Security

Expert: Apple’s health push poses big privacy challenges

Members of the media look at the Apple Watch during an Apple event at the Flint Center in Cupertino, California, September 9, 2014. REUTERS/Stephen Lam (United States - Tags: SCIENCE TECHNOLOGY BUSINESS TPX IMAGES OF THE DAY) - RTR45L64

Members of the media look at the Apple Watch during an Apple event at the Flint Center in Cupertino, California, September 9, 2014. REUTERS/Stephen Lam (United States - Tags: SCIENCE TECHNOLOGY BUSINESS TPX IMAGES OF THE DAY) - RTR45L64  (REUTERS/Stephen Lam)

Apple’s push into health technology could bring big benefits, but it could also pose challenges for consumers as a host of apps tap into their personal data.

“There could be a big privacy issue,” warns Deven McGraw, a partner who specializes in health care practice at the law firm Manatt, Phelps & Phillips. “It really depends on what the app vendor is doing with that data.”

Health has become something of an Apple mantra as the tech colossus looks to tie its products more closely to consumers’ lifestyles. At the heart of its strategy is its Health app, which can work with fitness apps and devices such as Nike+ and Fitbit, as well as with medical apps.

Part of the new iOS 8 operating system for iPhones and iPads, the Health app is essentially a dashboard of health and fitness information that can contain data such as weight, calories burned and heart rate. It also lets users create an “emergency card” that contains important information, such as blood type and allergies that is visible on the lock screen – meaning anyone can see it without unlocking your device.

Underpinning the app is HealthKit, a tool for developers that lets health and fitness apps work together. Thus, a blood pressure app could share data with a physician app. Apple is already collaborating with the Mayo Clinic, health record specialist Epic Systems, Stanford Children’s Health/Stanford Medicine and Duke Medicine to develop ways to use the Health app.

Stanford’s project involves tracking blood sugar levels for children with Type 1 diabetes, while Duke is developing a pilot to track measurements such as blood pressure and weight for patients with cancer or heart disease.

But with a potential flood of apps coming onto the market, McGraw urges consumers to be cautious. Data held by a health plan, health care provider or lab is protected by the federal Health Insurance Portability and Accountability Act (HIPAA), she said,  “but if a patient is going to upload health or wellness data to a mobile app, it’s probably not covered by those laws.”

So consumers need to be mindful of that and research the apps that contain their medical data.

“It really becomes up to you. If you’re concerned about the sensitivity of data that you’re uploading and downloading to the app, you have to read and make sure that you understand the policies of that app,” McGraw said.

“You, as a consumer, have to be your own watchdog.”

Apple, clearly recognizing the importance of the issue, recently tightened its HealthKit privacy rules, warning software developers not to sell or share personal data to companies such as marketers.

“I give them credit for understanding and acknowledging that privacy issues are important,” McGraw said. But there’s still uncertainty about how Apple will enforce its rules, she added.

Security is also a concern, McGraw said, noting the recent online posting of naked photos of several Hollywood stars that were stolen from their iCloud accounts. “Due diligence is always a good idea,” she said, urging consumers to look for apps with state-of-the-art encryption.

Information held on Apple’s Health app will be encrypted on iPhones and on the company’s iCloud service, if users choose to back it up there, and it will be shared with other apps only if the user gives permission.

Despite the challenges, McGraw sees great potential for Apple’s Health app and HealthKit. “Being able to share your health data and manage it may be very important to you,” she said, “because you’re managing a chronic illness for yourself or a loved one.

“You really have to weigh the benefits against some of the risks involved. There could be some real benefits to be gained by using these tools.”

The new Apple Watch also forms part of the company’s health offensive, thanks to its heart rate sensor and an accelerometer, which measures distance traveled and can work with an iPhone’s built-in Wi-Fi and GPS to build a picture of a user’s daily activity. The smartwatch also comes with an Activity app, which can measure calories burned, brisk movement and how often a person stands. A Workout app is also built into the watch for detailed measurements of exercise.

But the smartwatch, which will be launched early next year, is already in the privacy spotlight. Earlier this week Connecticut Attorney General George Jepsen asked for a meeting with Apple representatives to address questions about how personal information collected through the device will be stored and safeguarded.

Follow James Rogers on Twitter @jamesjrogers