Health products like wristband monitors prompt privacy worries

"If you pass your goal, it plays some da-da! music to make you feel good about yourself," says Charlie Wynkoop, a 56-year-old project manager from West Los Angeles. A fitness device linked to his smartphone calculates and tallies points allocated for good behavior.
(Lawrence K. Ho / Los Angeles Times)

For the last year, Charlie Wynkoop has been tracking his exercise with a digital fitness device he wears on his wrist and syncs with his smartphone.

“If you pass your goal, it plays some da-da! music to make you feel good about yourself,” says the 56-year-old project manager from West Los Angeles. The device calculates and tallies points allocated for good behavior.

Healthcare Watch: In the July 27 Business section, an article about the privacy of health product users misspelled the last name of Derek Newell, chief executive of the Palo Alto healthcare technology company JIFF, as Newall. —

And it encourages Wynkoop to keep his activity level high. “I have found myself at 9 at night thinking I should walk around the block — because I’m only 300 points away from my goal,” he says.

But Wynkoop inputs only the information about himself needed to determine whether he’s met his fitness goals — his age and weight, for example. More than that, he won’t share. “I would be leery,” he says.

Digital devices and smartphone apps that track what we eat, how much we exercise, our weight, blood glucose and blood pressure, among other things, are widespread.


Nationwide, sales of digital fitness devices jumped threefold from 2012 to 2013, according to a recent report by the California Healthcare Foundation. More than half of U.S. consumers say they’re interested in buying a health monitor that can be used with their smartphone, computer or other device.

There’s no shortage of mobile health apps, either. According to Forrester Research, by the end of 2013, 40,000 health and wellness apps were available for download. And more are coming.

As consumers increasingly use mobile apps and devices to capture and store health-related information, they can release personal data that may not be as confidential as they thought.

“Most apps are created by independent app developers, and you, for the most part, don’t know what’s happening to the information” you input, says Paul Stephens, director of policy and advocacy with San Diego-based Privacy Rights Clearinghouse.

He says hundreds of companies, most of which are unknown to consumers, compile data and create dossiers on you that they exchange with other data brokers and with companies. For example, Stephens says, “We’re seeing a frightening trend where healthcare providers are buying the data to monitor the habits of their patients.”

Information in the wrong hands can thwart efforts to buy long-term care and life insurance policies or even to land a job, if insurers and prospective employers gain access to health data you didn’t intend to divulge, or even current habits that may increase your risk of developing a disease in the future.

Medical identity theft, in which your name and ID are used by another person to gain access to medical services, is also a concern, experts say.

Deven McGraw, a Washington, D.C., health privacy expert and lawyer, says consumers may be surprised to learn that all the information they upload is most likely not covered by the Health Insurance Portability and Accountability Act. HIPAA is the federal law implemented in 1996 that requires most healthcare providers and insurers to keep your medical information private.

“The coverage boundaries are really just for health plans and doctors and hospitals, not the vendors of tools like social media, apps and body sensors. As a result, it doesn’t matter how sensitive the information is; it won’t be protected,” McGraw says.

In California, the Confidentiality of Medical Information Act adds a possible extra layer of privacy protection. The law requires those who collect healthcare information to safeguard those data. But the law may not apply to all mobile applications.

Experts say consumers face a significant challenge to control their digital data. But there are steps you can take to help protect yourself.

Don’t ignore the privacy policy. Before using an app, read the privacy policy. Just be patient trying to get through it.

“It’s difficult because it may not be within the app itself and can be pages of legalese that is incomprehensible to the average consumer,” Stephens says.

Still, there are companies with very simple terms of service, and those may be worth searching for, says Derek Newall, chief executive of JIFF, a healthcare technology firm based in Palo Alto. “I’m always attracted to companies with simple language, without legalese,” he says.

Be a wary consumer. Although claims may be made about protecting the confidentiality of your information, a study of 43 of the most popular health and fitness apps conducted last year by the Privacy Rights Clearinghouse found that information gathered by health apps is frequently not transmitted securely.

Almost 75% of the apps studied sent data to third parties; nearly half shared personal information with advertisers — all without the user’s knowledge. Another analysis found that the top 20 health-related apps transmitted information to as many as 70 third-party organizations.

Look for clues. Check privacy policies for any mention of “advertisers” or “third parties” and find out how the information you share is stored.

“I might go to the trouble to find out if an organization has its own private cloud or uses a public service to store data. What security levels are they purchasing? Are they encrypting the information?” says Greg Sullivan, CEO of Global Velocity, a cybersecurity company in St. Louis.

Also, check who owns the data you input.

“If they own it, that means they can do whatever they want with it,” warns Simo Sentissi, an information security expert with ChipRewards, an Alabama firm that develops health incentive programs.

Avoid free apps. Developers are in business to make money. If they’re not charging you for the app itself, they’re probably either selling advertising or selling your information in order to make money. For that reason, experts say you’re better off using apps that require you to pay rather than those that are free.

“The frightening trend is selling information to data brokers that go on to sell to entities you can’t begin to contemplate,” Stephens says.

Newall’s advice: “Ask yourself what you want to track. Then go to a company that makes its money based on what it’s giving you rather than having to make money some other way.”

Limit the personal information you share. Enter only the bare minimum needed to use an app or device.

Check for all types of data an app collects. “We find many apps will collect information from your device, such as lists of contacts. What possible need would there be for an app to collect that sort of information?” Stephens says.

If you’re tracking how far you jog, location tracking will be necessary. Otherwise, turn that function off.

Never give out your Social Security number, and avoid the temptation to link to social media sites if it’s not necessary.

Wynkoop, the project manager from West L.A., says he’ll continue to use his fitness device. But he’s not sold on using apps to manage serious health issues, were he to develop any. “I don’t have trust they would keep that kind of information private.”

Zamosky is the author of “Healthcare, Insurance, and You: The Savvy Consumer’s Guide.”