Cargando…
Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation
BACKGROUND: With the development of mobile health (mHealth), chronic disease management apps have brought not only the possibility of reducing the burden of chronic diseases but also huge privacy risks to patients’ health data. OBJECTIVE: The purpose of the study was to analyze the extent to which c...
Autores principales: | , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
JMIR Publications
2021
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7878107/ https://www.ncbi.nlm.nih.gov/pubmed/33507159 http://dx.doi.org/10.2196/23409 |
_version_ | 1783650291362562048 |
---|---|
author | Ni, Zhenni Wang, Yiying Qian, Yuxing |
author_facet | Ni, Zhenni Wang, Yiying Qian, Yuxing |
author_sort | Ni, Zhenni |
collection | PubMed |
description | BACKGROUND: With the development of mobile health (mHealth), chronic disease management apps have brought not only the possibility of reducing the burden of chronic diseases but also huge privacy risks to patients’ health data. OBJECTIVE: The purpose of the study was to analyze the extent to which chronic disease management apps in China comply with the Personal Information Security Specification (PI Specification). METHODS: The compliance of 45 popular chronic disease management apps was evaluated from the perspective of the information life cycle. To conduct a fine-grained evaluation, a scale based on the PI Specification was developed. Finally, 6 level 1 indicators, 22 level 2 indicators, and 61 level 3 indicators were defined. RESULTS: There were 33/45 apps (73%) with a privacy policy, and the average score of these apps was 40.4 out of 100. Items of level 1 indicators with high scores included general characteristics (mean 51.9% [SD 28.1%]), information collection and use (mean 51.1% [SD 36.7%]), and information sharing and transfer (mean 50.3% [SD 33.5%]). Information storage and protection had the lowest compliance with PI Specification (mean 29.4% [SD 32.4%]). Few personal information (PI) controllers have stated how to handle security incidents, including security incident reporting (7/33, 21%), security incident notification (10/33, 30%), and commitment to bear corresponding legal responsibility for PI security incidents (1/33, 3%). The performance of apps in the stage of information destruction (mean 31.8% [SD 40.0%]) was poor, and only 21% (7/33) apps would notify third parties to promptly delete PI after individuals cancelled their accounts. Moreover, the scoring rate for rights of PI subjects is generally low (mean 31.2% [SD 35.5%]), especially for obtaining copies of PI (15%) and responding to requests (25%). CONCLUSIONS: Although most chronic disease management apps had a privacy policy, the total compliance rate of the policy content was low, especially in the stage of information storage and protection. Thus, the field has a long way to go with regard to compliance around personal privacy protection in China. |
format | Online Article Text |
id | pubmed-7878107 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2021 |
publisher | JMIR Publications |
record_format | MEDLINE/PubMed |
spelling | pubmed-78781072021-02-23 Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation Ni, Zhenni Wang, Yiying Qian, Yuxing JMIR Mhealth Uhealth Original Paper BACKGROUND: With the development of mobile health (mHealth), chronic disease management apps have brought not only the possibility of reducing the burden of chronic diseases but also huge privacy risks to patients’ health data. OBJECTIVE: The purpose of the study was to analyze the extent to which chronic disease management apps in China comply with the Personal Information Security Specification (PI Specification). METHODS: The compliance of 45 popular chronic disease management apps was evaluated from the perspective of the information life cycle. To conduct a fine-grained evaluation, a scale based on the PI Specification was developed. Finally, 6 level 1 indicators, 22 level 2 indicators, and 61 level 3 indicators were defined. RESULTS: There were 33/45 apps (73%) with a privacy policy, and the average score of these apps was 40.4 out of 100. Items of level 1 indicators with high scores included general characteristics (mean 51.9% [SD 28.1%]), information collection and use (mean 51.1% [SD 36.7%]), and information sharing and transfer (mean 50.3% [SD 33.5%]). Information storage and protection had the lowest compliance with PI Specification (mean 29.4% [SD 32.4%]). Few personal information (PI) controllers have stated how to handle security incidents, including security incident reporting (7/33, 21%), security incident notification (10/33, 30%), and commitment to bear corresponding legal responsibility for PI security incidents (1/33, 3%). The performance of apps in the stage of information destruction (mean 31.8% [SD 40.0%]) was poor, and only 21% (7/33) apps would notify third parties to promptly delete PI after individuals cancelled their accounts. Moreover, the scoring rate for rights of PI subjects is generally low (mean 31.2% [SD 35.5%]), especially for obtaining copies of PI (15%) and responding to requests (25%). CONCLUSIONS: Although most chronic disease management apps had a privacy policy, the total compliance rate of the policy content was low, especially in the stage of information storage and protection. Thus, the field has a long way to go with regard to compliance around personal privacy protection in China. JMIR Publications 2021-01-28 /pmc/articles/PMC7878107/ /pubmed/33507159 http://dx.doi.org/10.2196/23409 Text en ©Zhenni Ni, Yiying Wang, Yuxing Qian. Originally published in JMIR mHealth and uHealth (http://mhealth.jmir.org), 28.01.2021. https://creativecommons.org/licenses/by/4.0/ This is an open-access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in JMIR mHealth and uHealth, is properly cited. The complete bibliographic information, a link to the original publication on http://mhealth.jmir.org/, as well as this copyright and license information must be included. |
spellingShingle | Original Paper Ni, Zhenni Wang, Yiying Qian, Yuxing Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation |
title | Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation |
title_full | Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation |
title_fullStr | Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation |
title_full_unstemmed | Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation |
title_short | Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation |
title_sort | privacy policy compliance of chronic disease management apps in china: scale development and content evaluation |
topic | Original Paper |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7878107/ https://www.ncbi.nlm.nih.gov/pubmed/33507159 http://dx.doi.org/10.2196/23409 |
work_keys_str_mv | AT nizhenni privacypolicycomplianceofchronicdiseasemanagementappsinchinascaledevelopmentandcontentevaluation AT wangyiying privacypolicycomplianceofchronicdiseasemanagementappsinchinascaledevelopmentandcontentevaluation AT qianyuxing privacypolicycomplianceofchronicdiseasemanagementappsinchinascaledevelopmentandcontentevaluation |