Research in the open access journal BMC Medicine has revealed that some clinically accredited health apps may not have complied with data protection.

Some health apps, which covered areas such as weight loss, alcohol harm reduction, smoking cessation and long-term condition self-care, were found to be sending unencrypted personal and health information, potentially putting the privacy of users at risk. This is despite app accreditation programs such as the NHS Health Apps Library (a curated list of apps for patient and public use). Registered apps undergo an appraisal process that examines clinical safety and compliance with data protection law.

The researchers from Imperial College London, UK, and Ecole Polytechnique CNRS, France, reviewed 79 apps that were listed on the UK NHS Health Apps Library in July 2013 over a six-month period. They found that 70 of the apps transmitted information to online services and 23 of those sent identifying information over the internet without encryption. Of the 38 apps that had a privacy policy and transmitted information, the privacy policy did not state what personal information would be included in the transmissions. Four apps were found to be sending both identifying and health information without encryption.

Lead researcher, Kit Huckvale, Imperial College London, UK, says that their study “challenges claims of trustworthiness offered by the current national accreditation scheme being run through the NHS. The results of the study provide an opportunity for action to address these concerns, and minimise the risk of a future privacy breach. To help with this, we have already supplied our findings and data to the NHS Health Apps Library.”