How Health Data from Your Apps Is Being Bought and Sold

Dann Albright 24-03-2016

The past few years have seen an explosion in the number of health and fitness apps The Best Health and Fitness Apps by Runtastic Put to the Test Runtastic, the makers of one of the best fitness apps for Android, also have a lot of other apps. We take a look at all of them to see if they're worth your time. Read More — from apps that track the number of steps you take in a day to ones that log the calories you eat to others that help you monitor specific medical conditions. Which means that there’s a lot of health data now being collected by our devices.


Data that, along with much of the other information you generate, is being sold.

Your Health Data Is Valuable

“Health data” is, of course, a wide-ranging term. What, exactly, qualifies as health data? It depends who you ask. For the sake of simplicity in this article, though, I’m going to use a very broad definition: everything from blood pressure measurements logged into Apple’s Health app iOS 8 Turns Your iPhone Into A Personal Healthcare Monitor Apple's new watch will turn your iPhone into a revolutionary device for managing your health and fitness – here's how it works. Read More to the number of miles you biked and logged in MapMyFitness. The diet information Track Your Diet And Get Leaner With These Web Apps The envy worthy fitness levels of athletes comes from years of rigorous fitness regimens and healthy diets. If you aren’t a sportsperson, you won’t be able to duplicate it to that extent, but you can... Read More you include in LoseIt! and the information you enter into Glow’s fertility app fall under this category, too.

You’d be forgiven for thinking that all of this information is private and, for the most part, not that valuable. But like any other type of data, a lot of companies out there are selling it to make money. Marketing companies can make use of health data just like they can any other data — to better target ads Why Am I Seeing This Ad? How Social Media Ads Target You Every social media site out there shows us ads. But sometimes, those ads can get very specific towards you, often showing you ads that seem creepy and stalkerish. How do they do that? Read More .


Let’s say you were using LoseIt! on a regular basis in an effort to lose weight. A marketer could use that information to target you with ads about weight-loss products. Or you used MapMyFitness to log a hike in the mountains; you might start to see ads about outdoor clothing. If your next workout was logged as a bike ride, you could see cycling equipment advertised.


What about data for which you have a reasonable expectation of privacy? Like using a smartphone-based glucose monitor 17 Best Health and Fitness Gadgets to Improve Your Body Over the past few years, innovation around health and fitness gadgets has exploded. Here are just a few of the amazing pieces of kit you'll be able to use to keep you feeling great. Read More to keep track of your blood sugar? A marketer would pay a lot to find out that you’re diabetic, as that puts you in a rather small market where you can be targeted very specifically.

It’s not hard to imagine a lot of other situations in which your health data would be valuable to marketers. There’s virtually no limit to the extent of ad targeting that ad networks will attempt.

Buying and Selling Your Health Data

Health data privacy and security Healthcare: The New Attack Vector for Scammers & ID Thieves Healthcare records are increasingly used by scammers to make a profit. While there are massive advantages to having a digitized medical record, is putting your personal data in the firing line worth it? Read More are big issues — it’s something that the government is concerned about, and something that both state and private organizations keep a close eye on. Leaked private health data can have very serious consequences for people, and it’s regulated with a proportional degree of oversight.

But the explosion of health apps has created a new opportunity for developers, marketers, and some members of the healthcare business, and they’re not about to let that opportunity slip away. Before we get into that, though, there’s a particular piece of legislation that’s of importance to this discussion.


A Quick Note about HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a complex piece of legislation that regulates the sharing of confidential health data — you’ve probably signed a lot of HIPAA forms in your visits to the doctor’s and dentist’s office. The privacy rules set down in HIPAA govern the use and disclosure of data by “covered entities,” which are healthcare providers, health insurers, and healthcare clearinghouses.


According to the Department of Health and Human Services, healthcare clearinghouses are defined as

entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

The definition is rather nebulous, and could be interpreted in a number of ways, which leads to the ambiguity of health apps, the data they collect, and what they can do with it. And as data changes hands multiple times, it gets harder to keep track of how HIPAA might affect it.


Back to the idea of selling your health data.

Because app developers (as long as they’re not affiliated with a covered entity) and marketing companies aren’t covered under HIPAA, they can trade your health information without much fear of reprisal. So your health data is going to continue being sold to marketers, and there’s not much you can do about it.

Can Insurers Buy This Data?

However, the issue that has a lot of people worried is health insurance providers. If your health data is out on the market, can health insurance providers buy it and use it to adjust your premium? It’s no secret that insurers are mining massive amounts of data from a number of sources to try to make predictions about your risk level, and it certainly makes intuitive sense that they’d try to capitalize on the data generated by health apps, too.

Back in 2013, a study commissioned by the Financial Times found that the top 20 fitness apps, including MapMyFitness, WebMD, and iPeriod, were transmitting information to up to 70 different third-party companies, and stated that there was a chance that this information could end up in the hands of pharmaceutical and insurance companies.



Of course, “could” is an important word in that sentence. HIPAA may make that process difficult or impossible, depending on whether or not the information generated by these apps is considered protected health information or not. Information about “health status” is considered to be protected, but exactly what does that entail? Does your three-mile walk count as health-status-related information? It’s hard to know.

With improvements in data analysis, it may not matter for long. There are all sorts of information that aren’t protected by HIPAA, but could be extrapolated using algorithms to be useful to health insurance companies. If you post a lot on Facebook about partying, for example, a health insurance company could place you in a higher risk bracket because you’re likely to consume more alcohol than average (much like credit companies are doing already 5 Ways Facebook's Lack of Privacy Can Cost You Money Overlooking how Facebook activity could affect your financial life is a big mistake, as many people have found out recently. Here are five ways that actions on Facebook could cost you money. Read More ).

Some commentators have brought up other sorts of issues that you should be aware of if you’re using apps to store your health data. For example, if an insurance company buys an app developer, all of that data now begins to the insurer. Exactly how HIPAA would cover this is unclear, but it’s a safe bet that a lot of that data would be put into their system.

An Evolving Issue

Because health apps are a relatively recent arrival on the app scene (at least at their current scale), the issue of how your health data is handled is one that continues to evolve. Who can buy and sell this data, what they can do with it, and what expectations you can have of your privacy are difficult to pin down at any given time, but what’s clear is that your data is being sold — definitely to data brokers and marketers, and possibly to insurers.

And don’t be fooled by the “we won’t sell your information” clauses in the privacy policy of those fitness apps. That often doesn’t hold up, as transferring information between partners, trading assets, and other actions don’t fall under the category of selling.


So we’re currently in a strange sort of limbo — a lot of this selling is going on, but we’re not entirely sure who’s doing the buying. We have a fairly reasonable expectation of privacy on this data, but we’re also complicit because most users generally don’t do much to look into the privacy policies (or permissions requests What Are Android Permissions and Why Should You Care? Do you ever install Android apps without a second thought? Here's all you need to know on Android app permissions, how they've changed, and how it affects you. Read More ) of their apps. Might it be time to give up on these types of app and service in favor of old fashioned maps and math?

This issue isn’t yet a hot-button one, but it’s possible that we’ll be seeing a lot about this in the near future as more people become savvy to the kinds of transactions that are being completed with information about their lives as the currency.

What do you think about health apps selling your data? Are you worried that companies could be getting more of your information that you’re comfortable with? Or do you not care? Have you given up Why Have Americans Given Up On Privacy? A recent study by the University of Pennsylvania's Annenberg School for Communication concluded Americans are resigned to giving up data. Why is this, and does it affect more than just Americans? Read More on trying to protect your personal data? Share your thoughts in the comments below!

Image credit: Georgejmclittle via Shutterstock.

Related topics: Health, Online Privacy, Smartphone Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    March 24, 2016 at 5:33 pm

    MakeUseOf should promote a privacy statement to cover these various issues and then use it's influence to see that software companies/apps use it in their "accept" that comes with most software.

    But it should always remain the responsibility of the buyer as to what he/she is getting/buying (apart from actual fraud).

    • Dann Albright
      March 25, 2016 at 2:14 am

      That's an interesting idea! We're not big into the activism business, but it's something we could definitely think about. Yes, "buyer beware" is always going to be the biggest thing that you have to keep in mind, no matter what you're using. Even if it's free and you don't think you're a buyer!