Recovery Record: Eating Disorder Management
Data recenzji: 25 kwietnia 2023
Recovery Record makes two separate apps to help people manage eating disorders. The first is targeted at patients and is free to download and use. Called Recovery Record: Eating Disorder Management, this apps helps users keep track of their meals, create customized meal plans and eating schedules, send and receive anonymous encouraging messages with other users, and share their recovery journey with their treatment team.
The second app, called Recovery Record for Clinicians, is designed to let eating disorder treatment professionals engage with their patients between visits to help keep them on track in their recovery. The app for clinicians requires a subscription, costing between $9 - $80. How do these apps look from a privacy perspective? They have improved since we first reviewed them in 2022 and that is something good to see.
Co się może stać, jeśli coś pójdzie nie tak?
First reviewed April 20, 2022. Review updated, April 25, 2023
Read our review from 2022:
Recovery Record can collect a fair amount of personal and usage data, including name, age, gender, city/town, and email address. They also say "clinicians and support persons involved in your care may provide us information, including protected health information, about you." They do say US HIPAA privacy laws requires them "to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of this information." This is a fine line it seems many mental health apps walk -- the line between the privacy protections therapists are required to follow under HIPAA laws and the current data economy apps operate under that leads to the collection of personal information to provide and market their paid services.
Recovery Record also may collect anonymized or aggregate data and "use it for any purpose." That's a pretty broad statement. Especially because it's been shown to be pretty easy to re-identify user data.
Wskazówki, jak się chronić
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Czy może mnie podsłuchiwać?
Urządzenie: Nie dotyczy
Urządzenie: Nie dotyczy
Urządzenie: Nie dotyczy
Czego można użyć do rejestracji?
Konto firmy trzeciej
Jakie dane zbiera ta firma?
Email, name, age, gender, city/town
Związane z ciałem
Clinicians and support persons involved in your care may provide information, including protected health information, about you.
Jak ta firma wykorzystuje te dane?
Jak możesz kontrolować swoje dane?
Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?
No known privacy or security incidents discovered in the last 3 years.
Informacje o prywatności dziecka
Czy ten produkt może być używany bez połączenia z siecią?
Przyjazne dla użytkownika informacje o prywatności?
Odnośniki do informacji o prywatności
Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa?
Data is encrypted in transit (TLS). PHI and PII are encrypted in the database (AES). A KMS is used to manage keys. EBS (disks) partitions are encrypted. Backups are encrypted.
When we first reviewed Recovery Record, the weak password "11111111" is allowed. Since we published our review, Recovery Record has updated their password requirements to now require a strong password which we love to see.
Zajmuje się problemami z bezpieczeństwem
While Recovery Record doesn't have a bug bounty program, they do say they have policies and procedures that have been reviewed by third party assessors as part of the HITRUST certification process. Anyone can contact them through https://www.recoveryrecord.com/contact to report a security vulnerability.
Zasady ochrony prywatności
Dowiedz się więcej
The Best Eating Disorder Recovery Apps for 2022Healthline
Mental health app privacy language opens up holes for user dataThe Verge
Eating Disorders: How mHealth Apps May Improve Treatment AdherencePsycom Pro
Recovery Record appHealth Navigator
Researchers spotlight the lie of ‘anonymous’ dataTechCrunch
How to Create a Mental Health App to Track Anxiety and Depressionaimprosoft
Summary of the HIPAA Privacy RuleU.S. Department of Health and Human Services
Masz uwagi? Podziel się nimi z nami.