Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study

BACKGROUND: Despite the importance of the privacy and confidentiality of patients’ information, mobile health (mHealth) apps can raise the risk of violating users’ privacy and confidentiality. Research has shown that many apps provide an insecure infrastructure and that security is not a priority fo...

Descripción completa

Detalles Bibliográficos
Autores principales: Rezaee, Rita, Khashayar, Mahboobeh, Saeedinezhad, Saeed, Nasiri, Mahdi, Zare, Sahar
Formato: Online Artículo Texto
Lenguaje:English
Publicado: JMIR Publications 2023
Materias:
Original Paper
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10020905/
https://www.ncbi.nlm.nih.gov/pubmed/36862494
http://dx.doi.org/10.2196/39055
_version_ 1784908363080925184
author Rezaee, Rita
Khashayar, Mahboobeh
Saeedinezhad, Saeed
Nasiri, Mahdi
Zare, Sahar
author_facet Rezaee, Rita
Khashayar, Mahboobeh
Saeedinezhad, Saeed
Nasiri, Mahdi
Zare, Sahar
author_sort Rezaee, Rita
collection PubMed
description BACKGROUND: Despite the importance of the privacy and confidentiality of patients’ information, mobile health (mHealth) apps can raise the risk of violating users’ privacy and confidentiality. Research has shown that many apps provide an insecure infrastructure and that security is not a priority for developers. OBJECTIVE: This study aims to develop and validate a comprehensive tool to be considered by developers for assessing the security and privacy of mHealth apps. METHODS: A literature search was performed to identify papers on app development, and those papers reporting criteria for the security and privacy of mHealth were assessed. The criteria were extracted using content analysis and presented to experts. An expert panel was held for determining the categories and subcategories of the criteria according to meaning, repetition, and overlap; impact scores were also measured. Quantitative and qualitative methods were used for validating the criteria. The validity and reliability of the instrument were calculated to present an assessment instrument. RESULTS: The search strategy identified 8190 papers, of which 33 (0.4%) were deemed eligible. A total of 218 criteria were extracted based on the literature search; of these, 119 (54.6%) criteria were removed as duplicates and 10 (4.6%) were deemed irrelevant to the security or privacy of mHealth apps. The remaining 89 (40.8%) criteria were presented to the expert panel. After calculating impact scores, the content validity ratio (CVR), and the content validity index (CVI), 63 (70.8%) criteria were confirmed. The mean CVR and CVI of the instrument were 0.72 and 0.86, respectively. The criteria were grouped into 8 categories: authentication and authorization, access management, security, data storage, integrity, encryption and decryption, privacy, and privacy policy content. CONCLUSIONS: The proposed comprehensive criteria can be used as a guide for app designers, developers, and even researchers. The criteria and the countermeasures presented in this study can be considered to improve the privacy and security of mHealth apps before releasing the apps into the market. Regulators are recommended to consider an established standard using such criteria for the accreditation process, since the available self-certification of developers is not reliable enough.
format Online
Article
Text
id pubmed-10020905
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher JMIR Publications
record_format MEDLINE/PubMed
spelling pubmed-100209052023-03-18 Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study Rezaee, Rita Khashayar, Mahboobeh Saeedinezhad, Saeed Nasiri, Mahdi Zare, Sahar JMIR Mhealth Uhealth Original Paper BACKGROUND: Despite the importance of the privacy and confidentiality of patients’ information, mobile health (mHealth) apps can raise the risk of violating users’ privacy and confidentiality. Research has shown that many apps provide an insecure infrastructure and that security is not a priority for developers. OBJECTIVE: This study aims to develop and validate a comprehensive tool to be considered by developers for assessing the security and privacy of mHealth apps. METHODS: A literature search was performed to identify papers on app development, and those papers reporting criteria for the security and privacy of mHealth were assessed. The criteria were extracted using content analysis and presented to experts. An expert panel was held for determining the categories and subcategories of the criteria according to meaning, repetition, and overlap; impact scores were also measured. Quantitative and qualitative methods were used for validating the criteria. The validity and reliability of the instrument were calculated to present an assessment instrument. RESULTS: The search strategy identified 8190 papers, of which 33 (0.4%) were deemed eligible. A total of 218 criteria were extracted based on the literature search; of these, 119 (54.6%) criteria were removed as duplicates and 10 (4.6%) were deemed irrelevant to the security or privacy of mHealth apps. The remaining 89 (40.8%) criteria were presented to the expert panel. After calculating impact scores, the content validity ratio (CVR), and the content validity index (CVI), 63 (70.8%) criteria were confirmed. The mean CVR and CVI of the instrument were 0.72 and 0.86, respectively. The criteria were grouped into 8 categories: authentication and authorization, access management, security, data storage, integrity, encryption and decryption, privacy, and privacy policy content. CONCLUSIONS: The proposed comprehensive criteria can be used as a guide for app designers, developers, and even researchers. The criteria and the countermeasures presented in this study can be considered to improve the privacy and security of mHealth apps before releasing the apps into the market. Regulators are recommended to consider an established standard using such criteria for the accreditation process, since the available self-certification of developers is not reliable enough. JMIR Publications 2023-03-02 /pmc/articles/PMC10020905/ /pubmed/36862494 http://dx.doi.org/10.2196/39055 Text en ©Rita Rezaee, Mahboobeh Khashayar, Saeed Saeedinezhad, Mahdi Nasiri, Sahar Zare. Originally published in JMIR mHealth and uHealth (https://mhealth.jmir.org), 02.03.2023. https://creativecommons.org/licenses/by/4.0/This is an open-access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in JMIR mHealth and uHealth, is properly cited. The complete bibliographic information, a link to the original publication on https://mhealth.jmir.org/, as well as this copyright and license information must be included.
spellingShingle Original Paper
Rezaee, Rita
Khashayar, Mahboobeh
Saeedinezhad, Saeed
Nasiri, Mahdi
Zare, Sahar
Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study
title Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study
title_full Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study
title_fullStr Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study
title_full_unstemmed Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study
title_short Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study
title_sort critical criteria and countermeasures for mobile health developers to ensure mobile health privacy and security: mixed methods study
topic Original Paper
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10020905/
https://www.ncbi.nlm.nih.gov/pubmed/36862494
http://dx.doi.org/10.2196/39055
work_keys_str_mv AT rezaeerita criticalcriteriaandcountermeasuresformobilehealthdeveloperstoensuremobilehealthprivacyandsecuritymixedmethodsstudy
AT khashayarmahboobeh criticalcriteriaandcountermeasuresformobilehealthdeveloperstoensuremobilehealthprivacyandsecuritymixedmethodsstudy
AT saeedinezhadsaeed criticalcriteriaandcountermeasuresformobilehealthdeveloperstoensuremobilehealthprivacyandsecuritymixedmethodsstudy
AT nasirimahdi criticalcriteriaandcountermeasuresformobilehealthdeveloperstoensuremobilehealthprivacyandsecuritymixedmethodsstudy
AT zaresahar criticalcriteriaandcountermeasuresformobilehealthdeveloperstoensuremobilehealthprivacyandsecuritymixedmethodsstudy

Ejemplares similares