Background: Headache diaries are a mainstay of migraine management. While many commercial smartphone applications (apps) have been developed for people with migraine, little is known about how well these apps protect patient information and whether they are secure to use.
Objective: We sought to assess whether there are privacy issues surrounding apps so that physicians and patients could better understand what medical information patients are providing to the app companies, and the potential privacy implications of how the app companies (and other third parties) might use that information.
Methods: We conducted a systematic search of the most popular "headache" and "migraine" apps and developed a database of the types of data the apps requested for input by the user and whether the apps had clear privacy policies. We also examined the content of the privacy policies.
Results: Twenty-nine apps were examined (14 diary apps, 15 relaxation apps). Of the diary applications, 79% (11/14) had visible privacy policies. Of the diary apps with privacy policies, all (11/11) stated whether or not the app collects and stores information remotely. A total of 55% (6/11) stated that some user data were used to serve targeted advertisements. A total of 11/15 (73%) of the relaxation apps had privacy policies.
Conclusions: Headache apps shared information with third parties, posing privacy risks partly because there are few legal protections against the sale or disclosure of data from medical apps to third parties.
Keywords: HIPAA; electronic diaries; mHealth; privacy/risk; relaxation.
© 2018 American Headache Society.