Abstract
BackgroundWith the development of mobile health (mHealth), chronic disease management apps have brought not only the possibility of reducing the burden of chronic diseases but also huge privacy risks to patients’ health data.ObjectiveThe purpose of the study was to analyze the extent to which chronic disease management apps in China comply with the Personal Information Security Specification (PI Specification).MethodsThe compliance of 45 popular chronic disease management apps was evaluated from the perspective of the information life cycle. To conduct a fine-grained evaluation, a scale based on the PI Specification was developed. Finally, 6 level 1 indicators, 22 level 2 indicators, and 61 level 3 indicators were defined.ResultsThere were 33/45 apps (73%) with a privacy policy, and the average score of these apps was 40.4 out of 100. Items of level 1 indicators with high scores included general characteristics (mean 51.9% [SD 28.1%]), information collection and use (mean 51.1% [SD 36.7%]), and information sharing and transfer (mean 50.3% [SD 33.5%]). Information storage and protection had the lowest compliance with PI Specification (mean 29.4% [SD 32.4%]). Few personal information (PI) controllers have stated how to handle security incidents, including security incident reporting (7/33, 21%), security incident notification (10/33, 30%), and commitment to bear corresponding legal responsibility for PI security incidents (1/33, 3%). The performance of apps in the stage of information destruction (mean 31.8% [SD 40.0%]) was poor, and only 21% (7/33) apps would notify third parties to promptly delete PI after individuals cancelled their accounts. Moreover, the scoring rate for rights of PI subjects is generally low (mean 31.2% [SD 35.5%]), especially for obtaining copies of PI (15%) and responding to requests (25%).ConclusionsAlthough most chronic disease management apps had a privacy policy, the total compliance rate of the policy content was low, especially in the stage of information storage and protection. Thus, the field has a long way to go with regard to compliance around personal privacy protection in China.
Highlights
BackgroundChronic diseases, such as diabetes and hypertension, are a major global health issue affecting many countries [1]
This study aimed to evaluate the compliance of privacy policies of chronic disease apps with the personal information (PI) Specification from the perspective of the information life cycle
The comprehensive chronic disease management app referred to providing users with long-term, multifaceted chronic disease prevention and treatment services that were not targeted at specific chronic disease
Summary
BackgroundChronic diseases, such as diabetes and hypertension, are a major global health issue affecting many countries [1]. Different from other types of mHealth apps, such as online registration and online consultation, chronic disease management apps allow individuals to generate large quantities of data about their lifestyle, introducing risks to the security and privacy of patient data. Different from other kinds of disease management, the care of chronic diseases requires patients to regularly track key health indicators. It means that protecting the safety and privacy of personal information (PI) is crucial for chronic disease management apps. Conclusions: most chronic disease management apps had a privacy policy, the total compliance rate of the policy content was low, especially in the stage of information storage and protection.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
