Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Dec 7, 2020
Date Accepted: May 4, 2021
Privacy practices of health information technologies: privacy policy risk assessment study and proposed guidelines
ABSTRACT
Background:
Along with the proliferation of health information technologies (HITs) comes a growing need to understand the potential privacy risks associated with using such tools. Whilst privacy policies are designed to inform consumers, such policies have consistently been found to be confusing and to lack transparency.
Objective:
This paper aims to: 1) present consumer preferences for accessing privacy information; 2) develop and apply a Privacy Policy Risk Assessment Tool to assess whether existing HITs are meeting recommended privacy policy standards; and 3) propose guidelines to assist health professionals and service providers to understand the privacy risks associated with HITs so that they can confidently promote their safe use as part of care.
Methods:
In Phase 1, participatory design workshops were conducted with young people attending a participating headspace centre and their supportive others as well as health professionals and service providers from the centres. Findings were knowledge translated and prototypes created exemplifying participant preferences for the presentation of privacy information. Phase 2 included the development of the 23-item Privacy Policy Risk Assessment Tool which incorporated material from international privacy literature and standards. This tool was then used to assess the privacy policies of 34 apps and e-tools. In Phase 3, privacy guidelines were developed to assist health professionals and service providers understand privacy risks associated with incorporating HITs as part of clinical care.
Results:
When considering the use of HITs, the participatory design workshop participants indicated that they wanted privacy information to be easily accessible, transparent and user-friendly, enabling them to clearly understand what personal and health information will be collected and how this data will be shared and/or stored. The privacy policy review revealed consistently poor readability and transparency, limiting the utility of these documents as a source of information. Therefore, to enable informed consent, the privacy guidelines provided ensure health professionals and consumers are fully aware of the potential for privacy risks in the use of HITs to support health and wellbeing.
Conclusions:
A lack of transparency in privacy policies has the potential to undermine consumers’ ability to trust that the necessary measures are in place to secure and protect the privacy of their personal and health information, thus precluding their willingness to engage with HITs. Application of the privacy guidelines will improve the confidence of health professionals and service providers in the privacy of consumer data, thus enabling them to recommend HITs to enable or support care.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.