mHealth Apps: Is my data secure?
Have you ever entered information into an app you downloaded to your phone and wondered where that information was going? If so, you’re not alone. Individuals commonly report privacy and security as important features when selecting mobile health apps and in fact, concerns for privacy and security serve as barriers to downloading apps in the first place. Therefore, confidence in data security is a key factor in the use of mHealth apps. Some basic questions on data use should be easily answerable for users: Is your data being stored somewhere? If so, where? Is it secure? And who has access to it? Unfortunately, in practice, the answers to these questions are rarely readily available to users.
One type of rating that PsyberGuide provides is transparency of privacy policies. Transparency ratings determine how clearly and thoroughly an app describes their data handling and procedures, and addresses the questions asked above. While completing these evaluations over the past couple of years, the PsyberGuide team identified a concerning trend; many mental health apps provided inadequate privacy policies or missed having one altogether. In response, we took to the literature to see if this was a common trend across mental health apps.
Overall, our findings painted a bleak picture for what may be a larger pattern for mental health apps broadly. This begs the question: why aren’t developers providing detailed information to users? One key reason why so few mental health apps have comprehensive privacy policies is that they receive little regulatory oversight. Mental health apps are being developed at such a high rate that is simply not feasible to regulate them all. But even without formal regulation, improving transparency around data security should be a top priority for developers. Improving transparency around data security would benefit users, clinicians, and developers alike. Fear of lax data handling is a well-documented barrier for users trying out new health apps, as well as clinicians recommending them to patients. Use of these apps may increase by simply providing the adequate privacy policies so that users and clinicians can make educated decisions. Furthermore, this increased confidence could lead to a commercial advantage for developers.
There are a number of ways that developers can improve the communication of their procedures for data security and privacy.
- The policy itself should be written in clear language that users can understand. Researchers have found that privacy policies for apps tend to require college-level literacy, which is well beyond the national average reading level. Many policies are full of jargon and vague language that can leave the reader with more questions than answers. Therefore, developers should provide explicit statements describing privacy procedures with appropriate detail, free of jargon and needlessly complex language.
For mhealth to reach its full potential, developers must help increase user confidence in the use of apps. One way to do this is to provide complete information on data security and privacy in a way that is digestible for the reader.