On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps

Part 8: Mobile and Cloud Services SecurityInternational audienceMobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions. In this paper, we examine whether mHealth apps succeed in ensuring the privacy, security, and safety of the health data entrusted to them. We investigate 154 apps from Android app stores using both automatic code and metadata analysis and a manual analysis of functionality and data leakage. Our study focuses on hypertension and diabetes, two common health conditions that require careful tracking of personal health data.We find that many apps do not provide privacy policies or safe communications, are implemented in an insecure fashion, fail basic input validation tests and often have overall low code quality which suggests additional security and safety risks. We conclude with recommendations for App Stores, App developers, and end users

Privacy Risks and Security Threats in mHealth apps

mHealth (Mobile Health) applications (apps) have transformed the doctor-patient relationship. They help users with varied functionalities such as monitoring their health, understanding specific health conditions, consulting doctors online and achieving fitness goals. Whilst these apps provide an option of equitable and convenient access to healthcare, a lot of personal and sensitive data about users is collected, stored and shared to achieve these functionalities. Little is known about the privacy and security concerns these apps address. Based on literature review, this paper identifies the privacy risks and security features for evaluating thirty apps in the Medical category across two app distribution platforms in India namely Google Play and App Store. Factors identified through the review formed a basis of the scoring model which helped to arrive at the ‘Privacy Risk Score’ and ‘Safety Score’ for each app. A comparative analysis of the selected apps was performed by studying their privacy policies. The results indicate that adopting these apps pose a risk. Finally, recommendations are provided to consumers such as examining the app before downloading it, customizing the app settings, and to developers to develop robust and transparent privacy policies

A Proposal for a Robust Validated Weighted General Data Protection Regulation-based Scale to Assess the Quality of Privacy Policies of Mobile Health Applications: an eDelphi Study

Healthcare services are undergoing a digital transformation in which the Participatory Health Informatics field has a key role. Within this field, studies aimed to assess the quality of digital tools, including mHealth apps, are conducted. Privacy is one dimension of the quality of a mHealth app. Privacy consists of several components, including organizational, technical and legal safeguards. Within legal safeguards, giving transparent information to the users on how their data is handled is crucial. This information is usually disclosed to users through the privacy policy document. Assessing the quality of a privacy policy is a complex task and several scales supporting this process have been proposed in the literature. However, these scales are heterogeneous and even not very objective. In our previous study, we proposed a checklist of items guiding the assessment of the quality of a mHealth app privacy policy, based on the General Data Protection Regulation. Objective: To refine the robustness of our General Data Protection Regulation-based privacy scale to assess the quality of a mHealth app privacy policy, to identify new items, and to assign weights for every item in the scale. Methods: A two-round modified eDelphi study was conducted involving a privacy expert panel. Results: After the Delphi process, all the items in the scale were considered „important“ or „very important“ (4 and 5 in a 5-point Likert scale, respectively) by most of the experts. One of the original items was suggested to be reworded, while 8 tentative items were suggested. Only 2 of them were finally added after Round 2. 11 of the 16 items in the scale were considered „very important“ (weight of 1), while the other 5 were considered „important“ (weight of 0.5). Conclusions: The Benjumea privacy scale is a new robust tool to assess the quality of a mHealth app privacy policy, providing a deeper and complementary analysis to other scales that assesses the general quality. Also, this robust scale provides a guideline for the development of high-quality privacy policies of mHealth apps.Universidad de Sevilla and the Ministerio de Universidades of the Spanish Government under the Requalification of Spanish University System Program funded by European Union –NextGenerationEUCátedra de Telefónica “Inteligencia en la red“ of the Universidad de SevillaCátedra Indra “Sociedad Digital” of the Universidad de Sevill

Privacy in publicly accessible healthcare applications

The industry of mobile healthcare applications is expanding day by day, so it is important to increase concern about the protection of sensitive health information. Unfortunately, the market consists of many healthcare applications that do not protect data well enough and are not in line with the European regulation. The goal of master's thesis is the evaluation of mobile health applications from privacy protection point view and from the aspect of compliance with General Data Protection Regulation. In our work we developed indicators for the protection of sensitive data in health applications and indicators of compliance with General Data Protection Regulation. With the help of open source tools, we developed the architecture for security analysis of mobile applications. We randomly chose ten applications, which we analyzed and evaluated against the developed indicators. With the results we presented the current situation and proposed improvements and recommendations for developers of mobile health applications to suit them with current legislation

Exploring the potential of using mobile applications in diabetes management

Background Diabetes mellitus is a common chronic disease and a leading cause of morbidity, complications and mortality worldwide. The number of people living with diabetes is projected to rise sharply over the forthcoming decades. Diabetes care is complex and can overburden clinicians and nurses. There is a need for innovative, flexible and cost-effective technologies to enable successful diabetes management. This thesis explores the opportunities and challenges of the mobile application (app) technology as a potential tool to support diabetes care and management. Purpose The purpose was to develop and evaluate a mobile app that supports healthcare professionals (HCPs) in clinical decision-making. Methods A mixed-methods approach was used following the user-centred design (UCD) framework for the design and implementation of all studies. Quantitative and qualitative systematic reviews of studies reporting the use of mobile apps to support diabetes management were undertaken to identify, appraise and summarise available research evidence. An interview study was carried out with diabetes specialist nurses (DSNs), to explore their experiences and views, and to identify user requirements for apps. Lastly, a guidelines-based mobile clinical decision-support app was developed and tested with junior doctors and DSNs in a controlled environment to evaluate its usability and impact on adherence to clinical guidelines, and to explore how participants experienced the app and their suggestions for improvements. Results Both reviews found that the existing evidence base for mobile apps is weak and inadequate to draw conclusions about the impact of their use as interventions in diabetes management. The interview study identified that nurses lack experience in using apps in clinical practice, even though they believed it could facilitate and support their work. ‘Diabetes & CKD’, a simple mobile decision-support app, has been designed and built for the study to assist HCPs in management of patients with diabetes and kidney disease and was tested by 39 junior doctors and 3 DSNs. It had no impact on the accuracy of decisions. Feedback from participants after the pilot session and usability testing indicated a wish to integrate such apps into their clinical practice with a strong willingness to use them in the future. Conclusions Application of UCD methods was efficient as the app was well-accepted by both DSNs and junior doctors. Despite the positive views and the strong willingness to use such apps, they are not widely used. There is a need to regulate the use of medical apps in clinical practice. Further research with rigorous methodology is required upon which policymakers and practitioners can base their decision-making