Evaluating Privacy Measures in Healthcare Apps Predominantly Used by Older Adults

TL;DR

This study assesses privacy protections in healthcare apps used by older adults, revealing significant compliance gaps and risks due to inadequate privacy policies and breach protocols.

Contribution

Introduces a Privacy Risk Assessment Framework (PRAF) to evaluate privacy practices in healthcare apps for older adults, highlighting critical gaps in compliance and security.

Findings

Only 25% of apps explicitly comply with HIPAA.

Just 18% mention GDPR compliance.

79% lack breach response protocols.

Abstract

The widespread adoption of telehealth systems has led to a significant increase in the use of healthcare apps among older adults, but this rapid growth has also heightened concerns about the privacy of their health information. While HIPAA in the US and GDPR in the EU establish essential privacy protections for health information, limited research exists on the effectiveness of healthcare app privacy policies, particularly those used predominantly by older adults. To address this, we evaluated 28 healthcare apps across multiple dimensions, including regulatory compliance, data handling practices, and privacy-focused usability. To do this, we created a Privacy Risk Assessment Framework (PRAF) and used it to evaluate the privacy risks associated with these healthcare apps designed for older adults. Our analysis revealed significant gaps in compliance with privacy standards to such, only 25% of apps explicitly state compliance with HIPAA, and only 18% mention GDPR. Surprisingly, 79% of these applications lack breach protocols, putting older adults at risk in the event of a data breach.