Out of the apps on your phone, how many of them are about health, fitness or lifestyle? Quite a few probably.

Mobile health (mHealth) is trendy. It has the potential to transform the way healthcare is delivered because it allows consumers to keep track of some basic health indicators. For example, through mHealth apps consumers can track their blood pressure, count their daily steps or track their calorie intake to reach a desired weight.

mHealth could herald a new era in healthcare

All these apps can help improve consumers’ health. But this data can also be valuable to app developers and third parties – which has risks for our privacy.

Health data: the new currency?

shutterstock_1028725Beyond direct benefits for individual consumers, mHealth can facilitate the information gathering and analysis of a large amount of health data that can be stored, combined and analysed in large databases. This so-called ‘big data analysis’ has the potential to develop more advanced mechanisms for detection and the prevention of diseases. But, if not properly regulated, it can also expose consumers to serious privacy risks, first and foremost if their profiling is used for merely commercial business strategies.

Unsurprisingly this practice can be very attractive for insurance companies and advertisers among others, who see in the health data a gold mine for their strategies. For example, by looking at someone’s eating and physical habits, insurance companies could decide to increase their insurance premium. In other words, they could start charging less healthy people more.

Protecting patients’ privacy

shutterstock_167954447For that reason privacy protection has to be at the core of mHealth. Any health device or app entails the processing of a large amount of consumers’ personal information. The adoption last year of the European Data Protection Regulation (GDPR) certainly brings an important contribution in this sense. It considers health a special category, whose data merits additional protection and can be processed only under strict conditions.

For example, personal data collected to help consumers to monitor their blood pressure will certainly fall under the category of “health data” and would require the consumer’s specific consent when being processed However, this definition might not always apply to fitness, lifestyle and well-being, such as data collected to do some routine fitness exercises. This is despite the fact that these apps have an enormous share of the mHealth market and the information they provide are linked to individuals’ health.

By looking at someone’s eating and physical habits, insurance companies could decide to increase their insurance premium. In other words, they could start charging less healthy people more.

The EU is expected to produce a code of conduct on privacy for mHealth apps soon that should help developers to comply with rules at EU level. Once this has been issued and there has been an analysis of market and technology developments and how the GDPR works in practice, the EU will have to make an assessment as to whether sector-specific legislation is necessary.

Overall, mHealth could herald a new era in healthcare. Yet, these technological health developments have to go hand in hand with a robust regulatory framework to guarantee consumers’ privacy. EU policy makers should not let consumers lose control of their personal data.

Posted by Francesca Cattarin