A new study reveals that dozens of apps endorsed by the National Health Service (NHS), four publicly funded health care systems in the United Kingdom, are transmitting personal and medical information over the web without any protection.
According to The Guardian, researchers from the Imperial College London examined 79 apps endorsed by the NHS health apps library and found that several of them do not employ encryption when sending patients’ personal and medical information online. These apps, some of which address potentially sensitive topics including weight loss and pregnancy, could therefore jeopardize users’ privacy and put them at risk of data theft.
The Imperial College London research team found that, among other things, 23 of the 79 study apps (30%) lacked encryption measures for the transmission of personal information. An additional four apps sent both personal and medical information over the web without protection.
Kit Huckvale, a PhD student at Imperial College London who co-wrote the study, offered his comments on the research team’s findings:
“It is known that apps available through general marketplaces had poor and variable privacy practices, for example, failing to disclose personal data collected and sent to a third party. However, it was assumed that accredited apps – those that had been badged as trustworthy by organisational programs such as the UK’s NHS Health Apps Library – would be free of such issues. Our study suggests that the privacy of users of accredited apps may have been unnecessarily put at risk, and challenges claims of trustworthiness offered by the current national accreditation scheme being run through the NHS. The results of the study provide an opportunity for action to address these concerns, and minimise the risk of a future privacy breach. To help with this, we have already supplied our findings and data to the NHS Health Apps Library.”
In response to the work of Huckvale and his colleagues, a spokesperson for NHS Choices has issued the following statement:
“It’s important that all of the apps listed on the NHS Health Apps Library meet the criteria of being clinically safe, relevant to people living in England and compliant with the Data Protection Act. We were made aware of some issues with some of the featured apps and took action to either remove them or contact the developers to insist they were updated. A new, more thorough NHS endorsement model for apps has begun piloting this month.”
These findings follow on the heels of an announcement made by UK Health Secretary Jeremy Hunt earlier this year that a quarter of UK users will be able to look up their medical information on an NHS-endorsed app by 2017. It also comes just after a new Raytheon|Websense report found that the healthcare industry is four times more likely to suffer advanced malware attacks than any other industry.