News Stay informed about the latest enterprise technology news and product updates.

Many health and fitness apps lack privacy policies

A recent study by the Future of Privacy Forum found that the top health and fitness apps lag behind other types of apps in terms of privacy policies — only 70% of the top 100 health and fitness apps had a privacy policy, and only 61% include links to the privacy policy on the app listing page.

In comparison, of the top 100 free and paid mobile apps in the iOS App Store and the Android Google Play Store, 76% had a privacy policy and 71% included a link on the app’s listing page.

Health and fitness apps can collect highly sensitive data from users, including any medical issues, medications, diet, physical activity, sleep patterns and more. Without an easily accessible privacy policy, customers who download these apps cannot be sure how their data is being used, whether or not it is being shared, or how the data is being protected – if at all. Data breaches are still a common occurrence in healthcare, and the majority of health and fitness apps aren’t covered by HIPAA.

However, the Department of Health and Human Services released healthcare app development guidelines to help app developers understand if their app deals with protected health information and if the app needs to be HIPAA compliant. One scenario under which a mobile health app would be covered by HIPAA is if the app is developed on behalf of a covered entity.

Users may assume that, because there is a privacy policy, their information is private. But that isn’t always the case. A study published in the Journal of the American Medical Association found that, out of 41 diabetes apps with privacy policies, 20 shared user data with partners or third parties.

Reading the privacy policy is a first step toward understanding what happens to data collected by the app, but it isn’t a guarantee of protection. Users should practice precaution and discretion before sharing any personal information.