Many NHS Health Apps Leak Data, Study Finds

CyberCrimeMobile AppsMobilitySecuritySecurity ManagementSmartphones
© Monika Wisniewska - Fotolia.com
0 26 No Comments

Many NHS-accredited health apps have poor privacy standards and don’t secure customer data, study finds

Researchers have discovered that a vast number of health apps do not properly secure customer data and have poor privacy standards that could allow personal information to be compromised.

Those were the key findings of the study, the findings of which have been published in the open access journal BMC Medicine.

Data Leaks

The study examined a range of smartphone apps that are health related. The apps tend to cover health subjects such as weight loss, becoming more active, stopping smoking and cutting back on alcohol.

Over a six month period, the researchers in total examined 79 apps certified as clinically safe and trustworthy by the UK NHS Health Apps Library, which tests programs to ensure the apps meet standards of clinical and data safety.

The NHS logo on a signBut despite this vetting, the researchers found that many of the apps fell well short, with some apps ignoring privacy standards, and other apps even transmitting unencrypted customer data in the clear.

The apps that leaked the most data have now been removed from the NHS Health Apps Library.

“The study revealed that 89 percent of apps transmitted information to online services,” said the study. “No app encrypted personal information stored locally. Furthermore, 66percent of apps sending identifying information over the Internet did not use encryption and 20 percent did not have a privacy policy.”

That said, the majority of apps (67 percent) did have some form of privacy policy, but most did not adequately explain how the personal data would be used.

“Four apps sent both identifying and health information without encryption,” said the study. “Accreditation programs should, as a minimum, provide consistent and reliable warnings about possible threats and, ideally, require publishers to rectify vulnerabilities before apps are released.

“If we were talking about health apps generally in the wider world, then what we found would not be surprising,” Kit Huckvale, a PhD student at Imperial College London, who co-wrote the study told the BBC.

But he said that as the apps were already supposed to have been vetted and approved, finding that most of them did a poor job of protecting data was a surprise. He said that the NHS needed to work harder on testing because of how apps were likely to be used in the future.

“The study is a signal and an opportunity to address this because the NHS would like to see strategic investment in apps to support people in the future,” he told the BBC. “We will see them used more often and become much more complex over time.”

NHS Changes

“We were made aware of some issues with some of the featured apps and took action to either remove them or contact the developers to insist they were updated,” NHS England was quoted as saying. “A new, more thorough NHS endorsement model for apps has begun piloting this month.”

Earlier this month, Tim Kelsey, the national director for patients and information at NHS England, resigned just weeks after he revived the NHS plan to ditch the use of paper within England.

Kelsey was the man in charge of a number of NHS initiatives, including the controversial Care.data scheme, which a government watchdog said in June was “unachievable” in its current form.

Do you know all about public sector IT? Take our quiz!


Author: Tom Jowitt
Click to read the authors bio  Click to hide the authors bio