What CIOs, CISOs must do in times of crises.
View as Webpage
Can you create a digital tool supporting the health care system? >>
 
 
 
Subscribe
 
 
 
Tuesday June 2, 2020
 
 
Man with mask using a phone
 
 

A large portion of COVID-19 apps available in the Google Play Store ask users for advanced access permissions, but very few indicate to users that collected data will be made anonymous and secured, according to an analysis of 50 such apps published recently in Nature Medicine.

The investigation – conducted by two researchers from the University of Illinois at Urbana-Champaign's Illinois Informatics Institute – reviewed a sample of apps hailing from dozens of different countries around the world. Twenty of these offerings were issued by governments, health ministries or other official sources.

The researchers classified nearly half as informational tools, roughly a third as tracking tools, 10% as assessment tools and 8% as scientific research apps. Common features across these apps included live maps and confirmed-case updates, alert systems, direct-to-government symptom reporting and COVID-19 education. More specialized functions included device-connected vitals monitoring, contact tracing and virtual consultations.

Among these, 30 apps required some level of access to the user's phone data, camera, microphone, WiFi connection or other settings, the researchers wrote, with some explicitly stating that they would collect some level of information. However, only 16 of the apps indicated that this information would be made anonymous, encrypted, secured and reported only in aggregate.

The researchers also noted that some of the apps within the sample were released by U.S. healthcare providers, but did not make it clear whether or not the data collected was regulated under HIPAA or other laws and regulations.

WHY IT MATTERS

The researchers warned of a slippery slope between effective digital surveillance and long-term risks to civil liberties that could result from governments or others having access to continuously updated tracking information or other sensitive and personally identifiable data. They noted that although the European Data Protection Board has outlined regulations for processing personal data during COVID-19, others like the U.S. have little to no frameworks or protective agencies in place.

In the short term, this places the onus on technology-makers and the public to push for built-in privacy protections in this new wave of mobile health tools.

"Healthcare providers must absolutely use whatever means are available to save lives and confine the spread of the virus," they wrote. "But it is up to the rest, especially those in the field of information privacy and security, to ask the questions needed to protect the right to privacy."

THE LARGER TREND

From big tech to government to the World Health Organization , there has been little shortage of apps released to the public throughout the pandemic. While some efforts have worked to build in user-data protections from the start, examples are cropping up of apps that put their users' personal information at risk. Last week, for instance, an Amnesty International investigation found exposures of user name, national ID numbers, health status and location data within Qatar's COVID-19 app.

ON THE RECORD

"It is important to note that there may be no choice but to adopt such mass surveillance measures if this pandemic does not go away or if another one comes into existence. Thus, it is crucial to ensure that policies, mathematical models and technological measures are developed to protect the data that are being collected and used, and transparency must be promoted in how data can help contain the spread while ensuring that civil liberties will still be protected," the researchers concluded.

 
Man holding pill bottle and phone
 
 

As the coronavirus pandemic rages on, consumers are turning to ecommerce as a way to purchase everything from groceries to prescription medications. Now so-called “shadow pharmacies” are seeking to take advantage of pandemic fears and spending by claiming to sell unconfirmed coronavirus treatments without a prescription, according to a Babel Street report

As consumers make the shift to online purchasing, they should be aware of the risks in purchasing from questionable or shadow pharmacies,” wrote Brittany Mason, senior solutions specialist for Babel Street and author of the report. “Per FDA guidelines, there are several signs of “rogue online pharmacies.” These signs include allowing individuals to buy prescription medicine without a valid prescription, offering very low prices that seem “too good to be true,” operating from locations outside of the United States, or offering worldwide shipping.”

Babel reports that these shadow pharmacies employ hacked sites with legitimate roots, and then redirected the potential customers to the online pharmacy. By using these hacked sites, the fraudulent pharmacies are able to post the site in blogs and articles, and then boost their SEO. 

While these shadow pharmacies have been around for some time, the Babel report indicates that ones claiming to have COVID-19 cures have been on the rise in recent months. Analysts at Babel combed through sites in multiple languages claiming to sell Ritonavir, Ritomune, Lopinavir, Lopimune, Fluvir, Plaquenil (hydroxychloroquine) and Aralen (chloroquine). 

The analysis recorded a spike of these specific coronavirus-related drugs mentioned from mid-March to early-April. The rate dipped a little mid-April, but emerged again mid-May. 

URL analysis for the COVID-specific collection also revealed the emergence of a more direct TTP employed by the online pharmacies offering COVID-related drugs. Some of the COVID-19 associated URLs continue to use hijacked root domains for obfuscation and redirection; however, several sites have begun to include the specific COVID-19 related drug names in the root domain name. These URLs are new sites created to sell these newly popular drugs online. 

WHY IT MATTERS

The coronavirus pandemic has also brought with it a wave of misinformation. The internet is jam packed with theories that sprout cures and preventions for the virus, including everything from drinking hot water with a lemon to drinking alcohol. However, today there are no drugs licensed to treat the virus, according to the World Health Organization . There are several trials ongoing and FDA has granted a number of Emergency Use Authorization for drugs, which have to be prescribed by a physician. 

WHO warns of the dangerous effects of misusing drugs to treat coronavirus, specifically noting that hydroxychloroquine can have serious side effects and illness.

Shadow online pharmacies remain active and seek to exploit the COVID-19 pandemic for financial gain – often using established [tactics, techniques, and procedures],” the report said. “Consumers need to be wary and pay heed to the red flags of shadow pharmacies lest they be financially bilked and subjected to potentially ineffective or dangerous drugs.” 

THE LAGER TREND 

While the report focuses specifically on these rogue pharmacies, we are seeing a booming number of online pharmacy providers offering more legitimate treatments. In fact, Amazon even got in the game when it acquired PillPack in June of 2018. The e-commerce giant recently made a deal with Blue Cross Blue Shield of Massachusetts that integrates with Amazon’s PillPack’s platform into the payer’s myBlue member app. 

Another on the market is Capsule, a New York City-based startup, scored $200 million to expand its hand-delivered same-day medication drop-off services. 

Also coming into the space is NowRx, an online pharmacy specializing in same-day, same-hour prescription deliveries. In October, the company announced a $7 million Series A raise.

 
 
ADVERTISEMENT
Catalyst @ Health 2.0
 
 
 
Healthbox's Enabling Digital Strategy Report lays out the steps of establishing a digital strategy for health companies.

Keep Reading >>
 
 
 
Telehealth, including the use of remote consultation, can improve cost optimization of healthcare resources, and engage the population in early prevention and management of chronic conditions.

Keep Reading >>
 
 
Reader Survey
 
In the wake of the COVID-19 pandemic, we have felt an increasing urgency to continue to improve how HIMSS can support our members and the wider healthcare community as they respond to this crisis in the most impactful way. That's why we are reviewing our Media publications to optimize them both now and for the future, and we need your help!
 
 
 
The company is looking to expand specifically in the Chinese market, inking a deal with payer and provider Ping An.

Keep Reading >>
 
 
 
Also: Rubicon Technology Partners acquires majority stake in patient orchestration platform; Peloton app launches on Apple TV.

Keep Reading >>
 
 
 
The Fast Start funding comes from Innovate UK, the UK’s innovation agency, and the government to enlarge the IWS program.

Keep Reading >>
 
 
 
"Cybersecurity Leadership" author Mansur Hasib, also known as "Dr. Cybersecurity," discusses cybersecurity leadership in crises such as pandemics and hurricanes.

Keep Reading >>
 
 
By HIMSS Insights
 
There is a renaissance of wearables in digital healthcare. More and more of them, many AI-empowered, are finding their way into serious clinical trials, thus contributing to medical evidence and ultimately better patient care. But with data comes responsibility: The question of how to design a digital healthcare data space that respects the privacy of individuals while at the same time providing maximal medical benefit is more important than ever.

Download the ebook now >>
 
 
ADVERTISEMENT
HIMSS Analytics
 
Nurse with a face mask working at a computer
 
ADAPTING TO THE "NEW NORMAL"
 
This month we look at how the COVID-19 pandemic is fundamentally changing healthcare organizations' approaches to security, now and in the future.
 
 
 
 
 
2 Monument Sq., Ste 400 Portland, ME 04101