Telemedicine apps are using your private data without your consent

You are sick but due to the high cost of accessing healthcare in Kenya, you choose to sample a number of the available telemedicine platforms on Google Playstore for help.

You settle for one, which, compared to the physical hospital consultation fee of Sh5,000, only asks for Sh900. You go ahead to fill in your health details on the app. A doctor meets you online, assesses you and diagnoses you with a disease after which he or she prescribes medicine to you. An app like MyDawa will actually deliver the medicine to your house.

But behind all this convenience lies a huge caveat: A week later a flurry of adverts start flooding your phone in the form of SMSs and emails, first asking you to rate the app’s services and then going ahead to ask you to recommend the service to your friends and family. And then, the daily reminders of what products are on offer, why you should take tests for blood pressure, cancer, sugar levels and even HIV – all without your consent.

“I didn’t know they’ll use the information I filled online to send me alerts I didn’t subscribe to. They don’t even provide a terms and conditions disclaimer when you sign up to their services,” says 41-year-old Joy Mumbi, who has since blocked the notifications. 

This is despite the fact that Kenya has a Data Protection law that prohibits the soliciting and sharing of private data by data collectors and controllers. Many telehealth apps and even mainstream hospitals that offer virtual health services have been bombarding patients with unnecessary messages without their consent. The law requires express, explicit, unequivocal, free, specific, and informed consent to personal data processing from the data subjects. 

The issue of what data is collected, and what’s done with it, had become much more urgent in the light of accelerated efforts to find a Covid-19 vaccine globally, but remains unaddressed locally.

Now, health experts have asked governments in Africa to develop a regulatory framework for telemedicine to protect patients’ private data and curb unscrupulous medics in foreign countries from taking advantage of patients.  

Speaking at Mama Grace Onyango Social Centre in Kisumu during the Digital Health in Africa Conference, Africa Health Business Executive Chairman Amit Thakker said the gap is a setback to the telemedicine subsector,  which has huge potential in enhancing access to quality medical care across the continent.

“The regulation space in our countries is weak. A patient in Kisumu might be seeking consultation in India but is charged an exorbitant amount. What if the patient develops complications? How are these concerns going to be handled?” Posed Dr Thakker.

The regulations, he added, could unlock the sector and remove barriers to ensure that millions of Kenyans have access to quality medical care at the click of a button but only through safe online environments for private data.

A Kaspersky study shows that nearly nine out of 10 healthcare organisations in the Middle East and Africa Region provide telehealth services but 99 per cent of patients cannot trust them with their private data. Some 63 per cent of them have experienced cases where patients refused telehealth services due to privacy concerns. 

A 2021 Zoho research indicates that 58 per cent of companies in Kenya, telehealth providers included, allow third-party trackers on their apps to collect data without owners’ consent. 

[email protected]