NHS approved apps ‘leaking’ ID data
Many NHS accredited smartphone health applications have been found to be leaking data which could lead to ID theft.
The applications are included in NHS England’s Health Apps Library, which tests programs to ensure that they meet standards of both clinical and data safety.
Applications in the library are aimed at helping people stop smoking, lose weight, reduce their alcohol intake and be more active.
The study by researchers in London discovered that some applications still failed privacy standards and sent personal information without encryption. Since then, the applications that leaked the most data have been removed from the library.
Kit Huckvale, a PhD student at Imperial College in London, who co-wrote the study said: “If we were talking about health apps generally in the wider world, then what we found would not be surprising.
But given that the apps the study looked at were supposed to have been vetted and approved, finding that most of them did a poor job of protecting data was a surprise”, he added.
In order to test the security of the information Mr Huckvale and colleagues looked at a total of 79 applications listed in the NHS library and supplied these applications with fake data in order to assess how the information was handled.
Out of these applications, 70 sent personal data to associated online services and 23 of these applications did this without encryption. If intercepted, this data could be used for theft or fraud said Mr Huckvale.
NHS England said: “We were made aware of some issues with some of the featured apps and took action to either remove them or contact the developers to insist they were updated.
“A new, more thorough NHS endorsement model for apps has begun piloting this month.”