Use of health-related smartphone apps continues to rise, contributing to the growth of "grey data," or sensitive data related to health but not protected by formal healthcare privacy legislation. For the enterprise that encourages use of these apps as part of a wellness program or other company-sanctioned initiative, due diligence is required in vetting these apps and assessing information governance policies.
- Independent testing of health apps has found that many lack proper privacy policies, consent procedures, disclosure of third-party data sharing, and other fundamental information governance policies.
- While the enterprise may not be directly liable for the governance or security flaws of any particular app available to consumers, the unique position of recommending or sanctioning certain health apps for employee use (such as for a wellness program) raises enterprise risk.
- As health apps more commonly become involved in workplace programs and are downloaded on work devices, the enterprise needs to take a firmer policy stance on their evaluation, selection, and governance.
- Evaluates several of the governance and security flaws that can exist with common health-related apps on the market.
- Assesses the unique risk that health app data poses in the presence of weak information governance policy.
- Identifies key questions to ask as part of a screening process in evaluating a potential health-related app for enterprise use.
- Assesses the benefit of building preemptive policies for health apps and grey data before regulatory bodies catch up with their own rules.
- What is the current data management status of the health-related app market?
- What common enterprise information governance policies or practices do many health apps fail to meet?
- In what situations might the enterprise formally recommend, sanction, or encourage the use of health apps on work-related devices?
- What questions need to be asked when evaluating health-related apps for possible inclusion in an enterprise-sanctioned program?
- How can the enterprise maintain best practices for health app data, even if it does not have direct ownership of the data on the apps?
- Health app data is highly sensitive, but difficult to control
- Build health app policies today, before regulators step in
- Evaluating health apps: advice for the enterprise
- Further reading