Your health app could share your medical data | Health

A new study reveals that this new health app that you have downloaded to your phone to keep track of your medications could share your information with many independent companies, some of which have nothing to do with health care .

When the researchers executed two dozen drug applications using a fictitious identity in order to track what was done with the data, they discovered that sharing was a routine and was far from being transparent.

"The main conclusion of our study is that health data is widely shared with companies that have nothing to do with health," said Quinn Grundy, study lead, badistant professor in the faculty of health. University of Toronto Nursing. "The consumer has no way of knowing exactly what is going on with his data and what would be the consequences."

"It's an invasion of privacy that can not only be embarrbading, but also have a big impact on our lives, just like credit score," Grundy said.

Grundy's team has tested 24 of the highest-rated publicly available drug applications designed to run on Android phones in the UK, US, Canada and Australia. Interactive applications provide information on the delivery, administration or use of drugs.

After downloading each application to a smartphone with one of the four fictitious users, the researchers ran each of these applications 14 times to observe its "normal" network traffic related to 28 types of user data, including the Android ID, the date of birth of the user, his email and his precise location.

Then they modified a source of user information and ran the application again to detect leaks of sensitive information sent to a remote server outside the application. Companies receiving sensitive user data were then identified by their IP address, allowing researchers to thoroughly review their websites and privacy policies.

Nineteen of the 24 applications shared data, report the authors in The BMJ.

In total, the data was shared with 55 unique entities belonging to 46 parent companies – including developers, parent companies and service providers, many of whom were involved in collecting user data for purposes of Analysis or advertising. Service providers also announced the possibility of sharing user data with 216 other entities or third parties, including multinational technology companies, digital advertising companies, telecommunication companies and a credit reporting agency. the consumption.

The privacy experts in health care were not surprised by the results.

Although health care providers are required to preserve patients' privacy, technology companies are not, said John Houston, vice president of privacy and security for the province. Information and Associate Advisor of the Medical Center of the University of Pittsburgh.

The great concern of app users is how their data will be used and by whom, Houston said. "What if an employer decides you're at risk for cardiovascular disease and you do not want to engage?", He added.

While the risk of personal data being shared has been around for some time, "we are now at a critical juncture," said Jennings Aske, senior vice president and chief security officer at NewYork-Presbyterian Hospital. "We realize that this is no longer a niche problem. My biggest complaint is that decisions are made about you based on imperfect data that may ultimately have a negative impact. "

Although companies say that shared data has been anonymized, "it's not so difficult to combine data from multiple sources to determine who you are," said Aske. "And finally, you can remove my name from something, but my Mac address for iPhone is still there and my cable provider keeps pretty much the same IP address."