Is my health information safe? What consumers need to know

Written by:
Dr. Geoffrey W. Rutledge
Chief Medical Officer and Co-founder
Last updated on November 14, 2019

Medical information is intensely private. For doctors, the confidential relationship we have with our patients is a sacred trust—one that comes with great responsibility. As a physician, as well as the Chief Medical Officer at HealthTap, I’m often asked how best to protect privacy because, while technology often can improve healthcare quality, convenience and accessibility, it also can make it difficult to know who is seeing what.

That became clear when recent findings published by researchers at the University of Toronto raised concerns that health and wellness apps routinely share and/or sell patient data to third-parties such as Facebook, Amazon and Google. Many of the third parties identified in the study also share patient data with fourth parties. While past studies have revealed that apps can “break the rules” by selling data, this study was especially unsettling because it focused on apps that have access to highly sensitive information about medications.

Patients who were once excited about the possibility of apps to improve their well being called to say they were concerned.

Here’s the advice I have given--and that I’ve followed--for years: Use caution when downloading health apps and verify privacy policies before entering personal data. Issues to watch for include:

  • What type of sensitive data is gathered, including birth date and location
  • Whether an app has access to other information on your phone or device, such as photos
  • How information is used and retained, and who has access to it
  • How long information is saved, especially when you stop using the app
  • Whether health information is handled by a third-party and for what purpose

I also reinforce that patients can trust their doctors with confidential information, whether they are visiting an office or doing a virtual consult with a HealthTap doctor.

Medical ethics, state laws and HIPAA (the federal Health Insurance Portability and Accountability Act) require doctors and their staff to keep medical records confidential—unless you allow the doctor to disclose them.

Surprisingly, it’s not illegal for most apps to share and sell patient data. It’s disturbing that our most intimate concerns—pregnancy, mental health, addiction recovery, to name a few—could be shared with entities ranging from credit agencies to telecommunications companies. Together with my patients, I’m concerned that health information is being commoditized by data brokers.

As a healthcare platform, HealthTap works diligently to ensure that all patient medical information is confidential. HealthTap has never sold patient information to third parties. The platform doesn’t host ads or promotions, maintaining a strict policy to avoid possible conflicts of interest. You can read more about our privacy policy here.

Lawmakers are currently grappling with how to ensure privacy for health and wellness app users, with some inroads made in Europe. Here in the US, however, it may be a case of “user beware.”

Quality medical care is built on patients being able to trust their doctors. It’s vital that patients continue trusting doctors and that people aren’t cautious when telling a doctor their concerns.When you use HealthTap or have a virtual consultation with a HealthTap doctor, you can rest assured that your information is safe, secure and confidential.

Dr. Geoffrey W. Rutledge

Dr. Geoffrey W. Rutledge

Chief Medical Officer and Co-founder
Geoffrey W. Rutledge MD, PhD, FACMI, Chief Medical Officer and co-founder at HealthTap, is a double-board certified physician who practiced and taught medicine for more than 25 years. He earned a PhD in medical computer science from Stanford, was an NIH-funded researcher, and served on faculty at Harvard, Stanford, and UCSD medical schools. Before HealthTap, he created the first consumer health website and PHR at Healtheon/WebMD. Learn more about HealthTap's Medical Editorial Board at

More articles in Data Privacy

Read more

Not just a doctor —
your doctor