Many NHS-accredited health apps have poor privacy standards and don’t secure customer data, study finds
Researchers have discovered that a vast number of health apps do not properly secure customer data and have poor privacy standards that could allow personal information to be compromised.
Those were the key findings of the study, the findings of which have been published in the open access journal BMC Medicine.
The study examined a range of smartphone apps that are health related. The apps tend to cover health subjects such as weight loss, becoming more active, stopping smoking and cutting back on alcohol.
Over a six month period, the researchers in total examined 79 apps certified as clinically safe and trustworthy by the UK NHS Health Apps Library, which tests programs to ensure the apps meet standards of clinical and data safety.
But despite this vetting, the researchers found that many of the apps fell well short, with some apps ignoring privacy standards, and other apps even transmitting unencrypted customer data in the clear.
The apps that leaked the most data have now been removed from the NHS Health Apps Library.
“Four apps sent both identifying and health information without encryption,” said the study. “Accreditation programs should, as a minimum, provide consistent and reliable warnings about possible threats and, ideally, require publishers to rectify vulnerabilities before apps are released.
“If we were talking about health apps generally in the wider world, then what we found would not be surprising,” Kit Huckvale, a PhD student at Imperial College London, who co-wrote the study told the BBC.
But he said that as the apps were already supposed to have been vetted and approved, finding that most of them did a poor job of protecting data was a surprise. He said that the NHS needed to work harder on testing because of how apps were likely to be used in the future.
“The study is a signal and an opportunity to address this because the NHS would like to see strategic investment in apps to support people in the future,” he told the BBC. “We will see them used more often and become much more complex over time.”
“We were made aware of some issues with some of the featured apps and took action to either remove them or contact the developers to insist they were updated,” NHS England was quoted as saying. “A new, more thorough NHS endorsement model for apps has begun piloting this month.”
Do you know all about public sector IT? Take our quiz!