The Journal of mHealth Vol 2 issue 5 (Oct) | Page 40

UK NHS Approved Apps Failing on Privacy Standards Continued from page 37 There are a number of challenges for new companies when commercialising and scaling up digital health businesses in the UK. Whilst there is a strong heritage in research and idea generation there are often problems with achieving scale. The problems include a lack of commercialisation skills, shortages of IT and analytical capabilities, difficulties in funding and challenges with accessing a local revenue stream in the NHS. Government also has a key role in providing the infrastructure, such as regulatory frameworks and information governance, to support growth of the sector. Interviews with key stakeholders identified five potential areas of improvement to grow the UK digital health industry: 1. Addressing a skills shortage in health analytics 2. Building managerial skills within NHS to better understand the potential value of digital solutions across the healthcare cycle 3. Improving clarity on how to access, transfer and analyse healthcare data (including the necessary incentives and information governance procedures) 4. Improving reimbursement policy to accelerate the use of digital health solutions 5. Building capabilities to commercialise and scale up companies in the UK digital industry By addressing these issues and continuing to build on current initiatives, the UK is well-positioned to take advantage of the digital health opportunity. The full report can be downloaded at www.gov.uk/government/publications/digital-health-industry-uk-market-analysis n UK NHS Approved Apps Failing on Privacy Standards Study finds some smartphone health apps accredited by the UK’s NHS leak data that could be used for ID theft and fraud. Published in the open access journal BMC Medicine the study has found that the apps, which are included in the NHS England's Health Apps Library, may not have been complying with principles of data protection. The research found that in some instances health apps were sending unencrypted personal and health information, meaning users may have had their privacy placed at risk. The apps that leaked the most data have now been removed from the library. The researchers from Imperial College London, UK, and Ecole Polytechnique CNRS, France, reviewed 79 apps that were listed on the UK NHS Health Apps Library in July 2013 and were available on Android and iOS platforms. The apps covered health areas such as weight loss, alcohol harm reduction, smoking cessation and long-term condition self-care. The apps were assessed over a six-month period by inputting simulated information, tracking the handling of this information, and looking at how this agreed with any associ ated privacy policies. Of the apps reviewed, it was found that 70 of the apps transmitted information to online services and 23 of those sent identifying information over the 38 October 2015 internet without encryption. Of the 38 apps that had a privacy policy and transmitted information, the privacy policy did not state what personal information would be included in the transmissions. Four apps were found to be sending both identifying and health information without encryption. Most of the data the apps gathered and shared related to a person's phone or their identity, with only a handful collecting information about the health of users. "If we were talking about health apps generally in the wider world, then what we found would not be surprising," said Kit Huckvale, a PhD student at Imperial College London, who co-wrote the study. “But given that the apps the study looked at were supposed to have been vetted and approved, finding that most of them did a poor job of protecting data was a surprise”, he added. “Our study suggests that the privacy of users of accredited apps may have been unnecessarily put at risk, and challenges claims of trustworthiness offered by the existing national accreditation scheme being run through the NHS. The results of the study provide an opportunity for action to address these concerns, and minimise the risk of a future privacy breach. To help with this, we have already supplied our findings and data to the NHS Health Apps Library.” The UK’s NHS Health Apps Library, which is a curated list of apps for patient and public use. Registered apps undergo an appraisal process that examines clinical safety and compliance with data protection law. To be listed in the Health Apps Library, developers are required to declare any data transmissions and register with the UK’s Information Commissioner’s Office – the body that enforces the Data Protection Act. Whilst the results of the study are worrying, curators of the NHS App Library have been aware of the shortcomings for some time. The Library was closed to new submissions for a number of months throughout 2015 during which time significant effort was taken by NHS England to consult with industry participants with the aim of implementing a new and improved method of assessment and validation. This new endorsement model began piloting in September. In a statement NHS England said: "We were made aware of some issues with some of the featured apps and took action to either remove them or contact the developers to insist they were updated.” The results of the study are published in the open access journal BMC Medicine at www.biomedcentral.com/17417015/13/214. n