Expert: Be Concerned About How Apps Collect, Share Health Data
As of 2016 there were more than 165,000 health and wellness apps available though the Apple App Store alone. According to Rice University medical media expert Kirsten Ostherr, the Food and Drug Administration (FDA) regulates only a fraction of those. Americans should be concerned about how these apps collect, save and share their personal health data, she said.
On Oct. 26 the U.S. Department of Health and Human Services will host a gathering of national experts to discuss "Data Privacy in the Digital Age." Ostherr, who is a professor of English and director of Rice's Medical Futures Lab, has been doing research on health and medical media for over 20 years, from "old" media like celluloid films used for medical education to "new" media like smartphone apps. She will present "Trust and Privacy in the Ecosystems of User-Generated Health and Medical Data" during a panel discussion.
"Members of the general public, including patients, have begun to play a newly important role in collecting data about health and disease," Ostherr said. "With the rise of mobile apps and the growth of smartphone and wearable-device use, people's daily lives have become experiments 'in the wild.'"
The data collected through these devices offer new opportunities and challenges to researchers who want to gather information about human behavior outside the controlled settings of lab-based studies, she said. However, what the researchers can achieve with the user-generated health data relies heavily on participants' willingness to share their data, even when doing so may not serve their own best interests.
"Part of my research is looking at ways the boundaries between medical and nonmedical environments are dissolving through the proliferation of apps that allow people to manage their own care outside of clinical settings," she said. "In some ways those boundaries are breaking down because a lot of things that used to only happen inside of hospitals can happen outside of them now."
Federal and state policy regulations that shape how personal health data is shared are currently in place. They set rigid boundaries between traditional clinical settings or "medical domains" and domains outside of traditional clinical settings, Ostherr said. But depending on how an app is classified by the FDA, the health-related data an app collects might not be protected.
She said apps that make medical or therapeutic claims are considered a medical device and must go through the FDA procedures for approval and regulation. For some companies, that process is worth the time and effort, because their product could become covered by insurance.
But the vast majority of apps provide "helpful hints" in response to user-entered data, such as ideas for alleviating symptoms of a migraine.
"If your app carefully sidesteps claiming any kind of medical intervention, then it's a health and wellness app and not a medical device -- and it is not regulated," Ostherr said.
Regardless of whether an app is regulated, Ostherr said, they are all "capturing tons of personal data, some of which would be classified as personal health information if it were subject to oversight by the Health Insurance Portability and Accountability Act."
And, she said, the likelihood that the data from the unregulated health apps makes its way back into a medical setting where a patient could benefit from a physician's review of that data is "almost nil."