原文:As Apple Moves into Health Apps, What Happens to Privacy?
With its foray into health, Apple AAPL +0.23% is entering a fraught legal and privacy terrain.
Apple’s Tuesday event included three health-data plays: It introduced a smartwatch with sensors to double as a fitness device that can track steps, calories and heart rate, among other things. Its new mobile operating system, iOS 8, will include an app, Health, that is a dashboard for health and fitness information such as heart rate, calories burned, blood sugar and cholesterol, plus lab results and medications. And HealthKit, its recently announced repository for health and fitness data, can connect with doctors and other health-care providers.
Health data are sensitive, and Apple hasn’t said a lot about how the data will be used, and protected. Apple did not respond to requests for comment Tuesday. Here are some issues:
How will Apple handle apps and devices that sell data to advertisers and other third parties?
Many of the roughly 40,000 health apps and wearable devices on the market today make money by selling user data to marketers and other companies.
Apple recently told developers that apps may not use consumer data gathered from its HealthKit program for advertising or other data-mining purposes “other than improving health, medical and fitness management or for the purpose of medical research.” Apps that access HealthKit are required to have a privacy policy.
But some privacy experts say that leaves room for interpretation. Deborah Peel, founder of the nonprofit Patient Privacy Rights Foundation, notes that Apple’s guidelines don’t specifically require app companies to account for any disclosures they make. “Users should be able to see exactly how these apps are using their data,” she said.
One-third of apps recently tested by the Privacy Rights Clearinghouse, a privacy advocacy group, sent data to a third party not disclosed by the app developer. That could make it hard for Apple to enforce its rule.
On the other hand, if Apple does a good job policing apps, Americans could end up with more protections than they currently have, said Deven McGraw, a health-privacy expert and partner in the health-care practice of law firm Manatt, Phelps & Phillips LLP.
The issues extend beyond advertisers, said Marc Rotenberg, president of the Electronic Privacy Information Center, a privacy-advocacy group. For example, if DNA information is placed in an app, it’s possible that law enforcement or judges could seek it during a divorce or custody proceeding. Academic researchers may want access to the data.
Apple hasn’t said how it would handle these scenarios, says Rotenberg. As they “get into the business of collecting user data, they are going to confront more privacy questions,” Rotenberg said.
Will Apple attempt to make money off the data people upload into these new platforms?
Apple has partnered with Epic, a large provider of electronic medical records, to feed data into HealthKit, though few details of that arrangement have been disclosed. Apple has a good track record on privacy, but hasn’t said much about the business model for HealthKit.
The creation of HealthKit is spurring some health-care providers to develop tools for patients that could collect personal health data—such as whether they are exercising after leaving the hospital—to be sent to the hospital or doctor.
Medical researchers and insurers are eager for this type of data. For example, if millions of patients wind up connecting their medical records to HealthKit, hospitals and insurers might be interested in analyzing the health metrics — like how many steps people take, or heart rate, or medication regimens — in the populations that they care for and insure.
Will Apple sell this data? And if so, will it be sold at an individual or aggregate level, and what permissions will patients be asked to provide?
How and in what circumstances will Apple comply with health-privacy laws?
Insurers and health-care providers that compile and store patients’ medical records must comply with the Health Insurance Portability and Accountability Act, or HIPAA. The law says that entities that store this data cannot use or sell it for marketing or research without permission from patients. It also requires that these entities report data breaches to the government and have privacy and security protocols.
Federal officials have said that most of the data consumers upload into apps won’t need to be covered, but HealthKit is also set up to receive HIPAA-protected data such as medical records and lab results.
Apple hasn’t said whether it will apply HIPAA protections to the sensitive data it collects. That would mean the company might not have to report breaches – such as the recent iCloud breach, in which hackers released naked photos of celebrities.
Apple recently said it won’t back up health data in iCloud, and that health data will be encrypted.
Will consumers rely on health apps instead of going to the doctor?
Health-data experts have pointed to a worrisome trend of consumers using apps for self-diagnosis. For example, a heart-rate device for pregnant women, or an app that helps consumers determine whether a mole may be skin cancer, may cause patients to skip doctor visits.
Apple has said it won’t collect data from apps that patients use to make such diagnoses, but many of these apps exist in a regulatory gray area, by marketing themselves as tools that aren’t diagnostic even when consumers are using them that way, said Bradley Merrill Thompson, an attorney specializing in medical devices at Epstein, Becker & Green P.C. “We have a significant segment of this consumer-facing market that is not strictly regimented for privacy and security,” McGraw said.
Apple’s entrance into the market could make it more mainstream, and potentially explode some of the underlying problems.
以下是我的译文:
随着苹果进入健康应用时代,隐私问题将有怎样变数?
苹果的强势进军健康应用领域,使得苹果正踏入一个交织着法律纠葛和隐私问题的敏感地带。
苹果公司周二的发布会包括了三款健康数据相关的产品:装有传感器的智能手表,可同时追踪步数、卡路里和心率等信息。它的新移动操作系统IOS8将装入名为健康的应用程序。这个应用是一个显示心率、卡路里消耗、血糖和胆固醇等健康信息和实验室结果以及药物的仪表盘。还有HealthKit,苹果近期宣称他们所获得的健康的信息数据将会传输给医生和其他医疗服务提供者。
健康数据带有敏感性的,况且苹果目前仍未谈及太多关于这些数据的使用和保护措施。这周二,苹果也未对评论请求一事进行回应。下面是一些相关问题:
苹果将如何处理那些将数据卖给广告主和其他第三方的应用及设备?
如今的市场,有大约40 000个健康应用和可穿戴设备被利用通过出售用户数据给买家和其他公司赚钱。
近日,苹果告知开发者,他们不能通过HealthKit平台以广告或其他数据挖掘目的出售数据,除非是为了改善健康、医疗和健身管理或者是用于医疗研究。需要运用HealthKit平台的应用程序被要求有隐私保护政策。
但是一些隐私保护专家说这仍有解释的余地。非营利组织病人隐私权力保护基金会的创始人黛博拉皮指出,苹果的大纲并没有特别的声明应用软件公司须为隐私的泄露承担责任。“用户应该清晰地了解这些应用程序是如何使用他们的数据的。”她说道。
近日,一家隐私权主张团体Privacy Rights Clearinghouse进行了检测,发现三分之一的应用程序向第三方发送了数据,但是并未被应用程序的开发者揭露出来。这会使得苹果推进实施其规则变得困难。
另一方面,如果苹果在保证应用程序维护用户隐私方面做的好的话,美国人将在隐私方面得到前所未有的保护。健康隐私专家兼Manatt, Phelps & Phillips LLP律师事务所健康保护实践合伙人戴文麦格理说道。
一家隐私主张机构电子隐私信息中心的负责人麦克罗腾贝格说,这些问题已经超越了广告商的层面了,比如说,如果DNA信息被置入一个应用程序里那么很可能执法部门或者法官在处理离婚或者监护权审判的时候需要这些信息。而学术研究工作者也可能需要这些数据。
苹果并没有表示将如何处理此类问题,罗腾贝格补充道,随着苹果收集用户数据的业务不断扩展,他们将会面对更多隐私问题。
苹果是否会尝试通过用户向新平台上传的数据赚钱?
苹果已和大型电子医疗记录提供商Epic合作,以便导入数据进入HealthKit平台,尽管这项安排的相关细节并未被揭露。苹果在隐私问题上有良好的纪录,但是,对于HealthKit的商业运营模式并未谈及太多。
HealthKit的产生推动了一些医疗服务提供者去开发为病人收集健康数据的工具,比如在病人离开医院后是否进行了锻炼,而这些数据就会被送达到医院或医生那里。
医疗研究人员和从事保险行业的人渴望得到此类型数据。举个例子,如果数以百万计的病人将他们的医疗信息上传至HealthKit,医院和保险公司可能感兴趣地去分析这些目标人群的健康指标,比如步数、心率和药物治疗方案。
苹果会出售这些数据吗?如果会,它将以个人数据单卖还是整体出售呢?病人又会被要求提供怎样的许可呢?
苹果将如何及在何种情况下遵守健康隐私保护法呢?
整理并存储病患医疗记录的美国保险商和医疗服务供应商必须遵循《健康保险便携和责任法案》(Health Insurance Portability and Accountability Act, 简称HIPAA)。该法案称,存储这些数据的实体未经病人允许,不得以营销或研究为目的使用或出售此类数据。一旦数据泄露,该法案同时表示必须向政府递交报告,同时要与用户达成隐私和安全协议。
联邦政府官员表示,消费者上传至应用程序的大部分数据是不在HIPAA的保护范围的,但是Healthkit可以被设置为接收HIPAA保护的数据比如医疗记录和实验结果。
苹果并未表示将它收集到的敏感数据进行HIPAA保护,这将意味着苹果可能不需要上报泄露信息,比如近期iCloud用户被黑客入侵,一些名人裸照被黑客侵入,传播到互联网中。
苹果近期声称不会备份iCloud的健康数据,并且那些数据会被加密。
消费者未来会依赖健康应用程序而不去看医生吗?
健康数据专家指出一令人担忧的趋势,即消费者在逐渐使用应用程序来进行自我诊断。举个例子,一个测量孕妇心率的装置或者帮助消费者诊断黑痣是否是皮肤癌的应用程序,可能导致病人不去看医生。
“苹果表示将不会收集病人在使用应用程序进行诊断所产生的数据,但是许多应用程序仍处在监管的灰色地带,他们并不是以诊断工具为营销推广但是消费者确实是为其诊断目的而使用。”Epstein, Becker & Green P.C.事务所的一位医疗设备领域的律师布拉德利美林汤普森如是说道,“我们面向消费者的市场,很重要的一部分组成是不太严格的隐私和安全。”
苹果进入这个医疗市场可能使其变得主流化,但渐渐地会暴露一些潜在的问题。
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
