Project description:BackgroundPrivacy has always been a concern, especially in the health domain. The proliferation of mobile health (mHealth) apps has led to a large amount of sensitive data being generated. Some authors have performed privacy assessments of mHealth apps. They have evaluated diverse privacy components; however, different authors have used different criteria for their assessments.ObjectiveThis scoping review aims to understand how privacy is assessed for mHealth apps, focusing on the components, scales, criteria, and scoring methods used. A simple taxonomy to categorize the privacy assessments of mHealth apps based on component evaluation is also proposed.MethodsWe followed the methodology defined by Arksey and O'Malley to conduct a scoping review. Included studies were categorized based on the privacy component, which was assessed using the proposed taxonomy.ResultsThe database searches retrieved a total of 710 citations-24 of them met the defined selection criteria, and data were extracted from them. Even though the inclusion criteria considered articles published since 2009, all the studies that were ultimately included were published from 2014 onward. Although 12 papers out of 24 (50%) analyzed only privacy, 8 (33%) analyzed both privacy and security. Moreover, 4 papers (17%) analyzed full apps, with privacy being just part of the assessment. The evaluation criteria used by authors were heterogeneous and were based on their experience, the literature, and/or existing legal frameworks. Regarding the set of items used for the assessments, each article defined a different one. Items included app permissions, analysis of the destination, analysis of the content of communications, study of the privacy policy, use of remote storage, and existence of a password to access the app, among many others. Most of the included studies provided a scoring method that enables the comparison of privacy among apps.ConclusionsThe privacy assessment of mHealth apps is a complex task, as the criteria used by different authors for their evaluations are very heterogeneous. Although some studies about privacy assessment have been conducted, a very large set of items to evaluate privacy has been used up until now. In-app information and privacy policies are primarily utilized by the scientific community to extract privacy information from mHealth apps. The creation of a scale based on more objective criteria is a desirable step forward for privacy assessment in the future.

Project description:ObjectiveMany healthcare organizations follow data protection policies that specify which patient identifiers must be suppressed to share "de-identified" records. Such policies, however, are often applied without knowledge of the risk of "re-identification". The goals of this work are: (1) to estimate re-identification risk for data sharing policies of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule; and (2) to evaluate the risk of a specific re-identification attack using voter registration lists.MeasurementsWe define several risk metrics: (1) expected number of re-identifications; (2) estimated proportion of a population in a group of size g or less, and (3) monetary cost per re-identification. For each US state, we estimate the risk posed to hypothetical datasets, protected by the HIPAA Safe Harbor and Limited Dataset policies by an attacker with full knowledge of patient identifiers and with limited knowledge in the form of voter registries.ResultsThe percentage of a state's population estimated to be vulnerable to unique re-identification (ie, g=1) when protected via Safe Harbor and Limited Datasets ranges from 0.01% to 0.25% and 10% to 60%, respectively. In the voter attack, this number drops for many states, and for some states is 0%, due to the variable availability of voter registries in the real world. We also find that re-identification cost ranges from $0 to $17,000, further confirming risk variability.ConclusionsThis work illustrates that blanket protection policies, such as Safe Harbor, leave different organizations vulnerable to re-identification at different rates. It provides justification for locally performed re-identification risk estimates prior to sharing data.

Project description:BackgroundCancer patients are increasingly using mobile health (mHealth) apps to take control of their health. Many studies have explored their efficiency, content, usability, and adherence; however, these apps have created a new set of privacy challenges, as they store personal and sensitive data.ObjectiveThe purpose of this study was to refine and evaluate a scale based on the General Data Protection Regulation and assess the fairness of privacy policies of mHealth apps.MethodsBased on the experience gained from our previous work, we redefined some of the items and scores of our privacy scale. Using the new version of our scale, we conducted a case study in which we analyzed the privacy policies of cancer Android apps. A systematic search of cancer mobile apps was performed in the Spanish version of the Google Play website.ResultsThe redefinition of certain items reduced discrepancies between reviewers. Thus, use of the scale was made easier, not only for the reviewers but also for any other potential users of our scale. Assessment of the privacy policies revealed that 29% (9/31) of the apps included in the study did not have a privacy policy, 32% (10/31) had a score over 50 out of a maximum of 100 points, and 39% (12/31) scored fewer than 50 points.ConclusionsIn this paper, we present a scale for the assessment of mHealth apps that is an improved version of our previous scale with adjusted scores. The results showed a lack of fairness in the mHealth app privacy policies that we examined, and the scale provides developers with a tool to evaluate their privacy policies.

Project description:BackgroundMobile health has become a major vehicle of support for people living with diabetes. Accordingly, the availability of mobile apps for diabetes has been steadily increasing. Most of the previous reviews of diabetes apps have focused on the apps' features and their alignment with clinical guidelines. However, there is a lack of knowledge on the actual compliance of diabetes apps with privacy and data security guidelines.ObjectiveThe aim of this study was to assess the levels of privacy of mobile apps for diabetes to contribute to the raising of awareness of privacy issues for app users, developers, and governmental data protection regulators.MethodsWe developed a semiautomatic app search module capable of retrieving Android apps' privacy-related information, particularly the dangerous permissions required by apps, with the aim of analyzing privacy aspects related to diabetes apps. Following the research selection criteria, the original 882 apps were narrowed down to 497 apps that were included in the analysis.ResultsApproximately 60% of the analyzed diabetes apps requested potentially dangerous permissions, which pose a significant risk to users' data privacy. In addition, 28.4% (141/497) of the apps did not provide a website for their privacy policy. Moreover, it was found that 40.0% (199/497) of the apps contained advertising, and some apps that claimed not to contain advertisements actually did. Ninety-five percent of the apps were free, and those belonging to the "medical" and "health and fitness" categories were the most popular. However, app users do not always realize that the free apps' business model is largely based on advertising and, consequently, on sharing or selling their private data, either directly or indirectly, to unknown third parties.ConclusionsThe aforementioned findings confirm the necessity of educating patients and health care providers and raising their awareness regarding the privacy aspects of diabetes apps. Therefore, this research recommends properly and comprehensively training users, ensuring that governments and regulatory bodies enforce strict data protection laws, devising much tougher security policies and protocols in Android and in the Google Play Store, and implicating and supervising all stakeholders in the apps' development process.

Project description:PurposeGrowing use of electronic health information increases opportunities to build population cancer databases for research and care delivery. Understanding patient views on reuse of health information is essential to shape privacy policies and build trust in these initiatives.MethodsWe randomly assigned nationally representative participants (N = 3,336) with and without prior cancer to six of 18 scenarios describing different uses of electronic health information. The scenarios varied the user, use, and sensitivity of the information. Participants rated each scenario on a scale of 1 to 10 assessing their willingness to share their electronic health information. We used conjoint analysis to measure the relative importance of each attribute (ie, use, user, and sensitivity).ResultsParticipants with and without a prior diagnosis of cancer had a similar willingness to share health information (0.27; P = .42). Both cancer and noncancer participants rated the purpose of information use as the most important factor (importance weights, 67.1% and 45.6%, respectively). For cancer participants, the sensitivity of the information was more important (importance weights, 29.8% v 1.2%). However, cancer participants were more willing to share their health information when the information included more sensitive genetic information (0.48; P = .015). Cancer and noncancer respondents rated uses and users similarly.ConclusionThe information sharing preferences of participants with and without a prior diagnosis of cancer were driven mainly by the purpose of information reuse. Although conventional thinking suggests patients with cancer might be less willing to share their health information, we found participants with cancer were more willing to share their inherited genetic information.

Project description:BackgroundInternational advances in information communication, eHealth, and other digital health technologies have led to significant expansions in the collection and analysis of personal health data. However, following a series of high-profile data sharing scandals and the emergence of COVID-19, critical exploration of public willingness to share personal health data remains limited, particularly for third-party or secondary uses.ObjectiveThis systematic review aims to explore factors that affect public willingness to share personal health data for third-party or secondary uses.MethodsA systematic search of 6 databases (MEDLINE, Embase, PsycINFO, CINAHL, Scopus, and SocINDEX) was conducted with review findings analyzed using inductive-thematic analysis and synthesized using a narrative approach.ResultsOf the 13,949 papers identified, 135 were included. Factors most commonly identified as a barrier to data sharing from a public perspective included data privacy, security, and management concerns. Other factors found to influence willingness to share personal health data included the type of data being collected (ie, perceived sensitivity); the type of user requesting their data to be shared, including their perceived motivation, profit prioritization, and ability to directly impact patient care; trust in the data user, as well as in associated processes, often established through individual choice and control over what data are shared with whom, when, and for how long, supported by appropriate models of dynamic consent; the presence of a feedback loop; and clearly articulated benefits or issue relevance including valued incentivization and compensation at both an individual and collective or societal level.ConclusionsThere is general, yet conditional public support for sharing personal health data for third-party or secondary use. Clarity, transparency, and individual control over who has access to what data, when, and for how long are widely regarded as essential prerequisites for public data sharing support. Individual levels of control and choice need to operate within the auspices of assured data privacy and security processes, underpinned by dynamic and responsive models of consent that prioritize individual or collective benefits over and above commercial gain. Failure to understand, design, and refine data sharing approaches in response to changeable patient preferences will only jeopardize the tangible benefits of data sharing practices being fully realized.

Project description:BackgroundBehavior change apps have the potential to provide individual support on a population scale at low cost, but they face numerous barriers to implementation. Electronic health records (EHRs) in acute care hospitals provide a valuable resource for identifying patients at risk, who may benefit from behavior change apps. A novel, emerging implementation strategy is to use digital technologies not only for providing support to help-seeking individuals but also for signposting patients at risk to support services (also called proactive referral in the United States).ObjectiveThe OptiMine study aimed to increase the reach of behavior change apps by implementing electronic signposting for smoking cessation and alcohol reduction in a large, at-risk population that was identified through an acute care hospital EHR.MethodsThis 3-phase, mixed methods implementation study assessed the acceptability, feasibility, and reach of electronic signposting to behavior change apps by using a hospital's EHR system to identify patients who are at risk. Phase 1 explored the acceptability of the implementation strategy among the patients and staff through focus groups. Phase 2 investigated the feasibility of using the hospital EHR to identify patients with target risk behaviors and contact them via SMS text message, email, or patient portal. Phase 3 assessed the impact of SMS text messages sent to patients who were identified as smokers or risky drinkers, which signposted them to behavior change apps. The primary outcome was the proportion of participants who clicked on the embedded link in the SMS text message to access information about the apps. The acceptability of the SMS text messages among the patients who had received them was also explored in a web-based survey.ResultsOur electronic signposting strategy-using SMS text messages to promote health behavior change apps to patients at risk-was found to be acceptable and feasible and had good reach. The hospital sent 1526 SMS text messages, signposting patients to either the National Health Service Smokefree or Drink Free Days apps. A total of 13.56% (207/1526) of the patients clicked on the embedded link to the apps, which exceeded our 5% a priori success criterion. Patients and staff contributed to the SMS text message content and delivery approach, which were perceived as acceptable before and after the delivery of the SMS text messages. The feasibility of the SMS text message format was determined and the target population was identified by mining the EHR.ConclusionsThe OptiMine study demonstrated the proof of concept for this novel implementation strategy, which used SMS text messages to signpost at-risk individuals to behavior change apps at scale. The level of reach exceeded our a priori success criterion in a non-help-seeking population of patients receiving unsolicited SMS text messages, disconnected from hospital visits.International registered report identifier (irrid)RR2-10.2196/23669.

Project description:In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

Project description:MotivationRecord Linkage has versatile applications in real-world data analysis contexts, where several datasets need to be linked on the record level in the absence of any exact identifier connecting related records. An example are medical databases of patients, spread across institutions, that have to be linked on personally identifiable entries like name, date of birth or ZIP code. At the same time, privacy laws may prohibit the exchange of this personally identifiable information (PII) across institutional boundaries, ruling out the outsourcing of the record linkage task to a trusted third party. We propose to employ privacy-preserving record linkage (PPRL) techniques that prevent, to various degrees, the leakage of PII while still allowing for the linkage of related records.ResultsWe develop a framework for fault-tolerant PPRL using secure multi-party computation with the medical record keeping software Mainzelliste as the data source. Our solution does not rely on any trusted third party and all PII is guaranteed to not leak under common cryptographic security assumptions. Benchmarks show the feasibility of our approach in realistic networking settings: linkage of a patient record against a database of 10 000 records can be done in 48 s over a heavily delayed (100 ms) network connection, or 3.9 s with a low-latency connection.Availability and implementationThe source code of the sMPC node is freely available on Github at https://github.com/medicalinformatics/SecureEpilinker subject to the AGPLv3 license. The source code of the modified Mainzelliste is available at https://github.com/medicalinformatics/MainzellisteSEL.Supplementary informationSupplementary data are available at Bioinformatics online.

Project description:Objective Trust and accessibility are vital to adoption of health and wellness apps. This research scoped three elements of cognitive accessibility of health app privacy policies: availability, ease of navigation, and readability. Methods For this cross-sectional study, quantitative data collected in the Netherlands, Sweden, and the United Kingdom included: whether privacy information was in a country's official language (availability); number of distracting visual elements (ease of navigation); word count and Common European Framework of Reference (CEFR) reading level (readability). Health app privacy policies were compared to policies from a purposively selected sample of websites, and to benchmarks, including CEFR reading level B1. Results Health app privacy policies were less often available in countries’ official languages compared to sampled websites (Chi-Square [1, 180]  =  57.470, p < 0.001) but contained fewer distracting visual elements. More UK privacy policies were in the country's official language, whereas Swedish privacy policies contained fewest words and fewest potentially distracting design elements. Only one privacy policy met the CEFR reading level benchmark. Conclusions Lack of privacy information in non-Anglophone app-users’ native languages and high reading levels may be major barriers to cognitive accessibility. Web and app developers should consider recommendations arising from this study, to stimulate trust in and adoption of health and wellness apps.