More and more medical and health information is being collected electronically.  People are using fitness apps, for example, to watch their calorie intake and gauge their level of physical activity.  Those are certainly good and admirable goals.

But what many people don’t realize is the serious security issues about using these kinds of medical and health apps.  Health data is increasingly held by technology companies, not by health and medical professionals and entities such as doctors and hospitals as Brian Fung noted in a recent Washington Post article.  He gave the example of Apple’s Healthkit that collects and centralizes health information across apps (www.washingtonpost.com; “Facebook may be eyeing your health data. Should you trust it?”; October 3rd).  Moreover, these apps don’t have the same privacy and security requirements that apply under the Health Insurance Portability and Accountability Act‘s to medical and health professionals, hospitals and associated records do not cover these types of fitness and health apps.

What is particularly powerful are two statistics in Mr. Fung’s article.  First, he writes that ‘[t]here’s also a lot of money floating around the healthcare industry —an estimated $3 trillion worth ….”.  Second, he noted that “[h]ealth records are so valuable, security experts say, that hackers will pay up to 20 times more for a person’s medical record on the black market than for a stolen credit card number.”

Those are staggering numbers and only underscore that individuals need to protect their health and medical information.  Moreover, individuals need to think carefully before using a fitness or medical or health app.  I’m not suggesting that individuals shouldn’t use them.  But individuals need to dig in and learn how the information that’s being collected will be stored; how it will be protected; and whether the company whose product they’re using is going to sell or share any of the collected data with a third party.

Individuals need to be pro-active so they don’t unwittingly help hackers make money off of some of their most sensitive personal information.