How safe are health apps?
Most people are very concerned about their own health. Since digitization has also been driven forward in the healthcare sector, health apps have been springing up like mushrooms. After all, good money can be made from people's health.
Almost three dozen approved digital health applications (DiGAs) are currently available in Germany. These apps are available on prescription from the family doctor and the costs are covered by the insurance companies. Against the background of the fact that thousands of data leaks in smartphone apps are discovered every year, many users naturally ask themselves the question of the safety of health apps.
Health apps: BfArM approval
There are practically no limits when using health apps. The applications can count steps, measure blood pressure and heart rate, dial emergency services with one tap, keep a digital health diary, remind you of medications or simply inform you about medical progress. There are countless apps in the Google and Apple stores, but they are not all officially approved.
In order to obtain official approval, each health app must pass an examination by the Federal Institute for Drugs and Medical Devices (BfArM). The experts check the app for security, data protection, functionality and quality. Recent examples show that the state inspectors also make mistakes.
Severe data leak in 2022
As part of a collaboration with WDR and NDR, the volunteer IT team "Zerforschung" discovered glaring security gaps in various health apps in spring 2022. Among others, the Berlin provider Novego was affected. The IT specialists gained access to the names, email addresses and accounts of almost 10,000 users without initiating extensive hacking measures.
But that was not all. The team also managed to access files and find out whether a patient was being treated for an anxiety disorder, depression or burnout. After the incident became known, Novego acted immediately and closed the security gap within a few hours.
The fear of the transparent patient
No other app contains as much sensitive data as a health app. Quite a few people shy away from using the digital helpers for fear of the transparent patient. It should be a matter of course for developers to pay particular attention to data protection and efficient IT security measures, especially in the case of health apps. In Germany, the protection of health data is even regulated by law in the Basic Data Protection Regulation (DSGVO). In addition, providers must comply with the Federal Data Protection Act.
What patients can do
The health apps approved by the BfArM fulfill an important function and support the attending physicians. In addition to these reviewed digital helpers, there are two other groups of apps. One group has a European seal of approval and a CE certificate. The third group of health apps is untested applications. If patients do not want to exclude the latter two groups, they should at least ask themselves the questions: Who is behind the app? How is the app financed? Where is the data stored? If it is a free health app, the warning lights should flash, because users usually pay for the development with their - in this case highly sensitive - data. If possible, users should also check which data the app accesses.