With its iPhone and iPad, Apple Inc. might be winning the battle for physician mind share for smartphones and tablets for a good reason: While it touts “user experience” as a major reason it vets software before it can be offered via its App Store, Apple also might be helping screen apps for potential Health Insurance Privacy and Accountability Act (HIPAA) violations.
A report in The Wall Street Journal earlier this week looked at Apple iOS apps versus Google Android smartphone apps, and detailed the deep data that some ad networks glean from app users — from where they live to tracking their current location.
Another Journal article examined TheFind, a shopping app that offers location-sensitive sale information from retailers hoping to part shoppers from their money. Android apps are policed less than Apple apps and potentially can gather more data on the phone user, but iPhone apps can track broad groups of users and serve ads based on that intel. Apple has sent signals that it may be planning to track more individual data in the future, as Android apps do now.
What does this mean for health care? Considering HIPAA regulations, IT leaders in facilities developing their own apps would be well-advised to examine the intentions of their developers closely, and to make sure business associate agreements prevent data mining that potentially could violate HIPAA regulations — including recent additions to the rule in which the Federal Trade Commission outlaws some kinds of patient marketing.
Furthermore, physicians who see patients using consumer apps on their smartphones might do well to encourage them to understand what’s being done with their data on the back end as a self-defense against sharing one’s personal information with parties more interested in making a buck than in the individual’s actual health.
For instance, to apply an example we’re heard HIPAA experts use in conference presentations: No patient wants to think about the marketing process leading to an ad for a particular brand of prescription drug getting served to his phone while using a consumer health app (How does my phone know I have diabetes? Or arthritis? Or erectile dysfunction?) — or a hospital oriented service such as access to a personal health record. In this brave new world of mHealth apps, it’s time to start questioning how those feeds find their marks.
It’s one thing to have an app find the best local deal on a flat-screen television; it’s quite another to influence health decisions based on behavioral data collected by shrewd marketers.