Accepted for/Published in: JMIR mHealth and uHealth
Date Submitted: Apr 27, 2022
Date Accepted: Sep 21, 2022
Mobile Health Privacy and Security: Critical Criteria and Countermeasures for Mobile Health Developers: A Mixed Method Study
ABSTRACT
Background:
Despite the importance of patients’ privacy and confidentiality of information, Mobile Health (mhealth) applications can raise the risk of violating users’ privacy and confidentiality. It is shown that many apps provide an insecure infrastructure and security has not been a priority for the developers.
Objective:
This study aimed to develop and validate a comprehensive tool for assessing the security and privacy of mHealth apps to be considered by developers.
Methods:
A literature search was performed to identify papers on app development and assessment or those papers reporting criteria for security and privacy of mHealth. The criteria were extracted using content analysis and presented to experts. Expert panels were held for determining the categories and subcategories of criteria according to meaning, repetition, and overlap; impact scores were also measured. Quantitative and qualitative methods were used for validating the criteria. The validity and reliability of the instrument were calculated to present an assessment instrument.
Results:
The search strategy identified 8190 articles of which 33 were deemed eligible. A total of 218 criteria were extracted based on the literature search; 119 were removed as duplicates and 10 were deemed irrelevant to security or privacy of mhealth apps. The remaining 89 criteria were presented to the expert panels. After calculating impact scores, Content Validity Ratio (CVR) and Content Validity Index (CVI) 63 criteria were confirmed. The mean CVR and CVI of the instrument was 0.72 and 0.86 respectively. The criteria were grouped into “authentication & authorization”, “access management”, “security”, “data storage”, “integrity”, “encryption & decryption”, “privacy”, and “privacy policy content”.
Conclusions:
The proposed comprehensive criteria can be used as a guide for app designers, developers, and even researchers. The criteria and the countermeasures presented in this study can be considered to improve the privacy and security of mHealth apps before releasing them into the market. Regulators are recommended to consider an established standard using such criteria for accreditation process since the available self-certification of developers are not reliable enough. Clinical Trial: not applicable
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.