NHS England’s Health Apps Library Found To Include Unsecure, Clinically Questionable Apps


A series of recently published studies in England uncovering poor clinical accuracy and data security within apps found listed on the NHS Health Apps Library has spawned a wave of critical coverage from local media outlets. The studies were conducted by researchers at the Imperial College London over the past 12 months and outline major security flaws that leave personal health information exposed and unencrypted, as well as clinical content issues that result in erroneous medical guidance being presented to end users. The most recent study, which focuses on problems with data storage and transmission vulnerabilities found within the apps, was published earlier this month.

The NHS Health For Apps Library was launched in November 2013 to help NHS patients find apps that are trustworthy and that have been “reviewed by the NHS to ensure that they are clinically safe.” The NHS reports that each app is validated to ensure that the content is UK-specific, that it uses trusted sources of information, that it complies with the UK’s Data Protection Act, and that it is clinically safe. The validity of these claims initially came under fire in March, when the Imperial College research team published findings after revisiting a broad systematic review of asthma support apps conducted in 2011. The new review returned to the originally evaluated apps,  some of which were included on the NHS Health Apps Library, to analyze improvements since 2011, concluding that the results “present a mixed picture for clinicians interested in integrating apps into routine care. While choice has increased, newer apps for asthma were no more likely than those available in 2011 to satisfy evidence-based recommendations for information content or the design of self-management tools.

In May, the same team published a review of diabetes support apps, specifically targeting apps that calculate insulin doses. This review found that a “majority of insulin dose calculator apps provide no protection against, and may actively contribute to, incorrect or inappropriate dose recommendations that put current users at risk of both catastrophic overdose and more subtle harms resulting from suboptimal glucose control.” The researchers found that only 30 percent of the apps evaluated presented the formula used to calculate the recommended insulin dose, while 91 percent failed to validate the initial values entered by the user to ensure they were accurate. Of the 46 calculators evaluated, only one was found to be issue free.

Now the team from Imperial College has published new findings analyzing the back-end data protection standards in place in mobile health apps. The team evaluated all 79 apps found on the NHS Health for Apps Library, finding that no apps encrypted information stored locally on the phone, while 66 percent failed to encrypt personally identifying information that was being transmitted over the Internet. Four apps sent both identifying information and personal health information over the Internet with no encryption in place. Kit Huckvale, PhD and author of all three studies, comments, “Our study suggests that the privacy of users of accredited apps may have been unnecessarily put at risk, and challenges claims of trustworthiness offered by the current national accreditation scheme being run through the NHS.”

The findings from the three studies have been consolidated into an article published this week on BMC Medicine that recommends educating the public on how to properly evaluate a health app, as well as standing up an industry-run app safety consortium, encouraging app stores to run their own monitoring programs, and establishing a government regulatory body to oversee the market.

Enjoy HIStalk Connect? Sign up for update alerts, or follow us at @HIStalkConnect.

↑ Back to top

Founding Sponsors

Platinum Sponsors