of mHealth apps, combining the results of this research with other studies suggests the privacy problem is endemic to many other apps, Kit Huckvale, MB ChB, from the Global eHealth Unit, Imperial College London, United Kingdom, and lead author of the BMC paper, told Medscape Medical News.
The selected apps included programs designed for wellness, fitness, and chronic care management. Most collected user-generated content, and two thirds had users enter strong identifiers such as email addresses, usernames and passwords, or full names. The majority of the apps captured health-related data, and a third of them provided diaries to record health information.
"We found examples of complete personal datasets, including name, date of birth and contact details, sent as plain text. No apps encrypted local data stores, despite the widespread use of PIN or password security within apps that might reasonably lead a user to believe their information was protected," the authors note.
Dr. Huckvale said he is not aware of any large-scale thefts of mobile health data in the UK or the United States. However, with all the hacking going on in healthcare, "there's an opportunity to make sure this doesn't happen," he added.
"We're hopeful that this paper will stimulate discussion and lead to resolution of the issue, rather than people going away from it and thinking that it can't be fixed. It definitely can be fixed. We have secure banking and things like that. We should try to sort it now before mHealth apps are more widely used," Dr. Huckvale concluded.
Source: Medscape Medical News
Image credit: Flickr.com