Smartphone apps are largely designed to make life more convenient for users, from ordering food to tracking your sleep to checking in for a flight. With increased reliance on these digital applications come growing concerns about data privacy, particularly at this point in the ongoing COVID-19 pandemic as more states begin to require proof of vaccination to enter restaurants, movie theaters or other entertainment venues.
Digital vaccine credential services that offer proof of vaccination—sometimes inappropriately called vaccine passports—are now appearing in app stores so that people do not need to carry their paper vaccination card, but there is a question of how private the data compiled in those apps really is.
Laura Hoffman, the AMA's assistant director of federal affairs, recently discussed that question and other emerging data-privacy issues that physicians should be aware of in an episode of “AMA COVID-19 Update.”
What data privacy is really about
There is a variety of reasons that people should be concerned about the privacy of the apps they use, including apps collecting health information. For example, many apps contain software development kits (SDK), which are pieces of code enabling companies to collect data and share it with third-party applications. Facebook has been in the news over privacy concerns because the platform has a broadly disseminated SDK that goes into a number of different apps and pulls user information without people realizing it, Hoffman said.
This data could be used in good ways. For example, perhaps a group of people with a certain health condition could receive custom advertising for an emerging treatment or drug for that health condition. Unfortunately, the data can easily be used to segment audiences in negative ways.
“Privacy is so often thought of as this technical, nerdy, behind-the-scenes thing, but it really is a people issue,” Hoffman said. “It's a human rights issue. It's a civil rights issue. Privacy gives people the autonomy to control who knows what about them.”
When it comes to health apps, Hoffman explained that most people do not think the information they provide about themselves will one day end up in the hands of employers or insurers, which could have enormous effects for them and their families. Most people are unaware of SDKs and other app developer data sharing practices that result in broad collection and dissemination of their health data.
“We want to make these kinds of apps workable and functional for patients,” Hoffman said. “At the same time though, however, we want to ensure that there are certain safeguards put in place.”
Find out how smartphone apps can—and should—protect users’ health info.
What steps should be taken
Hoffman said app developers and vendors need to be more responsible about what information is being collected and how that is being communicated to users. To aid that effort, the AMA developed “Privacy is Good Business: A case for privacy by design in app development" (PDF) to help developers implement recommended privacy principles.
Read more about the AMA health data privacy framework.
One question for developers and users is how much personal information should be collected by a digital vaccine credential app. If the point is simply to demonstrate someone is vaccinated, then they likely shouldn’t need to include their street address or other personal identifiers, Hoffman said.
She encouraged physicians to talk with their IT department or consultants to understand the privacy and security elements of apps offered in their EHR ecosystem. Ultimately, physicians should be ready to answer patient questions about how their physician practice or health care organization is protecting their data privacy.
“This is about maintaining trust between the physician and patient,” Hoffman said. “We want to make sure that physicians feel comfortable responding to patients and reassuring them that that trusted relationship is there, even if they choose to start to use these apps.”
Get the latest news on the COVID-19 pandemic, vaccines and variants, and more reliable information directly from experts and physician leaders with the “AMA COVID-19 Update.”
You can catch every episode by subscribing to the AMA’s YouTube channel or the audio-only podcast version.
