The Federal Trade Commission (FTC) and the US Department of Health and Human Services Office for Civil Rights (OCR) have issued a joint warning to nearly 130 hospitals and health-app developers regarding the potential privacy risks of online tracking technologies. The two agencies have expressed concern over technologies such as Meta Pixel and Google Analytics, which are capable of gathering personally identifiable information from users interacting with healthcare websites or mobile apps. The data collection process is often covert, leaving users unaware and powerless to stop it.
Research conducted in 2021 by the British Medical Journal (BMJ) confirms these concerns, revealing serious privacy issues in over 20,000 health-related mobile apps (mHealth apps). The study found that 88% of mHealth apps could access and share personal data from the estimated 99,366 medical and health apps available on Google Play and Apple Store. Disturbingly, data transmissions often occur over insecure channels, with technology giants such as Google and Facebook being the main culprits. Furthermore, 28% of mHealth apps did not have a privacy policy, and a quarter of user data transmissions contravened stated policies.
According to the joint letter, the unauthorized disclosure of an individual's personal health information can lead to a wide range of problems, from identity theft to financial loss, and even severe emotional distress. Such disclosures can also reveal sensitive information like health conditions, medications, frequency of visits to healthcare professionals, and treatment locations. The letter aims to enlighten healthcare providers and app developers about these privacy implications, urging them to adopt better data protection practices and handle users' personal information responsibly and transparently.
The FTC and OCR emphasize that the disclosure of such information could infringe upon the Health Insurance Portability and Accountability Act and the FTC Act. By highlighting these potential pitfalls, the agencies hope to foster an environment of greater accountability and regulation within the healthcare app sector, ultimately safeguarding user privacy.