Compact and wearable devices can monitor your health, and other apps on your computer can help you maintain your private health information, but what protection do consumers have about who will use the data and for what purposes?

Television commercials are like the sirens that Ulysses had to contend with, and, similarly, all is not as you would think it might be for digital health data. Sure, strap an app device on your wrist, carry one around your neck, or put several into your cell phone, and you can keep track of all aspects of your health, but are you the only one?

If your devices are online, they are vulnerable, and whoever wants to use the data without your permission may take it. Is that OK with you? Where might this data be used, and could it disadvantage you?

Most Americans (81%) think digital health apps follow HIPAA rules (Health Insurance Portability & Accountability Act) and keep all health information safe. While HIPAA protects personal information, it can only be used in covered health organizations, like hospitals and doctor’s offices. But there is a market where digital health apps can buy and sell the data they cull.

Fifty-eight percent of Americans have not checked whether their private data is being shared on digital health apps. Just 27% say that privacy and safety are two of the three most important things to them when they go to the doctor, so security is not the main worry.

If you are looking for care, insurance, in-person care, and how quickly you can get it, are the three most important things. What matters most to 68% of patients is whether their insurance is accepted. A quick way to make an appointment or get medicine is important to 49% of people who say they want to be able to get care in person.

Privacy advocates told women not to use smartphone apps to track their menstrual cycles after the U.S. Supreme Court rejected Roe v. Wade in 2022, ending the constitutional right to an abortion.

People were worried that the information these apps collected could put women at risk of being charged in states where abortion is now banned.

Even though it has been almost two years, American women are still worried about how private these apps are, but few have taken steps to protect themselves.

Personal identifiable information (PII) like names and email addresses are collected by female health apps. The apps also collect sensitive information about users’ periods, sex lives, and physical health. Poor management of personal data has made close surveillance more common. In this type of surveillance, sensitive data is sold for profit, which invades users’ privacy.

What about your mental health status, the medications you might be taking, your diagnosis, who you're treating healthcare professional is, and when your appointment is scheduled next? These are of interest to data hackers, and they would love to steal it from you.

These apps make accessing mental health services easier, but they also create huge amounts of private, sensitive data.

Mindfulness apps have become more popular recently, and they were expected to grow even more with a 54.6% rise. Mozilla created a report that looked at 32 mental health apps’ privacy rules. Twenty-two of them had a “privacy not included” label on them, which means they had two or more of the following problems: using data in a bad way, making user control over data unclear or impossible to manage, having a bad history of protecting data, and not meeting Mozilla’s Minimum Security Standards. They did, in fact, provide a guide to help you see what ratings some apps received and where problems might lie.

What do you know about website scraping? It's one of the easiest ways for someone to access websites and pull off information, and there are programs that will do this for you or teach you how to do it. Some mental health apps scrape user data to make AI bots or give data to other companies for advertising, so privacy is not always protected well enough.

Many people have trouble understanding privacy rules, and mental health apps must be held to the same standards as regular doctors. If you don't understand the privacy involved, have someone explain it to you to help you realize what is being put at risk.

Protecting personal health information

Using personal health, digital devices comes with a sense of responsibility that you must maintain and not depend on the manufacturer alone. With that in mind, and in order to keep your privacy safe, you need to do certain things:

1. Make sure to conduct thorough research on the app, read consumer reviews about it, and ensure that privacy is a concern for the developer. Reviews can provide important information how the app data collection might be done, to whom it might be sent, and exactly how they handle privacy questions in terms of their service.
2. Too many of us neglect to change passwords, which, according to some experts, should be changed regularly and should never include easily accessible personal information such as your name, home address, the company you work for, or simple strings of digits such as 12345678. Some programs can easily provide you with unique, strong passwords, and you should use them.

A friend of mine who worked at a facility where data was put into a computer was training someone who had forgotten the password to access his programs. My friend asked him one simple question: What's the number of the address for this building? Yes, that was the password.

1. What about two-factor authorization? This is always a good idea, and, in addition to a strong password, this will provide you with an extra layer of protection. If anyone tries to access your data, you may also have software that will alert you on your cell phone. It sounds almost excessive, but we live in an age where it is extremely easy to access digital devices or have artificial intelligence programs help us access them if we are hackers. Some people do this for fun in white hats, and some, called black hats, do it to earn an income.

If you want to look up the names of famous hackers, you can do so on the Internet, but one of them, Kevin Mitnick, unfortunately died a few years ago. His exploits with a scanner and a simple ability to use his social skills could get him past too much corporate security for his own good. Kevin spent time in prison and then came out and became a very sought-after computer security expert. I knew him slightly, and he was a very engaging guy.

1. All software provides regular updates to its programs, and it is in your best interest to ensure that all of your programs are up-to-date. Updates usually indicate a newly discovered vulnerability, and if you don't update, you are, in a sense, leaving the back door to your home wide open while the front door is strongly locked.
2. What about fingerprints as identification for accessing data? Apple now uses this on some of its laptops, and it's a good idea because your fingerprint is fairly unique. However, everything can be copied, and someone may get your fingerprint and then use it to access your laptop. But that only happens in Tom Cruise movies, not too much in real life.
3. Remember to never send private health information via Wi-Fi Internet connections, especially if you are in a public space such as a library or a coffee shop. However, if you find you will need to send this information from these public spaces, you can get a VPN (virtual private network). There are several companies that offer these, and you can install them on your laptop and, possibly, other devices. Check this out.

In this new digital age, all of us must not allow our security needs fold because we never know how data might be used, and that’s not always for reasons that benefit us. And don’t let your concerns about not knowing how to take the steps provided above stop you. Ask a friend or find someone to help.