Cargando…

Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation

BACKGROUND: With the development of mobile health (mHealth), chronic disease management apps have brought not only the possibility of reducing the burden of chronic diseases but also huge privacy risks to patients’ health data. OBJECTIVE: The purpose of the study was to analyze the extent to which c...

Descripción completa

Detalles Bibliográficos
Autores principales: Ni, Zhenni, Wang, Yiying, Qian, Yuxing
Formato: Online Artículo Texto
Lenguaje:English
Publicado: JMIR Publications 2021
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7878107/
https://www.ncbi.nlm.nih.gov/pubmed/33507159
http://dx.doi.org/10.2196/23409
_version_ 1783650291362562048
author Ni, Zhenni
Wang, Yiying
Qian, Yuxing
author_facet Ni, Zhenni
Wang, Yiying
Qian, Yuxing
author_sort Ni, Zhenni
collection PubMed
description BACKGROUND: With the development of mobile health (mHealth), chronic disease management apps have brought not only the possibility of reducing the burden of chronic diseases but also huge privacy risks to patients’ health data. OBJECTIVE: The purpose of the study was to analyze the extent to which chronic disease management apps in China comply with the Personal Information Security Specification (PI Specification). METHODS: The compliance of 45 popular chronic disease management apps was evaluated from the perspective of the information life cycle. To conduct a fine-grained evaluation, a scale based on the PI Specification was developed. Finally, 6 level 1 indicators, 22 level 2 indicators, and 61 level 3 indicators were defined. RESULTS: There were 33/45 apps (73%) with a privacy policy, and the average score of these apps was 40.4 out of 100. Items of level 1 indicators with high scores included general characteristics (mean 51.9% [SD 28.1%]), information collection and use (mean 51.1% [SD 36.7%]), and information sharing and transfer (mean 50.3% [SD 33.5%]). Information storage and protection had the lowest compliance with PI Specification (mean 29.4% [SD 32.4%]). Few personal information (PI) controllers have stated how to handle security incidents, including security incident reporting (7/33, 21%), security incident notification (10/33, 30%), and commitment to bear corresponding legal responsibility for PI security incidents (1/33, 3%). The performance of apps in the stage of information destruction (mean 31.8% [SD 40.0%]) was poor, and only 21% (7/33) apps would notify third parties to promptly delete PI after individuals cancelled their accounts. Moreover, the scoring rate for rights of PI subjects is generally low (mean 31.2% [SD 35.5%]), especially for obtaining copies of PI (15%) and responding to requests (25%). CONCLUSIONS: Although most chronic disease management apps had a privacy policy, the total compliance rate of the policy content was low, especially in the stage of information storage and protection. Thus, the field has a long way to go with regard to compliance around personal privacy protection in China.
format Online
Article
Text
id pubmed-7878107
institution National Center for Biotechnology Information
language English
publishDate 2021
publisher JMIR Publications
record_format MEDLINE/PubMed
spelling pubmed-78781072021-02-23 Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation Ni, Zhenni Wang, Yiying Qian, Yuxing JMIR Mhealth Uhealth Original Paper BACKGROUND: With the development of mobile health (mHealth), chronic disease management apps have brought not only the possibility of reducing the burden of chronic diseases but also huge privacy risks to patients’ health data. OBJECTIVE: The purpose of the study was to analyze the extent to which chronic disease management apps in China comply with the Personal Information Security Specification (PI Specification). METHODS: The compliance of 45 popular chronic disease management apps was evaluated from the perspective of the information life cycle. To conduct a fine-grained evaluation, a scale based on the PI Specification was developed. Finally, 6 level 1 indicators, 22 level 2 indicators, and 61 level 3 indicators were defined. RESULTS: There were 33/45 apps (73%) with a privacy policy, and the average score of these apps was 40.4 out of 100. Items of level 1 indicators with high scores included general characteristics (mean 51.9% [SD 28.1%]), information collection and use (mean 51.1% [SD 36.7%]), and information sharing and transfer (mean 50.3% [SD 33.5%]). Information storage and protection had the lowest compliance with PI Specification (mean 29.4% [SD 32.4%]). Few personal information (PI) controllers have stated how to handle security incidents, including security incident reporting (7/33, 21%), security incident notification (10/33, 30%), and commitment to bear corresponding legal responsibility for PI security incidents (1/33, 3%). The performance of apps in the stage of information destruction (mean 31.8% [SD 40.0%]) was poor, and only 21% (7/33) apps would notify third parties to promptly delete PI after individuals cancelled their accounts. Moreover, the scoring rate for rights of PI subjects is generally low (mean 31.2% [SD 35.5%]), especially for obtaining copies of PI (15%) and responding to requests (25%). CONCLUSIONS: Although most chronic disease management apps had a privacy policy, the total compliance rate of the policy content was low, especially in the stage of information storage and protection. Thus, the field has a long way to go with regard to compliance around personal privacy protection in China. JMIR Publications 2021-01-28 /pmc/articles/PMC7878107/ /pubmed/33507159 http://dx.doi.org/10.2196/23409 Text en ©Zhenni Ni, Yiying Wang, Yuxing Qian. Originally published in JMIR mHealth and uHealth (http://mhealth.jmir.org), 28.01.2021. https://creativecommons.org/licenses/by/4.0/ This is an open-access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in JMIR mHealth and uHealth, is properly cited. The complete bibliographic information, a link to the original publication on http://mhealth.jmir.org/, as well as this copyright and license information must be included.
spellingShingle Original Paper
Ni, Zhenni
Wang, Yiying
Qian, Yuxing
Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation
title Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation
title_full Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation
title_fullStr Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation
title_full_unstemmed Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation
title_short Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation
title_sort privacy policy compliance of chronic disease management apps in china: scale development and content evaluation
topic Original Paper
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7878107/
https://www.ncbi.nlm.nih.gov/pubmed/33507159
http://dx.doi.org/10.2196/23409
work_keys_str_mv AT nizhenni privacypolicycomplianceofchronicdiseasemanagementappsinchinascaledevelopmentandcontentevaluation
AT wangyiying privacypolicycomplianceofchronicdiseasemanagementappsinchinascaledevelopmentandcontentevaluation
AT qianyuxing privacypolicycomplianceofchronicdiseasemanagementappsinchinascaledevelopmentandcontentevaluation