Medical Information Protection in Internet Hospital Apps in China: Scale Development and Content Analysis.

BACKGROUND: Hospital apps are increasingly being adopted in many countries, especially since the start of the COVID-19 pandemic. Web-based hospitals can provide valuable medical services and enhanced accessibility. However, increasing concerns about personal information (PI) and strict legal compliance requirements necessitate privacy assessments for these platforms. Guided by the theory of contextual integrity, this study investigates the regulatory compliance of privacy policies for internet hospital apps in the mainland of China. OBJECTIVE: In this paper, we aim to evaluate the regulatory compliance of privacy policies of internet hospital apps in the mainland of China and offer recommendations for improvement. METHODS: We obtained 59 internet hospital apps on November 7, 2023, and reviewed 52 privacy policies available between November 8 and 23, 2023. We developed a 3-level indicator scale based on the information processing activities, as stipulated in relevant regulations. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 70 level-3 indicators. RESULTS: The mean compliance score of the 52 assessed apps was 73/100 (SD 22.4%), revealing a varied spectrum of compliance. Sensitive PI protection compliance (mean 73.9%, SD 24.2%) lagged behind general PI protection (mean 90.4%, SD 14.7%), with only 12 apps requiring separate consent for processing sensitive PI (mean 73.9%, SD 24.2%). Although most apps (n=41, 79%) committed to supervising subcontractors, only a quarter (n=13, 25%) required users' explicit consent for subcontracting activities. Concerning PI storage security (mean 71.2%, SD 29.3%) and incident management (mean 71.8%, SD 36.6%), half of the assessed apps (n=27, 52%) committed to bear corresponding legal responsibility, whereas fewer than half (n=24, 46%) specified the security level obtained. Most privacy policies stated the PI retention period (n=40, 77%) and instances of PI deletion or anonymization (n=41, 79%), but fewer (n=20, 38.5%) committed to prompt third-party PI deletion. Most apps delineated various individual rights, but only a fraction addressed the rights to obtain copies (n=22, 42%) or to refuse advertisement based on automated decision-making (n=13, 25%). Significant deficiencies remained in regular compliance audits (mean 11.5%, SD 37.8%), impact assessments (mean 13.5%, SD 15.2%), and PI officer disclosure (mean 48.1%, SD 49.3%). CONCLUSIONS: Our analysis revealed both strengths and significant shortcomings in the compliance of internet hospital apps' privacy policies with relevant regulations. As China continues to implement internet hospital apps, it should ensure the informed consent of users for PI processing activities, enhance compliance levels of relevant privacy policies, and fortify PI protection enforcement across the information processing stages.

Seguridad de dispositivos móviles y aplicaciones en función de la educación en tiempos de COVID-19 / Security of mobile devices and applications as a function of education in times of COVID-19

Introducción: En tiempos de COVID-19 constituye una necesidad utilizar dispositivos y aplicaciones móviles para el desarrollo del proceso docente-educativo en la Universidad de Ciencias Médicas de Sancti Spíritus, sin descuidar elementos de seguridad que permiten garantizar la preservación de la confidencialidad de los datos personales de estudiantes y profesores. Objetivo: Identificar el estado de preparación inicial de estudiantes y profesores de la carrera Licenciatura en Sistemas de Información en Salud, en temas orientados a la seguridad de dispositivos y aplicaciones móviles en función de la educación. Métodos: Estudio exploratorio realizado en los cursos académicos 2019-2020 y 2020-2021. Se trabajó con una muestra probabilística de 50 estudiantes y profesores. Se emplearon métodos teóricos, empíricos y estadístico-matemático. Se estructuró la variable dependiente en tres dimensiones y seis indicadores, y se definieron las fuentes de información y los principios éticos. Resultados: Se identificaron los conocimientos teórico-prácticos de estudiantes y profesores en seguridad de dispositivos y aplicaciones móviles en función de la educación; adicionalmente, la actitud y motivación que manifestaron en cuanto al uso de métodos técnicos de seguridad y superación. Conclusiones: Existen insuficientes métodos de seguridad técnica en dispositivos y aplicaciones móviles, y falta de cultura tecnológica orientada al uso de las redes de la Empresa de Telecomunicaciones de Cuba para el acceso a internet; de ahí la importancia de proteger los datos personales almacenados en dispositivos y aplicaciones móviles. Asimismo, desconocimiento de avisos y políticas de privacidad de las aplicaciones móviles, e insuficientes acciones formativas orientadas al uso correcto de las aplicaciones y la protección de los datos personales(AU)

Introduction: In times of COVID-19 it constitutes a necessity to use mobile devices and applications for the development of the teaching-educational process at the University of Medical Sciences of Sancti Spíritus, without neglecting security elements that allow guaranteeing the preservation of the confidentiality of personal data of students and teachers. Objective: To identify the state of initial preparation of students and teachers of the Bachelor's Degree in Health Information Systems, in topics oriented to the security of mobile devices and applications in terms of education. Methods: Exploratory study conducted in the academic years 2019-2020 and 2020-2021. We worked with a probability sample of 50 students and teachers. Theoretical, empirical and statistical-mathematical methods were used. The dependent variable was structured in three dimensions and six indicators, and the sources of information and ethical principles were defined. Results: Theoretical-practical knowledge of students and teachers in security of mobile devices and applications as a function of education was identified; additionally, the attitude and motivation they manifested regarding the use of technical methods of security and self-improvement. Conclusions: There are insufficient technical security methods in mobile devices and applications, and lack of technological culture oriented to the use of the networks of the Cuban Telecommunications Company for Internet access; hence the importance of protecting personal data stored in mobile devices and applications. Likewise, lack of knowledge of privacy notices and policies of mobile applications, and insufficient training actions oriented to the correct use of applications and the protection of personal data(AU)

Medical app minefield: radiologists use of medical apps for education and reporting and do they require regulation?

AIM: To evaluate the use of apps in radiology and consider advised changes to practice. MATERIALS AND METHODS: A survey was conducted of all radiology consultants and specialty trainees within Devon and Cornwall. The responses were collated, including the list of all medical applications used. These were assessed using the Medicine & Healthcare Products Regulatory Agency (MHRA) "Medical device stand-alone software including apps" guidance. RESULTS: The response rate was 88/150 (59%) radiologists who responded with the majority 48/88 (54.4%) using apps. Forty-four of 66 (67%) states that they did not assess the reliability or accuracy of these devices prior to use with 71/81 (88%) indicating that they were unaware of any regulations. Thirty-three items were identified of which 27 functioning apps were identified and three of these were considered medical devices and did not have complete and recognisable CE marking as required by the MHRA. CONCLUSION: This study highlights that application use is widespread. The vast majority of these applications are not considered medical devices; however, there are some devices that, according to the MHRA flow chart, are used in a way that classifies them as medical devices and should therefore be CE marked. This highlights the need for guidance and regulation of the medical application market with recommendations provided.

AI-based smartphone apps for risk assessment of skin cancer need more evaluation and better regulation.

Smartphone applications ("apps") with artificial intelligence (AI) algorithms are increasingly used in healthcare. Widespread adoption of these apps must be supported by a robust evidence-base and app manufacturers' claims appropriately regulated. Current CE marking assessment processes inadequately protect the public against the risks created by using smartphone diagnostic apps.

Inherent privacy limitations of decentralized contact tracing apps.

Recently, there have been many efforts to use mobile apps as an aid in contact tracing to control the spread of the SARS-CoV-2 (severe acute respiratory syndrome coronavirus 2) (COVID-19 [coronavirus disease 2019]) pandemic. However, although many apps aim to protect individual privacy, the very nature of contact tracing must reveal some otherwise protected personal information. Digital contact tracing has endemic privacy risks that cannot be removed by technological means, and which may require legal or economic solutions. In this brief communication, we discuss a few of these inherent privacy limitations of any decentralized automatic contact tracing system.

[Apps in healthcare, what do I need to know?] / Apps in de zorg: wat moet ik weten?

During the current coronacrisis, there is an increasing call for the use of corona-apps. Meanwhile, discussions are increasing about the safety and privacy of our patients, and whether these can be guaranteed when using e-health apps. Though this topic has been relevant for a while, the global corona discussion gives it the attention it should always receive. Healthcare professionals are often unaware of specific rules and regulations regarding the development and use of e-health applications. When does a mobile app qualify as a medical device? What requirements need to be fulfilled before an app can safely be used in patient care? This article provides an overview of important steps in the development of e-health apps. The article describes where to start and which rules and regulations to follow. The provided descriptions are not only important in the development and implementation of corona-apps, but in the use of all e-health apps.

APPlying knowledge: evidence for and regulation of mobile apps for dermatologists.

Although the complexity of health-related applications (apps) has evolved, they have not been adequately regulated or monitored for quality. We review the primary literature behind and regulation of apps that impact dermatologists, with a focus on the 3 most prevalent dermatology-related apps used by dermatology residents in the United States: VisualDx, UpToDate, and Mohs Surgery Appropriate Use Criteria. These apps are widely utilized but have not undergone approval by the 3 main government agencies responsible for regulating mobile medical apps: the US Food and Drug Administration (FDA), Federal Trade Commission, and Office for Civil Rights. Health-related apps that target providers can be a valuable tool, but given their potential impact on human lives, they should be well regulated and evidence based. It is important that apps designed to assist in health care delivery are appropriately monitored and that physicians are aware of the rigor of review of the apps that they choose to use in clinical practice.

Developments in Privacy and Data Ownership in Mobile Health Technologies, 2016-2019.

OBJECTIVES: To survey international regulatory frameworks that serve to protect privacy of personal data as a human right as well as to review the literature regarding privacy protections and data ownership in mobile health (mHealth) technologies between January 1, 2016 and June 1, 2019 in order to identify common themes. METHODS: We performed a review of relevant literature available in English published between January 1, 2016 and June 1, 2019 from databases including PubMed, Google Scholar, and Web of Science, as well as relevant legislative background material. Articles out of scope (as detailed below) were eliminated. We categorized the remaining pool of articles and discrete themes were identified, specifically: concerns around data transmission and storage, including data ownership and the ability to re-identify previously de-identified data; issues with user consent (including the availability of appropriate privacy policies) and access control; and the changing culture and variable global attitudes toward privacy of health data. RESULTS: Recent literature demonstrates that the security of mHealth data storage and transmission remains of wide concern, and aggregated data that were previously considered "de-identified" have now been demonstrated to be re-identifiable. Consumer-informed consent may be lacking with regard to mHealth applications due to the absence of a privacy policy and/or to text that is too complex and lengthy for most users to comprehend. The literature surveyed emphasizes improved access control strategies. This survey also illustrates a wide variety of global user perceptions regarding health data privacy. CONCLUSION: The international regulatory framework that serves to protect privacy of personal data as a human right is diverse. Given the challenges legislators face to keep up with rapidly advancing technology, we introduce the concept of a "healthcare fiduciary" to serve the best interest of data subjects in the current environment.

Data protection during the coronavirus crisis.

Smartphone apps to track SARS-CoV 2 infections need to fulfill certain minimal requirements to guarantee privacy and justify their use under data protection laws.

Guidelines for the use of WhatsApp groups in clinical settings in South Africa.

In everyday clinical practice, healthcare professionals (HCPs) are exposed to large quantities of confidential patient information, and many use WhatsApp groups to share this information. WhatsApp groups provide efficient mechanisms for clinical management advice, decision-making support and peer review. However, most HCPs do not fully understand the legal and ethical implications of sharing content in a WhatsApp group setting, which is often thought to be hosted on a secure platform and therefore removed from public scrutiny. In our paper, we unpack the legal and ethical issues that arise when information is shared in WhatsApp groups. We demonstrate that sharing content in this forum is tantamount to the publication of content; in other words, those who share content are subject to the same legal ramifications as a journalist would be. We also examine the role of the WhatsApp group administrator, who bears an additional legal burden by default, often unknowingly so. We consider the recommendations made by the Health Professions Council of South Africa in their guidelines for the use of social media, and highlight some areas where we feel the guidelines may not adequately protect HCPs from the legal repercussions of sharing content in a WhatsApp group. Finally, we provide a set of guidelines for WhatsApp group users that should be regularly posted onto the group by the relevant group administrator to mitigate some of the legal liabilities that may arise. We also provide guidelines for group administrators.

mHealth Apps: Disruptive Innovation, Regulation, and Trust-A Need for Balance.

mHealth, the use of mobile and wireless technologies in healthcare, and mHealth apps, a subgroup of mHealth, are expected to result in more person-focussed healthcare. These technologies are predicted to make patients more motivated in their own healthcare, reducing the need for intensive medical intervention. Thus, mHealth app technology might lead to a redesign of existing healthcare architecture making the system more efficient, sustainable, and less expensive. As a disruptive innovation, it might destabilise the existing healthcare organisation through a changed role for healthcare professionals with patients accessing care remotely or online. This account coincides with the broader narrative of National Health Service policy-makers, which focusses on personalised healthcare and greater patient responsibility with the potential for significant cost reductions. The article proposes that while the concept of mHealth apps as a disruptive technology and the narrative of personalisation and responsibilisation might support a transformation of the healthcare system and a reduction of costs, both are dependent on patient trust in the safety and security of the new technology. Forcing trust in this field may only be achieved with the application of traditional and other regulatory mechanisms and with this comes the risk of reducing the effect of the technology's disruptive potential.

Privacy and Security Issues with Mobile Health Research Applications.

This article examines the privacy and security issues associated with mobile application-mediated health research, concentrating in particular on research conducted or participated in by independent scientists, citizen scientists, and patient researchers. Building on other articles in this issue that examine state research laws and state data protection laws as possible sources of privacy and security protections for mobile research participants, this article focuses on the lack of application of federal standards to mobile application-mediated health research. As discussed in more detail below, the voluminous and diverse data collected by some independent scientists who use mobile applications to conduct health research may be at risk for unregulated privacy and security breaches, leading to dignitary, psychological, and economic harms for which participants have few legally enforceable rights or remedies under current federal law. Federal lawmakers may wish to consider enacting new legislation that would require otherwise unregulated health data holders to implement reasonable data privacy, security, and breach notification measures.

Mobile Research Applications and State Data Protection Statutes.

This article focuses on state privacy, security, and data breach regulation of mobile-app mediated health research, concentrating in particular on research studies conducted or participated in by independent scientists, citizen scientists, and patient researchers. Prior scholarship addressing these issues tends to focus on the lack of application of the HIPAA Privacy and Security Rules and other sources of federal regulation. One article, however, mentions state law as a possible source of privacy and security protections for individuals in the particular context of mobile app-mediated health research. This Article builds on this prior scholarship by: (1) assessing state data protection statutes that are potentially applicable to mobile app-mediated health researchers; and (2) suggesting statutory amendments that could better protect the privacy and security of mobile health research data. As discussed in more detail below, all fifty states and the District of Columbia have potentially applicable data breach notification statutes that require the notification of data subjects of certain informational breaches in certain contexts. In addition, more than two-thirds of jurisdictions have potentially applicable data security statutes and almost one-third of jurisdictions have potentially applicable data privacy statutes. Because all jurisdictions have data breach notification statutes, these statutes will be assessed first.

Mobile Research Applications and State Research Laws.

This article assesses the protections provided by state research laws for participants in mobile application (mobile app) mediated health research conducted by independent scientists, citizen scientists, and patient researchers. Prior scholarship in this area focuses on the lack of application of: (1) federal regulations governing research conducted or funded by one of sixteen signatory federal departments and agencies (the Common Rule); and (2) separate federal regulations promulgated by the Food and Drug Administration applicable to research conducted in anticipation of a submission to the FDA for approval of a drug or medical device. This article builds on this prior scholarship by carefully examining state research laws and suggesting ways in which these laws could be improved to better protect participants of mobile appmediated research conducted by independent scientists, citizen scientists, and patient researchers.

The Federal Trade Commission and Consumer Protections for Mobile Health Apps.

The Federal Trade Commission (FTC) has an important role to play in the governmental oversight of mobile health apps, ensuring consumer protections from unfair and deceptive trade practices and curtailing anti-competitive methods. The FTC's consumer protection structure and authority is outlined before reviewing the recent FTC enforcement activities taken on behalf of consumers and against developers of mhealth apps. The article concludes with identification of some challenges for the FTC and modest recommendations for strengthening the consumer protections it provides.