Health apps leak personal data, warns new study

28th September 2015

Almost nine in ten NHS accredited health apps leak personal data, says a new report in the medical journal BMC Medicine

Researchers, from Imperial College London, looked at 79 apps certified as clinically safe and trustworthy by the UK NHS Health Apps Library.

The study reported that 89 per cent of them transmitted information to online services and none encrypted personal information stored locally.

•    66% of apps sending identifying information over the internet did not use encryption
•    20% did not have a privacy policy
•    78% of information-transmitting apps with a privacy policy did not describe the nature of personal information included in transmissions
•    Four apps sent both identifying information and health information without encryption
•    Two apps appeared to place users at risk of data theft because of security problems

It is currently estimated that 1.5 billion smartphone users have a health app – a number that is set to treble in the next three years.

The NHS has ambitions to get 15% of patients routinely reading and adding to their online medical records using smartphones apps in the next 12 months.”

Kit Huckvale, a PhD student at Imperial College London who co-wrote the study, said that the NHS needed to put more investment into apps:

He said the study was a signal and an opportunity to address this at a time when the NHS would like to see strategic investment in apps to support people.

A spokesman for the NHS England said that a new, more thorough NHS endorsement model for apps has begun piloting this month.”

Ref: Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment