HealthDay News — Privacy policies for health programs – or “apps” – designed for smartphones that share highly sensitive medical information between patients and doctors are lacking, and often are completely missing, according to a study published in the March 8 issue of the Journal of the American Medical Association.

Sarah Blenner, JD, MPH, of the Illinois Institute of Technology Chicago-Kent College of Law in Chicago, and colleagues focused on 211 diabetes-specific apps available for download in mid-2014 on Google Play. Blenner and her associates noted that Google Play mandates that all apps post a point-of-sale list of information-handling “permissions” that consumers must agree to before downloading, whether or not they’re actually read.

Among the apps studied, these permissions included: tracking patient location (nearly 18%); remotely activating a user’s microphone or camera (about 4% and 11%, respectively); and modifying or deleting stored information (64%). The study authors also found that about 80% of the apps actually had no declared privacy policy of any kind. And of the roughly 20% that did have a privacy policy, patient privacy protection was very often not the main focus, the researchers said.

Continue Reading

Among 65 apps randomly selected by the research team, more than 86% placed tracking “cookies” on users’ phones to monitor sensitive health information (such as insulin levels) that could be easily shared with third parties. More than three-quarters shared such information, whether or not they had a privacy policy in place, the investigators found. “Consumers really need to understand what an app developer’s privacy practice is before downloading and using these apps,” Blenner told HealthDay. “Because once their medical information is leaked, they can’t ever regain control over it.”


  1. Blenner SR, Kollmer M, Rouse AJ, et al. Privacy policies of Android Diabetes Apps and Sharing of Health Information. JAMA. 2016;315(10):1051-1052; doi: 10.1001/jama.2015.19426