NHS Apps Leaking Data, Study Finds

nhs bmi
NHS apps are criticised for poor data protection safeguards in the Imperial College report

Several apps that are accredited by the NHS are leaking data that could be used for ID theft and fraud, according to a study carried out by Imperial College London, reported by the BBC.

The study looked at 79 NHS apps, all designed to help people live healthier lives by exercising more and cutting out or cutting back on things like alcohol and tobacco.

Yet despite the fact that all the apps in the study had been through a vetting program to ensure they met standards of clinical and data safety, the researchers found that many of them flouted privacy standards and sent data without encrypting it.

While more than half of the apps had a privacy policy, this was often vaguely worded and did not let people know what types of data were being shared. Worse than that, 70 of the 79 apps studied sent personal data to associated online services; 23 of the apps sent the data without encrypting it. Four of the apps sent both personal and health data without protecting it from potential eavesdropping.

“If we were talking about health apps generally in the wider world, then what we found would not be surprising,” Kit Huckvale, a PhD student at Imperial College London, who co-wrote the study, told the BBC, adding that it was a surprise to find so many of them flouting data protection rules when they were supposed to have been vetted.
In a statement, NHS England told the BBC that a new, more thorough NHS endorsement model for apps had begun piloting this month.