What Does Your Smartphone Say?

Aloha Colleagues!

As we know, year after year, Gallup polls report that Nurses are America’s most trusted profession. Our patients share information they have never revealed to another living soul with us. And we keep that sacred trust, and honor the responsibility it entails.

But many of our patients, friends, & family members confess their most intimate secrets to something else: The apps on their smartphones. Nurses do it too! There are apps to track our physical activity and intake for when we want to lose weight. Maybe we are trying to have a baby and track our periods and when we have sex. Other popular apps know our heart rate, blood pressure and the price of the condos we’ve been looking at.

Unbeknown to most people, that data can be shared with someone else: Facebook! And, incredibly, this is the case for people who are not even Facebook users.

On February 22, 2019, the Wall Street Journal announced their discovery: Many popular apps share personal and health data with Facebook. More specifically, they store that information on Facebook’s systems as part of using it in conjunction with the Facebook Analytics platform. Since the data typically also includes a unique advertising ID, it means Facebook might well know about you even if you’ve never registered for an account.
The WSJ found that 11 of the 70 iOS apps it tested shared personal or health data with Facebook’s servers via Facebooks Analytics. For example, Instant Heart Rate: HR Monitor (one of the most popular heart rate monitoring apps) sent users’ heart rate data to Facebook. Flo Period & Ovulation Tracker shared when a user was having her period. Not all the personal data was related to health. Realtor.com sends Facebook the location and price of listings a user views. The data is shared by creating a Custom Event using the Facebook Analytics SDK, and then using it to send non-standard types of user information.

BetterMe is the fastest-growing mobile fitness product in the US and continues to send data to Facebook Analytics. You can only imagine the furor when WSJ published the story. In response, Apple issued a statement that indicates they’ll investigate whether the apps in question violated their terms of service with Apple (this will involve many lawyers & significant time). Google pointed to its policy that apps handling sensitive data “disclose the types of parties to which any personal or sensitive data is shared.” Meanwhile, four of the confidentiality-outing apps of the eleven identified have stopped sharing data. The others continued to do so after the news was reported! And WSJ only looked at 70 iOS apps out of the thousands that are available. The New York State attorney general’s office has opened an investigation into this problem, (but that’s just one state out of 50) as has the Republic of Ireland.

Where is HIPPAA in all this. The answer is that HIPPAA only applies to heath care organizations & clinicians not the digital world.

Thank you for all you do,
Leslie