Most Telehealth Apps Violating Users' Privacy, Researcher Tells Privacy Conference
SANTA CLARA, Calif. -- A majority of telehealth apps may be violating at least one privacy law or rule, the USENIX Privacy Engineering Practice and Respect (PEPR) conference heard Tuesday.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
However, even if consumers are concerned about a privacy-invasive app, they are often “helpless” to change medical providers, said Primal Wijesekera, research scientist at the International Computer Science Institute at University of California-Berkeley.
Wijesekera’s team tested 408 telehealth apps from 36 countries, including 208 from the U.S. The apps had a median user base of 200,000, he said.
Results showed nearly 63% of the apps shared data without properly notifying users about data-sharing practices, said Wijesekera. Meanwhile, 52% of consumer health privacy apps, which aren’t affiliated with a specific medical insurer, share protected information with domains like Doubleclick, which are usually labeled as trackers, he said. Of the apps that worked directly with a medical insurer, 48% potentially violated at least one privacy or security rule in the Health Insurance Portability and Accountability Act, he said.