How to Balance Third-Party Health App Benefits With Security, Privacy Risks

November 28, 2022 - The growing popularity of third-party health apps is justified: they allow patients to take charge of everything from chronic disease management to menstrual cycles.

“These apps hold a lot of promise for patients to get more engaged in their own healthcare,” Tina Grande, executive vice president for policy at the Healthcare Leadership Council and chair of the Confidentiality Coalition, said during the latest episode of Healthcare Strategies.

Listen to the full podcast to hear more details. And don’t forget to subscribe on iTunes, Spotify, or Google Podcasts.

Marilyn Zigmund Luke, vice president at AHIP, and Robert Tennant, vice president of federal affairs at the WEDI, agreed with Grande, noting that health apps can help patients and caregivers with care coordination.

But all three experts stressed that these apps often (though not always) fall outside HIPAA’s purview, leaving them in a regulatory gray area when it comes to security and privacy.

“Some apps that are outside [HIPAA] are not subject to that sort of regulatory legal structure, and the consumers may not always be aware of it,” Zigmund Luke explained.

“I think there's a major vulnerability in terms of privacy and security from the consumer perspective, and we need to do more in terms of education as well as bringing those applications into a legal structure that would give better protections from the consumer viewpoint.”

In March 2022, WEDI and the Confidentiality Coalition penned a letter to the HHS and Department of Commerce secretaries to raise concerns and provide recommendations regarding health apps and patient privacy.

In the letter, Tennant noted, “we emphasize the fact that we are not interested in slowing the progress of apps. “

But the groups called for additional government guidance to help providers and patients balance security risks with health app benefits, including a voluntary accreditation program that would give assurances to patients and providers that apps have met a minimum level of privacy and security.

Despite health apps’ potential to improve care coordination and chronic disease management, the experts suggested that privacy and security risks must be addressed further at a federal level.

“We encourage the government to really increase its education for both patients and covered entities as well, letting them know about the opportunities that apps allow for, but also warning them of the potential dangers should the patient not read the terms and conditions,” Tennant stated.