Tobias Dehling

Availability and quality of mobile health app privacy policies

Mobile health (mHealth) customers shopping for applications (apps) should be aware of app privacy practices so they can make informed decisions about purchase and use. We sought to assess the availability, scope, and transparency of mHealth app privacy policies on iOS and Android. Over 35,000 mHealth apps are available for iOS and Android. Of the 600 most commonly used apps, only 183 (30.5%) had privacy policies. Average policy length was 1755 (SD 1301) words with a reading grade level of 16 (SD 2.9). Two thirds (66.1%) of privacy policies did not specifically address the app itself. Our findings show that currently mHealth developers often fail to provide app privacy policies. The privacy policies that are available do not make information privacy practices transparent to users, require college-level literacy, and are often not focused on the app itself. Further research is warranted to address why privacy policies are often absent, opaque, or irrelevant, and to find a remedy.

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android.

Background Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Conclusions Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements.

Secure provision of patient-centered health information technology services in public networks—leveraging security and privacy features provided by the German nationwide health information technology infrastructure

Patient-centered health information technology services (PHS) provide personalized electronic health services to patients. Since provision of PHS entails handling sensitive medical information, a special focus on information security and privacy aspects is required. We present information security and privacy requirements for PHS and examine how security features of large-scale, inter-organizational health information technology networks, like the German health information technology infrastructure (HTI), can be used for ensuring information security and privacy of PHS. Moreover, we illustrate additional security measures that complement the HTI security measures and introduce a guideline for provision of PHS while ensuring information security and privacy. Our elaborations lead to the conclusion that security features of health information technology networks can be used to create a solid foundation for protecting information security and privacy in patient-centered health information technology services offered in public networks like the Internet.

How Do Patients Expect Apps to Provide Drug Information

Patients use various sources to obtain information on pharmaceutical drugs they take. Mobile health care applications (apps) providing drug information to users are increasingly made available and of in-creasing importance for the health care domain. However, apps usually only offer functionality that medical professionals or developers consider useful for patients, although their expectations are not likely to meet patient expectations. In our mixed methods study, we identify 33 features patients expect in apps for drug information provision with interviews and empirically assess their perceived importance in an online survey. Results indicate that patients desire personalization features for provided information but not for the app interface. This work contributes to research and practice by identifying and empirically ranking drug information provision features patients find important. We furthermore establish a foundation for future research on effective mobile drug information provision and provide insights for practice on development of patient-centered mobile health apps.

An Information Privacy Risk Index for mHealth Apps

While the mobile application (app) market, including mobile health (mHealth) apps, is flourishing, communication and assessment of information privacy risks of app use has, in contrast, found only cursory attention. Neither research nor practice offers any useful and widely accepted tools facilitating communication and assessment of information privacy risks. We conduct a feasibility study and develop a prototypical instantiation of an information privacy risk index for mHealth apps. The developed information privacy risk index offers more detailed information than privacy seals without suffering from the information overload and inconsistent structure of privacy policies. In addition, the information privacy risk index allows for seamless comparison of information privacy risk factors between apps. Our research adds to the transparency debate in the information privacy domain by illustrating an alternative approach to communication of information privacy risks and investigating a promising approach to enable users to compare information privacy risks between apps.

Verbraucherorientierter Datenschutz: Identifizierung von Verbraucherarchetypen zur effektiven Kommunikation von Datenschutzpraktiken

Datenschutzkommunikation wird nur dann funktionieren, wenn die Informationsbedürfnisse der Verbraucher, die weder statisch noch einheitlich sind, adressiert werden. Ein vielversprechender, praktisch realisierbarer Ansatz ist es, die Kommunikation an Verbraucherarchetypen anzupassen. Diese Studie identifiziert die verschiedenen Archetypen basierend auf einer Webumfrage. Die identifizierten Archetypen liefern eine solide Grundlage für die Verwirklichung funktionierender Datenschutzkommunikation. Dieser Beitrag erscheint unter der Creative-Commons-Lizenz: Namensnennung 3.0 Deutschland | CC BY 3.0 DE Kurzform | http://creativecommons.org/licenses/by/3.0/de/ Lizenztext | http://creativecommons.org/licenses/by/3.0/de/legalcode 164 Ali Sunyaev, Tobias Dehling und Manuel Schmidt-Kraepelin

German Health IT Infrastructure: A Large-Scale Network Alleviating Challenges in Health IT Development

A central health information technology infrastructure (HTI) can alleviate software engineering challenges in health care by serving as a central hub for health care applications and stakeholders. We shortly introduce establishment process of as well as information and services provided by the German HTI to encourage putting the inclusion of HTI features in health IT software engineering projects under consideration and to offer an insight into one of the largest health IT projects in the world.