From the Journals

Data sharing to third parties prevalent in depression, smoking cessation apps


 

FROM JAMA NETWORK OPEN

When making prescribing decisions, health care professionals should assume that apps for depression and smoking cessation will share user data with third parties despite claims made in privacy policy statements, recent research shows.

“Mechanisms that potentially enable a small number of dominant online service providers to link information about the use of mental health apps, without either user consent or awareness, appear to be prevalent,” Kit Huckvale, MB ChB, MSc, PhD, of Black Dog Institute at the University of New South Wales Sydney in Randwick, New South Wales, Australia, and colleagues wrote in their study. “Mismatches between declared privacy policies and observed behavior highlight the continuing need for innovation around trust and transparency for health apps.” The study was published in JAMA Network Open.

Dr. Huckvale and colleagues examined the top 36 depression and smoking cessation apps for Android and iOS in the United States accessed in January 2018; Of the apps downloaded, 15 apps were Android-only, 14 apps were iOS-only, and 7 apps were available on both platforms. The apps were assessed over a series of two sessions while network traffic was captured during use, which allowed researchers to determine what personal information was in each data transmission and where the information was going.

There were 25 apps with a privacy policy (69%), 22 of 25 apps (88%) described how that app primarily collected data, and only 16 of 25 apps (64%) provided information on secondary uses of data. Despite 23 of 25 apps (92%) addressing “the possibility of transmission of data to any third party,” 33 of 36 apps overall (92%) transmitted data to third parties. The two most common entities that received third-party data for marketing, advertising, or analytic purposes were Google and Facebook (29 of 36 apps; 81%). However, 12 of 28 apps (43%) that sent data to Google and 6 of 12 apps (50%) that sent data to Facebook disclosed that they would share data with those companies.

The type of data sent to Google and Facebook consisted of a strong identifier to the device or a username (9 of 33 apps; 27%), or a weak identifier in the form of an advertising identifier or a pseudonymous profile that can link users to their behavior on the app and on other products and platforms (26 of 33 apps; 79%).

“As smartphones continue to gain capabilities to collect new forms of personal, biometric, and health information, it is imperative for the health care community to respond with new methods and processes to review apps and ensure they remain safe and protect personal health information,” the researchers concluded.

One of the investigators, Mark E. Larsen, DPhil, reported receiving grants from National Health and Medical Research Council. The other authors reported no relevant conflicts of interest.

SOURCE: Huckvale K et al. JAMA Netw Open. 2019. doi: 10.1001/jamanetworkopen.2019.2542.

Recommended Reading

LTC-associated suicide among older adults more common than previously thought
MDedge Internal Medicine
Ask patients about worst example of suicidal ideation
MDedge Internal Medicine
Patients with mood disorders may have altered microbiome
MDedge Internal Medicine
Consider iatrogenesis in patients with new psychiatric symptoms
MDedge Internal Medicine
Increased awareness needed of bipolar disorder in primary care
MDedge Internal Medicine
Case shows power of collaborative care for depression
MDedge Internal Medicine
Anticholinergic drugs linked to dementia in older populations
MDedge Internal Medicine
Sexual assault in military linked to sexual pain
MDedge Internal Medicine
Ketamine edges out ECT for refractory depression in small study
MDedge Internal Medicine
More cognitive rigidity found in patients with depression plus fibromyalgia
MDedge Internal Medicine