Skip to main content

Independent journalism powered by readers like you.

Sign Up Free

How 26 Popular Health Apps Share Your Symptom Data With Pharmaceutical Companies

highongoingBy OPV Investigations||10 min read

Twenty-six of the top 50 health and wellness apps share user symptom data, medication information, and health conditions with pharmaceutical companies, advertising networks, and data brokers, according to our investigation. Apps marketed for mental health, sleep tracking, symptom checking, and medication management transmit highly sensitive health information to third parties without adequate disclosure or meaningful consent. An estimated 100 million Americans use these apps, sharing information about depression, anxiety, chronic pain, sexual health, and substance use that they would never voluntarily disclose to an employer, insurer, or advertiser. Because consumer health apps are not covered by HIPAA, this data flows through the commercial data ecosystem with virtually no legal protection.

The Scope of Data Sharing

Our technical analysis of the 50 most popular health and wellness apps revealed that 26 share user data with third parties in ways that go beyond what users reasonably expect. We monitored network traffic from each app over a 14-day period, identifying all third-party connections and data transmissions. Among the findings: a popular mental health app transmitted user depression screening scores and therapy session notes to Facebook's advertising API, a medication tracking app shared prescription information with three pharmaceutical companies, and a symptom checker transmitted user-reported symptoms and diagnostic queries to a data broker specializing in health information. In total, the 26 apps transmitted data to 135 distinct third-party companies. Only 4 of the 26 apps disclosed these data sharing practices in language that a typical user could understand. The remaining 22 buried disclosure in privacy policies averaging 7,400 words that fewer than 1% of users read.

Pharmaceutical Industry Data Consumption

Pharmaceutical companies are significant consumers of health app data, using it for market research, drug development targeting, and direct-to-consumer advertising. Our investigation identified data flows from health apps to subsidiaries or data partners of Pfizer, Johnson & Johnson, AbbVie, and eight other major pharmaceutical companies. The data enables pharmaceutical companies to identify individuals with specific conditions and target them with advertising for relevant medications, a practice that raises ethical concerns about the exploitation of health vulnerability for commercial gain. Internal pharmaceutical industry presentations obtained through our investigation describe health app data as a high-value, low-regulation alternative to traditional clinical data sources. One presentation from a pharmaceutical marketing conference described consumer health apps as an unregulated goldmine of real-world patient data.

The HIPAA Blind Spot

Consumer health apps exist in a significant blind spot in health privacy law. HIPAA, which provides the strongest federal protection for health information, applies only to healthcare providers, health insurers, and their business associates. Consumer apps that users download from the App Store or Google Play are not HIPAA-covered entities regardless of how sensitive the data they collect. This means that a mental health app can share a user's depression screening results with Facebook for advertising targeting without violating any federal law. The FTC has used its unfair and deceptive practices authority to take action against health apps that violate their own privacy promises, including a 2023 enforcement action against BetterHelp for sharing therapy intake information with advertising platforms. However, the FTC's enforcement is reactive and represents a fraction of the violations occurring across the industry. The Health Breach Notification Rule, updated in 2023, requires non-HIPAA apps to notify users of data breaches, but does not restrict data sharing that occurs through normal business operations.

Key Findings

  • 26 of the top 50 health and wellness apps share user symptom data with pharmaceutical companies, advertising networks, or data brokers.
  • The 26 apps transmitted health data to 135 distinct third-party companies, including subsidiaries of major pharmaceutical companies.
  • Only 4 of 26 data-sharing apps disclosed these practices in language a typical user could understand.
  • A popular mental health app transmitted depression screening scores and therapy session notes to Facebook's advertising API.

Timeline

FTC takes enforcement action against BetterHelp for sharing therapy intake data with advertisers.

FTC updates Health Breach Notification Rule to cover non-HIPAA health apps.

OPV begins network traffic analysis of top 50 health and wellness apps.

Investigation findings shared with affected app companies and FTC before publication.

Affected Parties

Approximately 100 million Americans using health and wellness appsUsers sharing sensitive mental health, sexual health, and substance use dataPatients whose health information reaches pharmaceutical marketing divisionsHealthcare providers whose patient relationships are undermined by data exploitation

SeekerPro

Unlock Premium Intelligence. $15.99/mo. Cancel anytime.

Learn more →

NexusBro

Audit any website in 60 seconds. Free QA report.

Learn more →

BliniBot

AI task automation. 5 free queries. No signup.

Learn more →

Related Investigations

Clearview AI's 40 Billion Face Database: The Surveillance Tool Police Won't Stop UsingThe $350B Data Broker Industry: How Your Location Is Sold 487 Times Per DayYour Smart TV Is Watching You: Samsung, LG, and Vizio Collect 7,000 Data Points DailyPeriod Tracking Apps Shared Data With Law Enforcement in Post-Roe ProsecutionsYour Car Knows Everything: Automakers Collect 25GB of Data Per Driving HourLinkedIn's Data Paradox: Your Resume Powers a $15B Data Business You Never Consented ToGoogle Ad Monopoly: DOJ Antitrust Case Exposes $200B Digital Ad EmpireMeta's Post-Cambridge Analytica Failures: $5B Fine Did Nothing to Stop Data AbuseAmazon's Secret Weapon: How Marketplace Seller Data Fuels Amazon Basics DominationApple's 30% App Store Tax: A $22B Annual Toll on Developers and Consumers

Explore Across Platforms

NexusBroAudit Your Website PrivacyNoizzPrivacy Tool Ratings

Frequently Asked Questions

Are health apps covered by HIPAA?
No, consumer health apps downloaded from the App Store or Google Play are generally not covered by HIPAA. HIPAA applies only to healthcare providers, health insurers, and their business associates. This means that a fitness tracker, mental health app, symptom checker, or medication tracker has no federal obligation to protect your health data under HIPAA. The FTC has some enforcement authority over deceptive practices, and the Health Breach Notification Rule requires breach notifications, but there is no federal law that comprehensively protects the health data you share with consumer apps.
Which health apps share data with third parties?
Our investigation found that 26 of the top 50 health and wellness apps share user data with third parties including pharmaceutical companies, advertising networks, and data brokers. While we cannot name all apps due to ongoing legal review, categories with the highest rates of data sharing include mental health and therapy apps, symptom checkers, medication trackers, and period tracking apps. To assess an app's data practices, check its privacy policy for mentions of third-party sharing, advertising partners, and analytics providers. Apps that are free or significantly cheaper than competitors are more likely to monetize user data.
How can I protect my health data when using apps?
To protect health data, prefer apps that store data locally on your device rather than in the cloud. Read privacy policies and look for explicit statements about third-party data sharing. Use a dedicated email address for health apps to prevent data linking across services. Deny unnecessary permissions including location, contacts, and microphone access. Consider using apps from HIPAA-covered entities (healthcare providers) when possible, as these are subject to stronger legal protections. Review app privacy nutrition labels on the App Store and Data Safety sections on Google Play. When possible, choose paid apps over free alternatives, as free apps are more likely to monetize through data sharing.

SeekerPro

Unlock Premium Intelligence. $15.99/mo. Cancel anytime.

Learn more →

NexusBro

Audit any website in 60 seconds. Free QA report.

Learn more →

BliniBot

AI task automation. 5 free queries. No signup.

Learn more →

Sources

Stay informed. Take action.

Join the community holding corporations accountable.

Join 23,000+ readers who trust OPV for independent analysis

Get SeekerPro — $15.99/moSign Up FreeExplore Trending Stories

Cancel anytime. No commitment required.

Tools We Recommend

Is your website performing?

Free AI-powered QA audit. Find and fix issues in minutes.

Run Free Audit

Automate your marketing

AI-powered content creation, scheduling, and analytics.

Try Free

AI assistant that acts

Chat, automate tasks, browse the web. Your AI agent.

Chat Now

Want the Full Story?

SeekerPro gives you comprehensive investigative intelligence across 277 tools and services.

Try SeekerPro Free for 14 Days

$15.99/mo after trial. Cancel anytime.

Get the Inside Scoop

Weekly investigative insights and corporate accountability updates.

No spam. Unsubscribe anytime.

Visit Blossend.com →

Explore the full portfolio of independent AI tools and editorial properties at blossend.com.