Connected health devices violate users privacy

28. september, 2017

The health devices that were tested are intended to simplify and improve everyday life for people. However, several app-connected blood pressure gauges and blood glucose-monitoring devices fall short of properly protecting the privacy and consumer rights of users, according to the Norwegian Consumer Council.

The Norwegian Consumer Council encourage users to think twice about connecting health devices, which collect sensitive personal information, to the internet.

– Although the features of these services can be useful to people, it is unacceptable that some apps contribute to users losing control their own health data, says Anne Kristin Vie, Director of Public Services and Health at the Norwegian Consumer Council.

They have investigated the consumer and privacy-related aspects of four blood pressure gauges and three blood glucose-monitoring devices used together with smartphone apps. The consultancy company Bouvet has carried out the technical part of the test on behalf of the Norwegian Consumer Council.

– Unfortunately, users often have to waive basic consumer rights in order to use the apps that are used with the devices, says Vie.

Weak security practices

The apps provided with the devices contribute to enhanced functionality such as measurement history, visualization of results and other additional features, including the ability to report results electronically to your doctor. However, several of them fall short in terms of privacy and security, and give unsatisfactory information about user rights.

Some of the apps send potentially sensitive information to companies in East Asia and North America, without the users being properly informed about this. The Consumer Council believes that the standards of security for internet-connected healthcare products are often too low.

– It is not okay that, by using health-monitoring devices, you risk your health information being sold to, for example, insurance companies or other unauthorized entities. This is information that is commercially attractive for many actors, says Vie.

– The health tech industry must make sure that terms and practices do not violate users’ privacy and basic consumer protection. The users should not have to fear that their information could be used for harmful, direct marketing or price discrimination, Vie says.

Lack of secure ways to share health data

The Norwegian Consumer Council also encourages people to avoid e-mailing the health information registered by the devices to others, including your own doctor. Many of the apps that were tested directly encourage users to share their health data, either through e-mail or social media.

– E-mail is not a sufficiently secure channel to send data about your own health, Vie says.

At the same time, she points out that devices intended for home testing can be both accurate and user-friendly.

– This kind of technology has proved to be useful for people, and is readily available in stores, in pharmacies and online. Nevertheless, people need secure ways to share the information that the devices collect with, for example, their doctor, Vie says.

These are the tested products

Product	Type	Character
	Andersson BDR 1.0   Blood pressure gauge	Security/Privacy Terms of service
	iHealth BP7   Blood pressure gauge	Security/Privacy Terms of service
	QardioArm A100   Blood pressure gauge	Security/Privacy Terms of service
	Withings BP-801   Blood pressure gauge	Security/Privacy Terms of service
	2in1   Blood glucose-monitoring device	Security/Privacy Terms of service *
	Contour   Blood glucose-monitoring device	Security/Privacy Terms of service
	IHealth BG5   Blood glucose-monitoring device	Security/Privacy Terms of service

* Terms are not included with this product and have therefore not been tested.