You downloaded an app to track your blood pressure. It seemed helpful. You entered your readings, your medications, even your doctor's name. But did you ever stop to wonder: What happens to all that health information?
Here's something important you should know: Health apps collect enormous amounts of personal data. And unlike your doctor's office, many of them aren't bound by the same privacy laws.
Understanding what happens to your health data can help you make smarter choices about which apps to trust.
The Health App Boom
Health apps are incredibly popular among seniors:
- Apps that track blood pressure, blood sugar, or heart rate
- Medication reminders
- Fitness trackers that count steps
- Medicare-connected apps that access your claims
- Telemedicine apps for virtual doctor visits
- Mental health and wellness apps
These apps can be genuinely helpful. They help you manage chronic conditions, remember medications, and stay connected with healthcare providers.
But there's a catch.
Your Doctor's Office vs. Health Apps: Very Different Rules
HIPAA: The Privacy Law You Know
When you visit your doctor, your information is protected by HIPAA (the Health Insurance Portability and Accountability Act).
HIPAA means:
- Your doctor can't share your information without permission
- There are strict security requirements
- You have rights to see and correct your records
- Violations carry serious penalties
Health Apps: Often No HIPAA Protection
Here's what surprises many people: Most health apps are NOT covered by HIPAA.
Think of it like this: Your doctor's office is like a bank vault with strict security rules. Many health apps are more like a desk drawer—easier to access, fewer protections.
When health apps aren't covered by HIPAA:
- They can sell your data to advertisers
- They can share information with "partners"
- Security requirements are weaker
- You have fewer rights to your own data
What Health Apps Know About You
Basic Health Information
Many apps collect:
- Your name, age, and contact information
- Height, weight, and body measurements
- Symptoms you've reported
- Medications you take
- Doctor appointments and diagnoses
Sensitive Health Data
Some apps go deeper:
- Mental health conditions
- Sexual health information
- Genetic information
- Diseases and chronic conditions
- Substance use history
Activity and Lifestyle Data
Fitness and wellness apps track:
- Your daily steps and exercise
- Sleep patterns
- Heart rate and vital signs
- Location (where you walk, which gyms you visit)
- Food you eat
Your Social Network
Some apps collect:
- Contacts you connect with
- Friends who also use the app
- Family members you mention
- Caregivers you connect with
Device Information
Apps can access:
- Your phone's unique identifier
- Other apps installed on your phone
- How you use the app
- Your IP address and location
What Apps Can Do With Your Data
1. Sell It to Advertisers
Many health apps make money by selling your information to advertisers and data brokers.
This means:
- Companies learn about your health conditions
- You see targeted ads for medications or treatments
- Insurance companies may access this data
- Employers could potentially buy health profiles
Example: An app that tracks diabetes might sell that information to companies selling diabetic supplies—or to insurance companies.
2. Share with "Partners" and "Affiliates"
Privacy policies often mention sharing with "partners" or "affiliates." This can mean almost anyone.
The reality: Once your data leaves the app, you lose control over where it goes.
3. Use for Research (Without Your Knowledge)
Some apps use your data for medical research. While research is valuable, it raises questions:
- Were you informed?
- Can you opt out?
- Is the data truly anonymous?
4. Combine with Other Data Sources
Data brokers combine health app data with:
- Purchase history
- Public records
- Social media activity
- Other app usage
The result: A detailed profile of your health, habits, and life that you never agreed to create.
Medicare-Connected Apps: Special Considerations
Medicare now allows you to connect third-party apps to your Medicare account. This can be convenient, but it comes with risks.
What Medicare Apps Can Access
Connected apps can access:
- Your Medicare claims history
- Diagnoses and procedures
- Prescription medications
- Doctor visits and hospitalizations
- Test results
The Blue Button Feature
Medicare's Blue Button lets you download your claims data to share with apps.
Before using Blue Button:
- Read the app's privacy policy carefully
- Understand what they'll do with your data
- Check if they're HIPAA-compliant
- Know how to revoke access later
Important Warning
When you connect a third-party app to Medicare, you're responsible for what happens to that data. Medicare doesn't control how apps use your information once they receive it.
How to Protect Your Health Data
Step 1: Read the Privacy Policy
Before downloading any health app, read the privacy policy. Look for:
Good signs:
- "We do not sell your data"
- "HIPAA compliant"
- Clear explanations of data use
- Easy opt-out options
Red flags:
- "We may share data with partners"
- "We use data for advertising"
- Vague language about data sharing
- No mention of security measures
Step 2: Check App Permissions
When you install an app, it asks for permissions. Be skeptical.
Ask yourself:
- Does a blood pressure app need access to my contacts?
- Does a medication reminder need my location?
- Does a fitness app need my microphone?
If the permission doesn't make sense for the app's purpose, don't grant it.
Step 3: Limit What You Share
You don't have to provide everything an app asks for.
- Skip optional profile fields
- Don't connect social media accounts unless necessary
- Turn off location tracking if it's not needed
- Don't upload photos unless required
Step 4: Use Apps from Reputable Companies
Safer choices:
- Apps from major hospitals or health systems
- Apps recommended by your doctor
- Established companies with good reputations
- Apps that clearly state HIPAA compliance
Riskier choices:
- Free apps from unknown developers
- Apps with lots of ads
- Apps that pressure you to share on social media
- Apps that make unrealistic health claims
Step 5: Regularly Review Connected Apps
On your phone:
- iPhone: Settings → Privacy & Security → Health → Apps
- Android: Settings → Privacy → Permission Manager
In Medicare:
- Log into Medicare.gov
- Go to "Connected Apps"
- Remove apps you no longer use
Step 6: Delete Apps You Don't Use
Unused apps still have your data. If you're not actively using a health app, delete it.
Red Flags: Health Apps to Avoid
🚩 RED FLAGS – Don't Use Apps That:
- Promise miracle cures or impossible results
- Aren't clear about who runs the company
- Have no privacy policy or a confusing one
- Request permissions unrelated to health (like contacts or photos)
- Pressure you to share on social media
- Make it hard to delete your account or data
- Have poor reviews mentioning privacy concerns
- Claim to replace your doctor's advice
Your Rights with Health Apps
Rights Under HIPAA (If It Applies)
If an app is covered by HIPAA, you have the right to:
- See your information
- Correct mistakes
- Know who has accessed your data
- File complaints about privacy violations
Limited Rights Without HIPAA
For most health apps, your rights depend on:
- The app's privacy policy
- State laws where you live
- General consumer protection laws
This means: You often have fewer protections than you do with your doctor.
Key Takeaways
📦 Key Takeaway Box:
✅ Most health apps are NOT protected by HIPAA. They can sell or share your data in ways your doctor cannot.
✅ Read privacy policies before downloading. Look for clear statements about data selling and sharing.
✅ Be skeptical of app permissions. Don't grant access to contacts, location, or photos unless clearly necessary.
✅ Limit what you share. You don't have to fill out every optional field.
✅ Choose apps from reputable sources. Prefer apps from healthcare providers or established companies.
✅ Regularly review and remove apps you don't use. Unused apps still have your data.
✅ When connecting apps to Medicare, understand you're responsible for what happens to that data.
Your Health Data Is Valuable—Protect It
Your health information is some of the most personal, sensitive data you have. In the wrong hands, it can be used to discriminate against you, target you with ads, or even affect your insurance rates.
You have a right to privacy. Don't give it away just because an app asks nicely. Be selective about which apps you trust. Ask questions. Read the fine print.
Technology can genuinely help you manage your health. Just make sure you're not trading your privacy for convenience.
Stay healthy—and stay private.
Next in This Series: Article 57 – When Is an App Asking for Too Much? Understanding App Permissions