SoylentNews is people
SoylentNews
Privacy of medical results obtained in a clinical setting are protected in the US by the Health Insurance Portability and Accountability Act (HIPAA). But what about non-clinical medical data gathered by phone apps and wearables such as a FitBit? Not so much. According to a new report, Rice expert: Be concerned about how apps collect, share health data your personal health data may be at risk:
As of 2016 there were more than 165,000 health and wellness apps available though the Apple App Store alone. According to Rice University medical media expert Kirsten Ostherr, the Food and Drug Administration (FDA) regulates only a fraction of those. Americans should be concerned about how these apps collect, save and share their personal health data, she said.
On Oct. 26 the U.S. Department of Health and Human Services will host a gathering of national experts to discuss "Data Privacy in the Digital Age." Ostherr, who is a professor of English and director of Rice's Medical Futures Lab, has been doing research on health and medical media for over 20 years, from "old" media like celluloid films used for medical education to "new" media like smartphone apps. She will present "Trust and Privacy in the Ecosystems of User-Generated Health and Medical Data" during a panel discussion.
[...] She said apps that make medical or therapeutic claims are considered a medical device and must go through the FDA procedures for approval and regulation. For some companies, that process is worth the time and effort, because their product could become covered by insurance.
But the vast majority of apps provide "helpful hints" in response to user-entered data, such as ideas for alleviating symptoms of a migraine.
[...] "If your app carefully sidesteps claiming any kind of medical intervention, then it's a health and wellness app and not a medical device — and it is not regulated," Ostherr said.
Regardless of whether an app is regulated, Ostherr said, they are all "capturing tons of personal data, some of which would be classified as personal health information if it were subject to oversight by the Health Insurance Portability and Accountability Act."
(Score: 3, Interesting) by Anonymous Coward on Saturday October 21 2017, @08:18PM
Doctors privacy policies are increasingly reserving the right to sell your entire medical record. Of course they're being tricky about it. One policy I read reserved the right to disclose(read: sell) your entire medical record if it was "aggregated or anonymized". Because of the word OR, it could be either and not necessarily both. So for example they could sell your medical record if it was aggregated even if it was not anonymized. Of course aggregated just means they put your record together with somebody else's record. A two for one deal. And when they anonymize it, they just scramble your name. But the entire industry scambles names the same way, so they just look up the scrambled name in their database to find the real name that scrambles to that value. Another trick is that this particular privacy policy wasn't actually the doctor's main one, but was the policy of the online appointment service that the doctor contracted with.
Another doctor's privacy policy mentioned they might share your record with their secretaries, billing departement, and business associates. But of course anyone can be a business associate if they have some money. Credit card companies say they may share your record with their affiliates. Someone checked it out and found one credit card company had 3000 affiliates.