Recovery Record: Eating Disorder Management
Fecha de la reseña: 25 de Abril de 2023
Recovery Record makes two separate apps to help people manage eating disorders. The first is targeted at patients and is free to download and use. Called Recovery Record: Eating Disorder Management, this apps helps users keep track of their meals, create customized meal plans and eating schedules, send and receive anonymous encouraging messages with other users, and share their recovery journey with their treatment team.
The second app, called Recovery Record for Clinicians, is designed to let eating disorder treatment professionals engage with their patients between visits to help keep them on track in their recovery. The app for clinicians requires a subscription, costing between $9 - $80. How do these apps look from a privacy perspective? They have improved since we first reviewed them in 2022 and that is something good to see.
¿Qué podría pasar si algo falla?
First reviewed April 20, 2022. Review updated, April 25, 2023
Read our review from 2022:
Recovery Record can collect a fair amount of personal and usage data, including name, age, gender, city/town, and email address. They also say "clinicians and support persons involved in your care may provide us information, including protected health information, about you." They do say US HIPAA privacy laws requires them "to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of this information." This is a fine line it seems many mental health apps walk -- the line between the privacy protections therapists are required to follow under HIPAA laws and the current data economy apps operate under that leads to the collection of personal information to provide and market their paid services.
Recovery Record also may collect anonymized or aggregate data and "use it for any purpose." That's a pretty broad statement. Especially because it's been shown to be pretty easy to re-identify user data.
Consejos para protegerte
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
¿Me puede espiar?
Dispositivo: No aplica
Dispositivo: No aplica
Rastrea la ubicación
Dispositivo: No aplica
¿Qué se puede usar para registrarse?
Cuenta de terceros
¿Qué datos recopila la empresa?
Email, name, age, gender, city/town
Clinicians and support persons involved in your care may provide information, including protected health information, about you.
¿Cómo utiliza la empresa estos datos?
¿Cómo puedes controlar el uso de tus datos?
¿Qué historial tiene la compañía en cuanto a la protección de los datos de los usuarios?
No known privacy or security incidents discovered in the last 3 years.
Información sobre privacidad infantil
¿El producto se puede usar sin conexión?
¿La información de privacidad es fácil de entender?
Enlaces a información de privacidad
¿El producto cumple nuestros estándares mínimos de seguridad?
Data is encrypted in transit (TLS). PHI and PII are encrypted in the database (AES). A KMS is used to manage keys. EBS (disks) partitions are encrypted. Backups are encrypted.
When we first reviewed Recovery Record, the weak password "11111111" is allowed. Since we published our review, Recovery Record has updated their password requirements to now require a strong password which we love to see.
Actualizaciones de seguridad
Gestiona las vulnerabilidades
While Recovery Record doesn't have a bug bounty program, they do say they have policies and procedures that have been reviewed by third party assessors as part of the HITRUST certification process. Anyone can contact them through https://www.recoveryrecord.com/contact to report a security vulnerability.
Política de privacidad
The Best Eating Disorder Recovery Apps for 2022Healthline
Mental health app privacy language opens up holes for user dataThe Verge
Eating Disorders: How mHealth Apps May Improve Treatment AdherencePsycom Pro
Recovery Record appHealth Navigator
Researchers spotlight the lie of ‘anonymous’ dataTechCrunch
How to Create a Mental Health App to Track Anxiety and Depressionaimprosoft
Summary of the HIPAA Privacy RuleU.S. Department of Health and Human Services
¿Tienes algún comentario? Queremos escucharte.