Governments must act decisively to fill the regulatory void, ensuring that technological advancements in health are aligned with human rights principles
Digital health apps have the potential to revolutionize healthcare by enhancing the availability, accessibility, acceptability, and quality (AAAQ) of health services. These innovations can be especially transformative in regions with limited resources, such as the Global South, where access to quality healthcare is often lacking. Technologies like telemedicine and mobile health apps can bridge gaps in healthcare provision, making essential services more accessible. However, the regulatory landscape governing these apps is uneven and often inadequate, particularly in Asia and Africa, posing significant challenges to privacy, security, and the broader realization of health rights.
Fractured Legal and Regulatory Framework
In Africa, with its 228.05 million app users among a population of nearly 1.5 billion, there is a glaring absence of specific regulations for health apps. While these apps ideally fall under data protection laws, 17 African countries lack any such laws, and six others are still in the process of drafting legislation. This regulatory void has profound implications, leaving user data vulnerable to misuse without adequate governance over its collection, tracking, and transmission.
Similarly, in India the legal and regulatory framework governing digital health in is currently fragmented and unclear. This ambiguity is compounded by a lack of comprehensive legal scholarship on the subject. The vast scope of digital health—encompassing service delivery, data aggregation and processing, business models, and technological advancements—contributes to the disjointed regulatory environment. Consequently, there is considerable scepticism about the large-scale digitization of healthcare in India, driven by concerns over potential data mismanagement, misuse, leaks, and exploitation by private sector stakeholders. Privacy advocates have expressed strong opposition to various government policy initiatives, citing the risks to data privacy and security.
Health Rights and Technological Advancement
A study titled ‘Mobile health and privacy: Cross sectional study’ published in the BMJ Journal (2021) analyzed 20,000 health-related apps and uncovered alarming privacy breaches and widespread non-compliance with existing regulations. For instance, only 43% of medication management apps adhere to current standards. Most users remain unaware of the privacy risks associated with these apps, and only a third implement basic encryption measures, further jeopardizing data security. This situation threatens both the security of health data and the broader spectrum of health rights, including the right to privacy.
The balance between technological advancement and the protection of health rights is delicate. Health apps collecting sensitive information without proper data protection can lead to unauthorized access and misuse of personal health data, undermining trust in health services and potentially causing harm. The UN Special Rapporteur’s report on digital innovation and the right to health (April 2023) cautions against technology use that does not align with human rights principles. Biased algorithms and data practices can result in discriminatory outcomes if not adequately addressed, perpetuating inequalities and excluding marginalized groups from the benefits of digital health technologies.
Even in countries like Kenya and South Africa, where data protection legislation is more advanced, translating these laws into enforceable regulations within health apps remains challenging. The Special Rapporteur emphasizes that technological governance must align with human rights principles to ensure that digital health technologies enhance, rather than hinder, the right to health. Regulators face difficulties in scrutinizing the opaque terms of many health apps, which can violate medical ethics and expose users to rights violations.
Mobile Health Apps and the Cost of Privacy
Research into the design and data management practices of mobile health apps have highlighted significant deficiencies. Unauthorized sharing of personal health data with insurance companies can lead to higher premiums or denial of coverage. Mental health apps, for instance, have been found to share sensitive information, such as details from therapy sessions, with third-party advertisers, resulting in targeted ads that could harm users’ mental well-being. Similarly, fitness apps that inadvertently share location data can compromise user safety by exposing daily routines.
The current lax approach to data privacy and security in mobile health apps underscores the urgent need for stronger protective measures and ethical guidelines. This urgency is heightened by the lack of research on how data collected by these apps is utilized, especially in low- and middle-income countries. The principles of non-discrimination, equality, and privacy emphasized in the Special Rapporteur’s report provide a crucial framework for evaluating data governance.
Terms of use, the legal foundation of the user-provider relationship, are paramount in defining and upholding users’ rights within digital health services. Ensuring non-discrimination requires that these terms be crafted inclusively, considering the diverse needs of users and striving for fair service for all. Addressing discrimination involves more than inclusive terms; it demands proactive design ethics and broader efforts to improve technology access, especially in regions with low app accessibility like Africa. Transparent and user-friendly data management policies prioritizing privacy, consent, and data protection are essential. Regulatory frameworks should enforce privacy and data security standards that apps must meet before entering the market. This regulatory approach would shift the responsibility from users to governing bodies, ensuring that all health apps provide a secure and private service.
Health apps must be mandated to incorporate standards for informed consent in their terms and conditions. This includes presenting data usage policies clearly and concisely, easily comprehensible by all users. Crucially, these explanations should not be buried within lengthy documents but highlighted in a way that makes key points regarding data use and user rights immediately apparent. This approach shifts the burden from users deciphering complex terms to developers providing straightforward, transparent consent procedures, fostering a trust-based user experience.
While the Special Rapporteur’s report does not specifically address health apps’ terms and the data they gather, it lays the groundwork for a human rights-based approach to their governance. Expecting developers to adopt these principles in the absence of regulatory requirements is unrealistic. The imperative lies with governments to create and enforce data protection laws grounded in human rights, mandating app developers to meet these standards. Advocacy efforts should focus on influencing policy and legislation, ensuring that privacy and equality are embedded within the digital health landscape. Only with such targeted regulation will health apps uphold users’ rights and dignity.
Bridging the digital health apps
The potential of digital health apps to enhance healthcare delivery is immense, particularly in resource-limited settings. However, realizing this potential requires robust regulatory frameworks that protect user data and uphold health rights. Governments must act decisively to fill the regulatory void, ensuring that technological advancements in health are aligned with human rights principles. Only then can we truly harness the power of digital health to create a more equitable and secure future for all.
(Jitamanyu Sahoo is an advocate practicing at the High Court of Orissa and Delhi. Mujtaba Hussain is a Lawyer with specialisation on public health and child rights)
