Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study

Rita Rezaee; Mahboobeh Khashayar; Saeed Saeedinezhad; Mahdi Nasiri; Sahar Zare

doi:10.2196/39055

JMIR mHealth and uHealth (Mar 2023)

Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study

Rita Rezaee,
Mahboobeh Khashayar,
Saeed Saeedinezhad,
Mahdi Nasiri,
Sahar Zare

Affiliations

Rita Rezaee: ORCiD
Mahboobeh Khashayar: ORCiD
Saeed Saeedinezhad: ORCiD
Mahdi Nasiri: ORCiD
Sahar Zare: ORCiD

DOI: https://doi.org/10.2196/39055
Journal volume & issue: Vol. 11
p. e39055

Abstract

Read online

BackgroundDespite the importance of the privacy and confidentiality of patients’ information, mobile health (mHealth) apps can raise the risk of violating users’ privacy and confidentiality. Research has shown that many apps provide an insecure infrastructure and that security is not a priority for developers. ObjectiveThis study aims to develop and validate a comprehensive tool to be considered by developers for assessing the security and privacy of mHealth apps. MethodsA literature search was performed to identify papers on app development, and those papers reporting criteria for the security and privacy of mHealth were assessed. The criteria were extracted using content analysis and presented to experts. An expert panel was held for determining the categories and subcategories of the criteria according to meaning, repetition, and overlap; impact scores were also measured. Quantitative and qualitative methods were used for validating the criteria. The validity and reliability of the instrument were calculated to present an assessment instrument. ResultsThe search strategy identified 8190 papers, of which 33 (0.4%) were deemed eligible. A total of 218 criteria were extracted based on the literature search; of these, 119 (54.6%) criteria were removed as duplicates and 10 (4.6%) were deemed irrelevant to the security or privacy of mHealth apps. The remaining 89 (40.8%) criteria were presented to the expert panel. After calculating impact scores, the content validity ratio (CVR), and the content validity index (CVI), 63 (70.8%) criteria were confirmed. The mean CVR and CVI of the instrument were 0.72 and 0.86, respectively. The criteria were grouped into 8 categories: authentication and authorization, access management, security, data storage, integrity, encryption and decryption, privacy, and privacy policy content. ConclusionsThe proposed comprehensive criteria can be used as a guide for app designers, developers, and even researchers. The criteria and the countermeasures presented in this study can be considered to improve the privacy and security of mHealth apps before releasing the apps into the market. Regulators are recommended to consider an established standard using such criteria for the accreditation process, since the available self-certification of developers is not reliable enough.

Published in JMIR mHealth and uHealth

ISSN: 2291-5222 (Online)
Publisher: JMIR Publications
Country of publisher: Canada
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology; Medicine: Public aspects of medicine
Website: https://mhealth.jmir.org

About the journal