The researchers found that the most common medical applications (apps) legally and regularly share user data, often without specifying the implications for users.
Quinn Grundy, PhD, RN, Assistant Professor, Faculty of Nursing, University of Toronto, Ontario, Canada, and her colleagues are advising clinicians to become aware of privacy breaches when they use the tools. applications personally and to warn patients when they recommend their use.
The researchers studied 24 of the best, drug-related, interactive applications available to the public in the United States, the United Kingdom, Canada, and Australia. All applications were on the Android mobile platform and provided information on the use, prescription, administration or dispensing of drugs. The applications used in the analysis are focused on both the patient and the clinician and are MedscapeThe application of.
Most applications shared user data
To determine when and what types of user data were shared, the researchers configured several dummy profiles and analyzed the traffic during a simulated use. Nineteen (79%) of the 24 applications tested shared some user data, researchers reported in an article published online March 20 BMJ.
A total of 55 unique entities, belonging to 46 parent companies, received user data, including developers and parent companies. Of these, 18 entities provided infrastructure-related services, such as cloud services and database platforms, and 37 (67%) provided services related to data collection and reporting. analysis of user data for purposes such as advertising, social media and user participation.
The most common types of user data shared were the device name (63% of applications), the operating system version (42%), the Internet browsing information (38%), the # 39; email address (38%), Android ID (33%) and medication list (25%). Some apps also shared more personal information, including name (21%) and date of birth (13%).
When reviewing entities that received data from applications, the researchers found that Amazon.com and Alphabet (Google's parent company) received the largest amount of user data (24 transmissions), followed by from Microsoft (14).
The authors note that even in the absence of personal identifiers, technical information, such as the device name and Android ID, can be important to privacy, especially when A company receives information from multiple sources.
"Many types of user data are unique and identifiable, or potentially identifiable when aggregated," they write.
In addition, many of those who have received and processed the data have a wide range, suggesting a high degree of risk.
"The sharing of user data ultimately has concrete consequences in the form of highly targeted advertising decisions or algorithms regarding insurance premiums, employability, financial services or banking." 39; housing suitability ", write Grundy and his colleagues.
Clinician-focused application data may be of particular interest to pharmaceutical companies, who can learn more about prescribing habits and targeting advertising.
The authors note that while the collection and sharing of user data is common and legal, this is not necessarily in the best interest of users. "Developers must disclose all data sharing practices and allow users to choose exactly what data is shared and with whom," the researchers write.
In the meantime, the authors recommend that clinicians "be aware of the choices they make regarding the use of their applications and, when they recommend applications to consumers, to explain the risk of loss of privacy in the context of informed consent ".
The authors point out several limitations of their study, including the inclusion of only Android-based applications, which means that they do not know whether and to what extent the iOS platform applications share Datas. In addition, the authors have selected widely downloaded and popular applications that may not be representative of other available applications.
This work was funded by a grant from the Sydney Policy Lab of the University of Sydney. The authors have not reported any relevant financial relationship.
BMJ. 2019; 364: l920. Full Text
Follow Medscape on Facebook, Twitter, Instagram and YouTube.