
Majority of health apps on Android tested shared personal health data - gumby
https://www.bmj.com/content/364/bmj.l920
======
rorykoehler
In Singapore the health insurance companies have programs to get people to
wear health trackers for a discount and people are oblivious as to why this
may not be the best idea/ alignment of interests.

~~~
tsukurimashou
They do the same in France for car insurance, they give you a box you put in
your car, which has at the very least a GPS module (but most probably have
tons of other sensors)

I think they are mostly targeting young drivers for which insurance can be
pretty expensive, and knowing well that most young adults these days don't
care much about privacy

~~~
nerdponx
Some US companies do this, too.

The unfortunate part is that, if we could trust that the data would be handled
correctly (not wide-open to hackers, not used for other purposes like
advertising/marketing) this would be an improvement in the efficiency of the
insurance industry.

~~~
lotsofpulp
I assume everyone who uses mobile networks has their location data being
stored, shared, and sold by the mobile network companies. I assume government
agencies and other people in positions of power can easily get identifiable
information, and advertisers or other businesses can purchase "anonymized"
information. At this point, I'm not sure what else is left to protect.

[https://arstechnica.com/tech-policy/2018/06/verizon-and-
att-...](https://arstechnica.com/tech-policy/2018/06/verizon-and-att-will-
stop-selling-your-phones-location-to-data-brokers/)

They claim they're stopping, but I don't see why I should believe them.

~~~
gruez
Mobile network location data is much more coarse than GPS data, so there's
"that" to protect.

~~~
AnIdiotOnTheNet
Are you sure? If the data in question also covers WiFi signals, which include
the signals emitted by every phone near you, then I'm not sure the data really
is that coarse.

~~~
gruez
I'm presuming here the location data is gathered outside of the phone (eg. by
cell towers), not the phone itself. If you have access to the phone itself
(eg. malicious app), then you can easily get GPS data as well.

------
blastbeat
> Clinicians should be conscious about the choices they make in relation to
> their app use and, when recommending apps to consumers, explain the
> potential for loss of personal privacy as part of informed consent.

That's for me the most important point of that study. It's no good if you
avoid data kraken where you can, and meanwhile your physician unwittingly
distributes your sensitive data via the latest health app.

~~~
0xDEFC0DE
My only critique of this is that clinicians in the US may be under large
organizational umbrellas and may be strongly encouraged (forced?) to go
through apps chosen by the org, and so they aren't really making any conscious
choices.

(TBF the paper authors are affiliated with Sydney, Toronto, and California
Universities so those healthcare systems are likely different)

------
blub
And this is why laws like the GDPR are needed:

"Journalists recently revealed that Australia’s most popular medical
appointment booking app, HealthEngine, routinely shared 100s of users’ private
medical information to personal injury law firms as part of a referral
partnership contract.1 Although the company claimed this was only done with
users’ consent, these practices were not included in the privacy policy but in
a separate “collection notice,” and there was no opportunity for users to opt-
out if they wished to use the application (app)."

Too bad most of the worst offenders are in the US or other countries with non-
existing privacy laws.

~~~
marcinzm
The US has HIPAA which while not perfect would cover any medical data sharing
and does have decently sized fines behind it.

~~~
dragonwriter
> The US has HIPAA which while not perfect would cover any medical data
> sharing and does have decently sized fines behind it.

Because HealthEngine looks like it has business relationships with providers,
it would probably be covered by HIPAA through provider BAAs in the US.

But if it only had a business relationship with the consumer, ala Google
Duplex, and handled medical bookings on the consumer's behalf that would not
be the case. So even though the specific case would enjoy covered by HIPAA in
the US, it is illustrative of a problem HIPAA may not be adequate to address.

HIPAA may actually be dangerous here, because what lay awareness of it exists
seems to see it as protecting health data generally, when it only protects
health data held by certain entities, and consumer-facing entities that don't
have a business relationship with your health provider or insurer aren't
covered, and there are plenty of them trying to vacuum up health data.

------
chicob
I also wonder how drugstores manage all the patients' data. For my part, I pay
in cash, and never give personally identifiable information unless strictly
necessary.

~~~
marcinzm
In the US a drugstore's information falls under HIPAA which isn't perfect but
does force some compliance at risk of large fines. HIPAA basically doesn't
allow identified information to be shared except specifically related to
treating or paying for your illness. Unlike a fly by night app a drugstore has
a physical presence which means that tracking them down to fine is easier.

------
c048
If it's free, you are the product.

~~~
bspammer
Most open-source software being the exception

~~~
hamburglar1
if you contribute, you are in a way the product still

~~~
organsnyder
Wouldn't that make you the manufacturer?

