Most Telehealth Apps Violating Users' Privacy, Researcher Tells Privacy Conference
SANTA CLARA, Calif. -- A majority of telehealth apps may be violating at least one privacy law or rule, the USENIX Privacy Engineering Practice and Respect (PEPR) conference heard Tuesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
However, even if consumers are concerned about a privacy-invasive app, they are often “helpless” to change medical providers, said Primal Wijesekera, research scientist at the International Computer Science Institute at University of California-Berkeley.
Wijesekera’s team tested 408 telehealth apps from 36 countries, including 208 from the U.S. The apps had a median user base of 200,000, he said.
Results showed nearly 63% of the apps shared data without properly notifying users about data-sharing practices, said Wijesekera. Meanwhile, 52% of consumer health privacy apps, which aren’t affiliated with a specific medical insurer, share protected information with domains like Doubleclick, which are usually labeled as trackers, he said. Of the apps that worked directly with a medical insurer, 48% potentially violated at least one privacy or security rule in the Health Insurance Portability and Accountability Act, he said.