As healthcare executives lobby the federal government to legislate how health apps can use patient data and how to disclose when they’re doing so, the Department of Health and Human Services is moving forward with rules that put the onus on patients. The challenge is that, even though it’s patients who ultimately hit the download button, they don’t always understand the implications of their actions. 

For example, Modern Healthcare reported in June 2019 that 3.5 million people’s data was exposed in breaches. According to Ponemon Institute and Verizon Data Breach Investigations, the health industry experiences more data breaches than any other sector.

Providers have reason to be concerned, too, says Kelli Garber, MSN, APRN, PPCNP-BC, and lead advanced practice provider and clinical integration specialist at the Medical University of South Carolina’s Center for Telehealth. “We’re seeing a lot of consumers taking on their healthcare,” Garber explains. “It’s our responsibility as providers to educate our patients. They’re responsible for entering their info. If they’re going to choose to use a health app, I want to support them in making the best choice possible.” What’s more, “a number of studies have shown that apps don’t safeguard users data and can collect passwords, contacts, Bluetooth and more info unrelated to the purpose of the app,” Garber adds. “There’s evidence that many share this info with third parties without users’ knowledge. I’ve also seen references to medical information being shared, such as X-rays and things, with cybercriminals fraudulently.”

Garber recommends providers take the following steps to help their patients use apps safely:

Advise patients to read the fine print

“There are pages of information in the privacy policy that we often skip over,” Garber says. When looking through them, patients should pay attention to:

• The source of the app: Is it a respected organization you can trust?
• Read reviews: Are they positive? What complaints do users have?
• The app’s creation and updated dates: Is it giving you the most recent information available?
• What info does the app collect?: And what’s the purpose of the info they’re collecting?

If the app doesn’t have a privacy policy or doesn’t tell you what data it collects, why, and where it will be used, steer clear, according to Garber.

Tell patients to only download apps associated with a known healthcare organization

It’s not enough to only download apps from organizations you recognize because even well-known brands can fall victim to data breaches. For example, Steve Cardinal, manager of security technology at the Medical University of South Carolina, says, “Anybody can get breached. That’s just a fact of life,” he explains. “Some companies lie in their privacy policy. Anthem, Mayo Clinic, and all these other healthcare organizations are not going to lie in their privacy policy. So if they get breached, they’re doing their best, whereas other companies we know, not so much.”

Garber’s patients most often use apps that pertain to fitness and nutrition, support the management of diabetes (including carb-counting and blood sugar monitoring), track menses, and help parents care for their children. Trusted apps she recommends to patients, and fellow providers include:

• LactMed: For information on how drugs or dietary supplements can affect breastfeeding
• CDC STD treatment guide: For info on identifying and treating STDs
• CDC Vaccine schedules: Quick access from CDC to ACIP-recommended immunization schedules, complete with footnotes
• Epocrates and Pedi QuikCal: For medication dosing and calculations
• Kidsdoc: For answers to medical advice questions that parents often have

Advise patients to ask you or a relevant specialist questions about app safety.

Garber says that healthcare providers’ education empowers them to identify which app creators are trustworthy more easily than lay people. So tell patients to ask a provider when in doubt about a specific app.

Become educated about the most reliable apps for your specialty.

Because there are some 325,000 health apps on the market, as a provider, you can’t expect yourself to assess the safety of every single one. Instead, Garber recommends “identifying a handful of apps in [your] specialty that [you] feel are vetted and reliable to share with patients. That should be the best of all worlds.”

When assessing apps for your patients, in addition to looking at the source and how their data will be used, Garber advises fellow providers to consider patients’ backgrounds.

“The right app depends on the population you’re serving,” she explains. “Think about their health literacy, access to mobile devices, and condition specifics. Make sure the app suits that individual family based on the whole picture.”