Medical apps are increasingly popular in everyday life, but few know the privacy dangers. Here are what they are
Among the many personal data that can be defined as “sensitive,” there are some that are more sensitive than others: our health data, those on our state of health. More than the data on our tastes in terms of shoes and clothes, electronic products or travel, the data on how we are are the most precious and delicate ones.
There are more and more apps that collect and send this data to someone: pharmacy apps, medical apps, calorie counting apps and even the most advanced fitness apps if they are connected to devices such as pulse oximeters and heart rate monitors. Knowing what medications a person takes, their medical records, how many calories they consume and what they eat if they want to lose weight or have diabetes, what is the state of health of their cardiovascular system, is equivalent to sitting on top of a gold mine. How much would insurance pay to buy, if it could, information about our health? How much would a pharmaceutical company pay to buy, if it could, information about what our chronic diseases are? How much would a food supplement company pay to buy, if it could, information about our weight and diet? This is why it is necessary to clarify who, and how, must manage the data collected by medical and assimilable apps.
Medical apps: what the Privacy Guarantor says
The Authority for Privacy has expressed its opinion on apps for doctors (and apps similar to them) with provision no. 55 of 7 March 2019, through which he specified that it is necessary to make a difference between ” treatments for treatment purposes ” and ” treatments for other purposes “. The first are those strictly related to the treatments that the patient does following a normal prescription from the doctor. If I have high blood pressure and the doctor prescribes me a drug asking me to measure the pressure every day and record it in an app, then the data collected by the app are clearly ” for treatment purposes “.
If I am obese and the dietician doctor diets me to lose pounds and asks me to record my weight every morning and enter it in the app, then my weight is a data collected for healing purposes. But if I am not obese, I have no metabolic disease and simply every now and then I go on a diet on the advice of the dietician, then the data that I enter in the app is not ” for treatment purposes “.
Medical apps: who can do what
In the case of data collected for treatment purposes, according to what the Privacy Guarantor says, the doctor is not required to let us sign the consent to the treatment because it is already required, by law, to professional secrecy. This does not mean that he cannot share our health data with others, but he can show it to another doctor, for consultation, or insert it anonymously in a clinical study. But he cannot share them with anyone else. As for the data collected for other purposes, however, the doctor or anyone else can collect and archive them, but only after having made us sign an explicit declaration of consent.
