It started with GPS in mobile phones. Applications were developed that could track how far you ran or rode your bike, keep track of your route, and estimate the calories you burned. It wasn’t long before monitoring devices became smaller and more sophisticated; today they’re small enough to fit into a wristband that regularly transmits a wealth of data — including activity, heart rate, sleep cycles and skin temperature — back to servers that display the data for users online.
Meanwhile, back at your doctor’s office, medical monitoring devices were undergoing a similar evolution. Devices to monitor heart health, blood sugar levels, oxygen saturation, pulse, and galvanic skin response have become smaller and more portable. It was almost inevitable that the two device fields would start to overlap; but what’s more of a surprise is the growing popularity of such devices. ABI Research expects just the mobile sensor market to reach $400 million by 2016.
The fastest growth is happening with mobile fitness devices, because they have a less stringent regulatory environment. Yet as these mobile sensors become more accurate, they can accumulate a wealth of personal data about our age, fitness level, interests, social media activity, and online accounts like email and Twitter. Privacy experts caution that consumers may be underestimating the diagnostic capabilities of even rudimentary data collection tools. With downloads of health and fitness related apps expected to exceed a billion by 2016, the privacy implications are staggering.
Hacking Your Body
For many young people, the desire to improve performance, lose weight, and experiment with virtually every health-related variable in their lives is trumping privacy concerns. There are literally dozens of sites where users routinely log and share their exercise routines, diet, and weight loss progress and solicit advice from other users. For those who want to take that analysis to the next level, there are sites like WellnessFX, which issues lab orders for blood tests that range from a quick overview to an almost insane level of detail and complexity. Online you can even get medical, nutritional, and fitness advice, and development plans from doctors, nurses, and nutritionists. The data is made available, and users can track their own progress and share the results with friends, export the data to fitness-related websites and applications, or even share it with their own doctor.
That’s a Lot of Data Floating Around
The Privacy Rights Clearinghouse warns in a 2013 report that consumers should not assume their data in any mobile application, including health and fitness apps, is private. The study reached that conclusion after studying 43 popular health and fitness applications with large user bases. The analysis found sloppy technical implementations, including apps that transmitted sensitive data in the clear across unencrypted connections, and sometimes transmitted that data to third party servers without informing their users.
What About HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA), the law that’s supposed to secure your medical data from prying eyes, was implemented in 1996 when the Internet was still in its infancy. As it stands today, fitness and health related apps don’t have to play by the same rules as your doctor’s office — and HIPAA doesn’t come into play.
The real issue that consumers should consider is that even routine systems data like your pulse, resting heart rate, temperature, and exercise regimen, collected and analyzed over a long period of time, can be used to draw a surprising number of highly-accurate conclusions about your general health and possible injuries. Most people wouldn’t give it a thought — until they twist an ankle sometime, and almost immediately start getting ads for sports rehab clinics and orthopedic medical services.
While diet and fitness apps can be great tools for building a healthier you, be careful about the amount of health data you store and share. Sometimes you never know who’s watching.