%0 Journal Article %@ 2563-3570 %I JMIR Publications %V 6 %N %P e70463 %T Decentralized Biobanking Apps for Patient Tracking of Biospecimen Research: Real-World Usability and Feasibility Study %A Sanchez,William %A Dewan,Ananya %A Budd,Eve %A Eifler,M %A Miller,Robert C %A Kahn,Jeffery %A Macis,Mario %A Gross,Marielle %+ Johns Hopkins Berman Institute of Bioethics, Johns Hopkins University, 1809 Ashland Ave., Baltimore, PA, 17225, United States, 1 8135416103, mariellesophiagross@gmail.com %K patient empowerment %K biobanking %K biospecimens %K transparency %K community engagement %K nonfungible tokens %K NFTs %K blockchain technology %K decentralized biobanking %K pilot studies %K technical feasibility %K biowallet %D 2025 %7 10.4.2025 %9 Original Paper %J JMIR Bioinform Biotech %G English %X Background: Biobank privacy policies strip patient identifiers from donated specimens, undermining transparency, utility, and value for patients, scientists, and society. We are advancing decentralized biobanking apps that reconnect patients with biospecimens and facilitate engagement through a privacy-preserving nonfungible token (NFT) digital twin framework. The decentralized biobanking platform was first piloted for breast cancer biobank members. Objective: This study aimed to demonstrate the technical feasibility of (1) patient-friendly biobanking apps, (2) integration with institutional biobanks, and (3) establishing the foundation of an NFT digital twin framework for decentralized biobanking. Methods: We designed, developed, and deployed a decentralized biobanking mobile app for a feasibility pilot from 2021 to 2023 in the setting of a breast cancer biobank at a National Cancer Institute comprehensive cancer center. The Flutter app was integrated with the biobank’s laboratory information management systems via an institutional review board–approved mechanism leveraging authorized, secure devices and anonymous ID codes and complemented with a nontransferable ERC-721 NFT representing the soul-bound connection between an individual and their specimens. Biowallet NFTs were held within a custodial wallet, whereas the user experiences simulated token-gated access to personalized feedback about collection and use of individual and collective deidentified specimens. Quantified app user journeys and NFT deployment data demonstrate technical feasibility complemented with design workshop feedback. Results: The decentralized biobanking app incorporated key features: “biobank” (learn about biobanking), “biowallet” (track personal biospecimens), “labs” (follow research), and “profile” (share data and preferences). In total, 405 pilot participants downloaded the app, including 361 (89.1%) biobank members. A total of 4 central user journeys were captured. First, all app users were oriented to the ≥60,000-biospecimen collection, and 37.8% (153/405) completed research profiles, collectively enhancing annotations for 760 unused specimens. NFTs were minted for 94.6% (140/148) of app users with specimens at an average cost of US $4.51 (SD US $2.54; range US $1.84-$11.23) per token, projected to US $17,769.40 (SD US $159.52; range US $7265.62-$44,229.27) for the biobank population. In total, 89.3% (125/140) of the users successfully claimed NFTs during the pilot, thereby tracking 1812 personal specimens, including 202 (11.2%) distributed under 42 unique research protocols. Participants embraced the opportunity for direct feedback, community engagement, and potential health benefits, although user onboarding requires further refinement. Conclusions: Decentralized biobanking apps demonstrate technical feasibility for empowering patients to track donated biospecimens via integration with institutional biobank infrastructure. Our pilot reveals potential to accelerate biomedical research through patient engagement; however, further development is needed to optimize the accessibility, efficiency, and scalability of platform design and blockchain elements, as well as a robust incentive and governance structure for decentralized biobanking. %M 40208659 %R 10.2196/70463 %U https://bioinform.jmir.org/2025/1/e70463 %U https://doi.org/10.2196/70463 %U http://www.ncbi.nlm.nih.gov/pubmed/40208659 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 27 %N %P e59231 %T Media Framing and Portrayals of Ransomware Impacts on Informatics, Employees, and Patients: Systematic Media Literature Review %A Avery,Atiya %A Baker,Elizabeth White %A Wright,Brittany %A Avery,Ishmael %A Gomez,Dream %+ , Harbert College of Business, Auburn University, 405 W Magnolia Ave, Auburn, AL, 36849, United States, 1 334 844 2908, atiya.avery@auburn.edu %K cybersecurity %K media frames %K medical informatics %K practitioners %K health care provider %K systematic review %K employees %K patient %K mortality %K morbidity %K news media %K ransomware %K health information system %K database %K health care service %D 2025 %7 8.4.2025 %9 Review %J J Med Internet Res %G English %X Background: Ransomware attacks on health care provider information systems have the potential to impact patient mortality and morbidity, and event details are relayed publicly through news stories. Despite this, little research exists on how these events are depicted in the media and the subsequent impacts of these events. Objective: This study used collaborative qualitative analysis to understand how news media frames and portrays the impacts of ransomware attacks on health informatic systems, employees, and patients. Methods: We developed and implemented a systematic search protocol across academic news databases, which included (1) the Associated Press Newswires, (2) Newspaper Source, and (3) Access World News (Newsbank), using the search string “(hospital OR healthcare OR clinic OR medical) AND (ransomware OR denial of service OR cybersecurity).” In total, 4 inclusion and 4 exclusion criteria were applied as part of the search protocol. For articles included in the study, we performed an inductive and deductive analysis of the news articles, which included their article characteristics, impact portrayals, media framings, and discussions of the core functions outlined in the National Institute of Standards and Technologies (NIST) Cybersecurity Framework 2.0. Results: The search returned 2195 articles, among which 48 news articles published from 2009 to 2023 were included in the study. First, an analysis of the geographic prevalence showed that the United States (34/48, 71%), followed to a lesser extent by India (4/48, 8%) and Canada (3/48, 6%), featured more prominently in our sample. Second, there were no apparent year-to-year patterns in the occurrence of reported events of ransomware attacks on health care provider information systems. Third, ransomware attacks on health care provider information systems appeared to cascade from a single point of failure. Fourth, media frames regarding “human interest” and “responsibility” were equally representative in the sample. The “response” function of the NIST Cybersecurity Framework 2.0 was noted in 36 of the 48 (75%) articles. Finally, we noted that 17 (14%) of the articles assessed for eligibility were excluded from this study as they promoted a product or service or spoke hypothetically about ransomware events among health care providers. Conclusions: Organizational response represented a substantial aspect of the news articles in our corpus. To address the perception of health care providers’ management of ransomware attacks, they should take measures to influence perceptions of (1) health care service continuity, despite a lack of availability of health informatics; (2) responsibility for the patient experience; and (3) acknowledgment of the strain on health care practitioners and patients through a public declaration of support and gratitude. Furthermore, the media portrayals revealed a prevalence of single points of failure in the health informatics system, thus providing guidance for the implementation of safety protocols that could significantly reduce cascading impacts. %M 40198915 %R 10.2196/59231 %U https://www.jmir.org/2025/1/e59231 %U https://doi.org/10.2196/59231 %U http://www.ncbi.nlm.nih.gov/pubmed/40198915 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 13 %N %P e65747 %T Participant Evaluation of Blockchain-Enhanced Women’s Health Research Apps: Mixed Methods Experimental Study %A Ng,Madelena Y %A Halpern,Jodi %A Shane,Olivia %A Teng,Tina %A Nguyễn,Michael %A Alt,Casey Ryan %A Leite,Anaïs Barthe %A Moss-Pultz,Sean %A Lyles,Courtney R %A Cheshire,Coye %+ , School of Public Health, University of California, Berkeley, 2121 Berkeley Way, Berkeley, CA, 94704, United States, 1 5106426000, madelena.ng@berkeley.edu %K blockchain technology %K privacy %K trust %K data control %K data ownership %K digital health study %K user-centered design %K user experience %K mHealth %K mobile health %K women’s health %K reproductive health %K data sharing %K research participation %K bioethics %D 2025 %7 25.3.2025 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Blockchain technology has capabilities that can transform how sensitive personal health data are safeguarded, shared, and accessed in digital health research. Women’s health data are considered especially sensitive, given the privacy and safety risks associated with their unauthorized disclosure. These risks may affect research participation. Using a privacy-by-design approach, we developed 2 app-based women’s health research study prototypes for user evaluation and assessed how blockchain may impact participation. Objective: This study aims to seek the perspectives of women to understand whether applications of blockchain technology in app-based digital research would affect their decision to participate and contribute sensitive personal health data. Methods: A convergent, mixed methods, experimental design was used to evaluate participant perceptions and attitudes toward using 2 app-based women’s health research study prototypes with blockchain features. Prototype A was based on the status quo ResearchKit framework and had extensive electronic informed consent, while prototype B minimized study onboarding requirements and had no informed consent; the mechanisms of how the contributed data flowed and were made pseudonymous were the same. User evaluations were carried out in February and March 2021 and consisted of a think-aloud protocol, a perception survey, and a semistructured interview. Findings were mapped to the technology acceptance model to guide interpretation. Results: We recruited 16 representative female participants from 175 respondents. User evaluations revealed that while participants considered prototype B easier to use on intuitive navigation (theme 1) of specified tasks and comprehension (theme 2) of research procedures, prototype A trended toward being perceived more favorably than prototype B across most perception survey constructs, with an overall lower level of privacy concern (mean [SD]: 2.22 [1.10] vs 2.95 [1.29]) and perceived privacy risk (2.92 [1.46] vs 3.64 [1.73]) and higher level of perceived privacy (5.21 [1.26] vs 4.79 [1.47]), trust (5.46 [1.19] vs 4.76 [1.27]), and usability (67.81 [21.77] vs 64.84 [23.69]). Prototype B was perceived more favorably than prototype A with perceived control (4.92 [1.32] vs 4.89 [1.29]) and perceived ownership (5.18 [0.59] vs 5.01 [0.96]). These constructs, except for perceived ownership, were significantly correlated with behavioral intention to use the app (P<.05). Participants perceived the usefulness of these prototypes in relation to the value of research study to women’s health field (theme 3), the value of research study to self (theme 4), and the value of blockchain features for participation (theme 5). Conclusions: This study provides nuanced insights into how blockchain applications in app-based research remain secondary in value to participants’ expectations of health research, and hence their intention to participate and contribute data. However, with impending data privacy and security concerns, it remains prudent to understand how to best integrate blockchain technology in digital health research infrastructure. %M 40131317 %R 10.2196/65747 %U https://mhealth.jmir.org/2025/1/e65747 %U https://doi.org/10.2196/65747 %U http://www.ncbi.nlm.nih.gov/pubmed/40131317 %0 Journal Article %@ 1929-073X %I JMIR Publications %V 14 %N %P e60548 %T Effective Recruitment or Bot Attack? The Challenge of Internet-Based Research Surveys and Recommendations to Reduce Risk and Improve Robustness %A Donkin,Liesje %A Henry,Nathan %A Kercher,Amy %A Pedersen,Mangor %A Wilson,Holly %A Chan,Amy Hai Yan %+ Department of Psychology and Neuroscience, Auckland University of Technology, Private Bag 92006, Auckland, 1142, New Zealand, 64 21847886, liesje.donkin@aut.ac.nz %K internet-based research %K research methodology %K surveys %K data integrity %K bot attacks %K technology %K data manipulation %K spam %K false %K falsification %K fraudulent %K fraud %K bots %K research methods %K data collection %K verify %K verification %K participants %D 2025 %7 14.3.2025 %9 Viewpoint %J Interact J Med Res %G English %X Internet-based research has exploded in popularity in recent years, enabling researchers to offer both investigations and interventions to broader participant populations than ever before. However, challenges associated with internet-based research have also increased—notably, difficulties verifying participant data and deliberate data manipulation by bot and spam responses. This study presents a viewpoint based on 2 case studies where internet-based research was affected by bot and spam attacks. We aim to share the learnings from these experiences with recommendations for future research practice that may reduce the likelihood or impact of future attacks. The screening and verification processes used are presented and discussed, including the limitations of these. Based on our experience, security and screening within internet-based research platforms are partly effective, but no solution is available to protect researchers completely against bot attacks. Implications for future research and advice for health researchers are discussed. %M 40086470 %R 10.2196/60548 %U https://www.i-jmr.org/2025/1/e60548 %U https://doi.org/10.2196/60548 %U http://www.ncbi.nlm.nih.gov/pubmed/40086470 %0 Journal Article %@ 2561-326X %I JMIR Publications %V 9 %N %P e64565 %T Testing and Iterative Improvement of the CEN ISO/TS 82304-2 Health App Quality Assessment: Pilot Interrater Reliability Study %A Frey,Anna-Lena %A Matei,Diana %A Phillips,Ben %A McCabe,Adam %A Fuller,Rachel %A Laibarra,Begoña %A Alonso,Laura %A de la Hoz,Victor %A Pratdepadua Bufill,Carme %A Llebot Casajuana,Berta %A D'Avenio,Giuseppe %A Sottile,Pier Angelo %A Rocchi,Laura Melania %A Errera,Matteo %A Laaissaoui,Yasmine %A Cardinal,Michael %A Kok,Menno %A Hoogendoorn,Petra %+ National eHealth Living Lab, Department of Public Health and Primary Care, Leiden University Medical Center, Albinusdreef 2, Leiden, 2333 ZA, The Netherlands, 31 654341785, a.p.y.hoogendoorn@lumc.nl %K health apps %K mobile health %K digital health %K quality evaluation %K assessment framework %K interrater reliability %D 2025 %7 10.3.2025 %9 Original Paper %J JMIR Form Res %G English %X Background: With the increasing use of health apps and ongoing concerns regarding their safety, effectiveness, and data privacy, numerous health app quality assessment frameworks have emerged. However, assessment initiatives experience difficulties scaling, and there is currently no comprehensive, consistent, internationally recognized assessment framework. Therefore, health apps often need to undergo several quality evaluations to enter different markets, leading to duplication of work. The CEN ISO/TS 82304‑2 health app assessment seeks to address this issue, aiming to provide an internationally accepted quality evaluation through a network of assessment organizations located in different countries. Objective: This study aimed to develop and evolve the draft CEN ISO/TS 82304-2 assessment handbook and developer guidance by testing them across organizations in several countries. Methods: Assessment organizations from 5 countries were engaged to evaluate 24 health apps using the evolving CEN ISO/TS 82304-2 assessment across 3 evaluation rounds. The information submitted by a given health app developer was evaluated by 2 assessment organizations, and interrater reliability was examined. In addition, app developers and assessors were asked to report how much time they spent on information collation or evaluation and to rate the clarity of the developer guidance or assessor handbook, respectively. The collected data were used to iteratively improve the handbook and guidance between rounds. Results: The interrater reliability between assessment organizations improved from round 1 to round 2 and stayed relatively stable between rounds 2 and 3, with 80% (55/69) of assessment questions demonstrating moderate or better (Gwet AC1>0.41) agreement in round 3. The median time required by developers to prepare the assessment information was 8 hours and 59 minutes (IQR 5.7-27.1 hours) in round 3, whereas assessors reported a median evaluation time of 8 hours and 46 minutes (IQR 7.1-11.0 hours). The draft guidance and handbook were generally perceived as clear, with a median round-3 clarity rating of 1.73 (IQR 1.64-1.90) for developers and 1.78 (IQR 1.71-1.89) for assessors (0=“very unclear”, 1=“somewhat unclear”, and 2=“completely clear”). Conclusions: To our knowledge, this is the first study to examine the consistency of health app evaluations across organizations located in different countries. Given that the CEN ISO/TS 82304-2 guidance and handbook are still under development, the interrater reliability findings observed at this early stage are promising, and this study provided valuable information for further refinement of the assessment. This study marks an important first step toward establishing the CEN ISO/TS 82304-2 assessment as a consistent, cross-national health app evaluation. It is envisioned that the assessment will ultimately help avoid duplication of work, prevent inequities by facilitating access to smaller markets for developers, and build trust among users, thereby increasing the adoption of high-quality health apps. %M 40063936 %R 10.2196/64565 %U https://formative.jmir.org/2025/1/e64565 %U https://doi.org/10.2196/64565 %U http://www.ncbi.nlm.nih.gov/pubmed/40063936 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 27 %N %P e51517 %T Exploration of Reproductive Health Apps’ Data Privacy Policies and the Risks Posed to Users: Qualitative Content Analysis %A Zadushlivy,Nina %A Biviji,Rizwana %A Williams,Karmen S %+ Department of Health Policy and Management, Graduate School of Public Health and Health Policy, City University of New York, 55 W. 125th Street, New York, NY, 10027, United States, 1 918 816 0915, Karmen.Williams@sph.cuny.edu %K data privacy policy %K reproductive health apps %K Transparency, Health Content, Excellent Technical Content, Security/Privacy, Usability, Subjective %K THESIS %K THESIS evaluation %K women’s health %K menstrual health %K mobile health %K mHealth %K menstruating persons’ health %K mobile phone %D 2025 %7 5.3.2025 %9 Original Paper %J J Med Internet Res %G English %X Background: Mobile health apps often require the collection of identifiable information. Subsequently, this places users at significant risk of privacy breaches when the data are misused or not adequately stored and secured. These issues are especially concerning for users of reproductive health apps in the United States as protection of sensitive user information is affected by shifting governmental regulations such as the overruling of Roe v Wade and varying state-level abortion laws. Limited studies have analyzed the data privacy policies of these apps and considered the safety issues associated with a lack of user transparency and protection. Objective: This study aimed to evaluate popular reproductive health apps, assess their individual privacy policies, analyze federal and state data privacy laws governing these apps in the United States and the European Union (EU), and recommend best practices for users and app developers to ensure user data safety. Methods: In total, 4 popular reproductive health apps—Clue, Flo, Period Tracker by GP Apps, and Stardust—as identified from multiple web sources were selected through convenience sampling. This selection ensured equal representation of apps based in the United States and the EU, facilitating a comparative analysis of data safety practices under differing privacy laws. A qualitative content analysis of the apps and a review of the literature on data use policies, governmental data privacy regulations, and best practices for mobile app data privacy were conducted between January 2023 and July 2023. The apps were downloaded and systematically evaluated using the Transparency, Health Content, Excellent Technical Content, Security/Privacy, Usability, Subjective (THESIS) evaluation tool to assess their privacy and security practices. Results: The overall privacy and security scores for the EU-based apps, Clue and Flo, were both 3.5 of 5. In contrast, the US-based apps, Period Tracker by GP Apps and Stardust, received scores of 2 and 4.5, respectively. Major concerns regarding privacy and data security primarily involved the apps’ use of IP address tracking and the involvement of third parties for advertising and marketing purposes, as well as the potential misuse of data. Conclusions: Currently, user expectations for data privacy in reproductive health apps are not being met. Despite stricter privacy policies, particularly with state-specific adaptations, apps must be transparent about data storage and third-party sharing even if just for marketing or analytical purposes. Given the sensitivity of reproductive health data and recent state restrictions on abortion, apps should minimize data collection, exceed encryption and anonymization standards, and reduce IP address tracking to better protect users. %M 40053713 %R 10.2196/51517 %U https://www.jmir.org/2025/1/e51517 %U https://doi.org/10.2196/51517 %U http://www.ncbi.nlm.nih.gov/pubmed/40053713 %0 Journal Article %@ 2368-7959 %I JMIR Publications %V 12 %N %P e63149 %T Harnessing Internet Search Data as a Potential Tool for Medical Diagnosis: Literature Review %A Downing,Gregory J %A Tramontozzi,Lucas M %A Garcia,Jackson %A Villanueva,Emma %+ Innovation Horizons, Inc, 2819 27th Street, NW, Washington, DC, 20008, United States, 1 (301) 675 1346, gregory.downing@innovationhorizons.net %K health %K informatics %K internet search data %K early diagnosis %K web search %K information technology %K internet %K machine learning %K medical records %K diagnosis %K health care %K self-diagnosis %K detection %K intervention %K patient education %K internet search %K health-seeking behavior %K artificial intelligence %K AI %D 2025 %7 11.2.2025 %9 Review %J JMIR Ment Health %G English %X Background: The integration of information technology into health care has created opportunities to address diagnostic challenges. Internet searches, representing a vast source of health-related data, hold promise for improving early disease detection. Studies suggest that patterns in search behavior can reveal symptoms before clinical diagnosis, offering potential for innovative diagnostic tools. Leveraging advancements in machine learning, researchers have explored linking search data with health records to enhance screening and outcomes. However, challenges like privacy, bias, and scalability remain critical to its widespread adoption. Objective: We aimed to explore the potential and challenges of using internet search data in medical diagnosis, with a specific focus on diseases and conditions such as cancer, cardiovascular disease, mental and behavioral health, neurodegenerative disorders, and nutritional and metabolic diseases. We examined ethical, technical, and policy considerations while assessing the current state of research, identifying gaps and limitations, and proposing future research directions to advance this emerging field. Methods: We conducted a comprehensive analysis of peer-reviewed literature and informational interviews with subject matter experts to examine the landscape of internet search data use in medical research. We searched for published peer-reviewed literature on the PubMed database between October and December 2023. Results: Systematic selection based on predefined criteria included 40 articles from the 2499 identified articles. The analysis revealed a nascent domain of internet search data research in medical diagnosis, marked by advancements in analytics and data integration. Despite challenges such as bias, privacy, and infrastructure limitations, emerging initiatives could reshape data collection and privacy safeguards. Conclusions: We identified signals correlating with diagnostic considerations in certain diseases and conditions, indicating the potential for such data to enhance clinical diagnostic capabilities. However, leveraging internet search data for improved early diagnosis and health care outcomes requires effectively addressing ethical, technical, and policy challenges. By fostering interdisciplinary collaboration, advancing infrastructure development, and prioritizing patient engagement and consent, researchers can unlock the transformative potential of internet search data in medical diagnosis to ultimately enhance patient care and advance health care practice and policy. %M 39813106 %R 10.2196/63149 %U https://mental.jmir.org/2025/1/e63149 %U https://doi.org/10.2196/63149 %U http://www.ncbi.nlm.nih.gov/pubmed/39813106 %0 Journal Article %@ 2292-9495 %I JMIR Publications %V 12 %N %P e62974 %T The Safety of Digital Mental Health Interventions: Findings and Recommendations From a Qualitative Study Exploring Users’ Experiences, Concerns, and Suggestions %A Taher,Rayan %A Stahl,Daniel %A Shergill,Sukhi %A Yiend,Jenny %+ Department of Psychosis Studies, King’s College London, Institute of Psychiatry, Psychology & Neuroscience (IoPPN), 16 De Crespigny Park, London, SE5 8AB, United Kingdom, 44 020 7848 0002, jenny.yiend@kcl.ac.uk %K digital mental health %K safety %K user perspective %K patient perspective %K qualitative %K risks %K risk mitigation %K deterioration %K nonresponse %K data safety %D 2025 %7 7.2.2025 %9 Original Paper %J JMIR Hum Factors %G English %X Background: The literature around the safety of digital mental health interventions (DMHIs) is growing. However, the user/patient perspective is still absent from it. Understanding the user/patient perspective can ensure that professionals address issues that are significant to users/patients and help direct future research in the field. Objective: This qualitative study aims to explore DMHI users’ experiences, views, concerns, and suggestions regarding the safety of DMHIs. Methods: We included individuals aged 18 years old or older, having experience in using a DMHI, and can speak and understand English without the need for a translator. Fifteen individual interviews were conducted. Deductive thematic analysis was used to analyze the data. Results: The analysis of the interview transcripts yielded 3 main themes: Nonresponse: A Concern, a Risk, and How Users Mitigate It, Symptom Deterioration and Its Management, and Concerns Around Data Privacy and How to Mitigate Them. Conclusions: The results of this study led to 7 recommendations on how the safety of DMHIs can be improved: provide “easy access” versions of key information, use “approved by...” badges, anticipate and support deterioration, provide real-time feedback, acknowledge the lack of personalization, responsibly manage access, and provide genuine crisis support. These recommendations arose from users’ experiences and suggestions. If implemented, these recommendations can improve the safety of DMHIs and enhance users’ experience. %M 39919292 %R 10.2196/62974 %U https://humanfactors.jmir.org/2025/1/e62974 %U https://doi.org/10.2196/62974 %U http://www.ncbi.nlm.nih.gov/pubmed/39919292 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 27 %N %P e54790 %T Rehabilomics Strategies Enabled by Cloud-Based Rehabilitation: Scoping Review %A Oh,Sejun %A Lee,SangHeon %+ Department of Physical Medicine and Rehabilitation, Korea University Anam Hospital, 145, Anam-Ro, Seongbuk-Gu, Seoul, 02841, Republic of Korea, 82 2286 1419, rmlsh@korea.ac.kr %K cloud-based %K health %K rehabilitation %K rehabilomics %K strategies %D 2025 %7 28.1.2025 %9 Review %J J Med Internet Res %G English %X Background: Rehabilomics, or the integration of rehabilitation with genomics, proteomics, metabolomics, and other “-omics” fields, aims to promote personalized approaches to rehabilitation care. Cloud-based rehabilitation offers streamlined patient data management and sharing and could potentially play a significant role in advancing rehabilomics research. This study explored the current status and potential benefits of implementing rehabilomics strategies through cloud-based rehabilitation. Objective: This scoping review aimed to investigate the implementation of rehabilomics strategies through cloud-based rehabilitation and summarize the current state of knowledge within the research domain. This analysis aims to understand the impact of cloud platforms on the field of rehabilomics and provide insights into future research directions. Methods: In this scoping review, we systematically searched major academic databases, including CINAHL, Embase, Google Scholar, PubMed, MEDLINE, ScienceDirect, Scopus, and Web of Science to identify relevant studies and apply predefined inclusion criteria to select appropriate studies. Subsequently, we analyzed 28 selected papers to identify trends and insights regarding cloud-based rehabilitation and rehabilomics within this study’s landscape. Results: This study reports the various applications and outcomes of implementing rehabilomics strategies through cloud-based rehabilitation. In particular, a comprehensive analysis was conducted on 28 studies, including 16 (57%) focused on personalized rehabilitation and 12 (43%) on data security and privacy. The distribution of articles among the 28 studies based on specific keywords included 3 (11%) on the cloud, 4 (14%) on platforms, 4 (14%) on hospitals and rehabilitation centers, 5 (18%) on telehealth, 5 (18%) on home and community, and 7 (25%) on disease and disability. Cloud platforms offer new possibilities for data sharing and collaboration in rehabilomics research, underpinning a patient-centered approach and enhancing the development of personalized therapeutic strategies. Conclusions: This scoping review highlights the potential significance of cloud-based rehabilomics strategies in the field of rehabilitation. The use of cloud platforms is expected to strengthen patient-centered data management and collaboration, contributing to the advancement of innovative strategies and therapeutic developments in rehabilomics. %M 39874565 %R 10.2196/54790 %U https://www.jmir.org/2025/1/e54790 %U https://doi.org/10.2196/54790 %U http://www.ncbi.nlm.nih.gov/pubmed/39874565 %0 Journal Article %@ 2561-6722 %I JMIR Publications %V 8 %N %P e63270 %T Perspectives on Swedish Regulations for Online Record Access Among Adolescents With Serious Health Issues and Their Parents: Mixed Methods Study %A Hagström,Josefin %A Blease,Charlotte %A Harila,Arja %A Lähteenmäki,Päivi %A Scandurra,Isabella %A Hägglund,Maria %+ Participatory eHealth and Health Data Research Group, Department of Women’s and Children’s Health, Uppsala University, Dag Hammarskjölds väg 14B, Uppsala, 752 37, Sweden, 46 734697474, josefin.hagstrom@uu.se %K health care professionals %K adolescent health %K patient-accessible electronic health record %K electronic health record %K patient portal %K survey %K eHealth %K interviews %D 2025 %7 27.1.2025 %9 Original Paper %J JMIR Pediatr Parent %G English %X Background: With the increasing implementation of patient online record access (ORA), various approaches to access to minors’ electronic health records have been adopted globally. In Sweden, the current regulatory framework restricts ORA for minors and their guardians when the minor is aged between 13 and 15 years. Families of adolescents with complex health care needs often desire health information to manage their child’s care and involve them in their care. However, the perspectives of adolescents with serious health issues and their parents have not been studied. Objective: This study aims to qualitatively and quantitatively investigate the perceived benefits and risks of ORA and the awareness of and views on ORA regulations among adolescents with serious health issues and their parents in Sweden. Methods: We used a convergent mixed methods (qualitative and quantitative) design, consisting of a survey and semistructured individual interviews with adolescents with serious health issues (aged 13-18 y) and their parents. Participants were recruited via social media and in clinics. Quantitative data were presented descriptively. Interviews were audio recorded, transcribed, and analyzed using inductive thematic content analysis. Results: The survey population included 88 individuals (adolescents: n=31, 35%; parents: n=57, 65%). Interviews were completed by 8 (26%) of the 31 adolescents and 17 (30%) of the 57 parents. The mean age of the surveyed adolescents was 16 (SD 1.458) years, and most of the parents (29/57, 51%) were aged 45 to 54 years. The surveys indicated that most of the parents (51/56, 91%) were critical of the access gap, and most of the adolescents (20/31, 65%) were unaware of the age at which they could gain access. In the interviews, adolescents and parents identified benefits related to ORA that were categorized into 6 themes (empowering adolescents, improved emotional state, enhanced documentation accuracy, improved partnership and communication, supported parental care management, and better prepared for appointments) and risks related to ORA that were categorized into 4 themes (emotional distress and confusion, threatened confidentiality, increased burden, and low usability). Adolescents’ and parents’ views on ORA regulations were categorized into 3 themes (challenges of the access gap, balancing respect for autonomy and support, and suggested regulatory change). Conclusions: In Sweden, ORA regulations and a lack of available information cause significant inconvenience for adolescents with serious health issues and their parents. Views on access age limits differed, with adolescents expressing their perceived need for independent access, while parents exhibited concerns about adolescents having ORA. The findings indicated the importance of increased education, dialogue, and flexibility to uphold confidential and consistent delivery of adolescent health care. Further exploration is needed to understand the experiences of adolescents and parents in diverse clinical and geographic contexts, as well as the perspectives of pediatric health care professionals on restrictive ORA regulations. %M 39869908 %R 10.2196/63270 %U https://pediatrics.jmir.org/2025/1/e63270 %U https://doi.org/10.2196/63270 %U http://www.ncbi.nlm.nih.gov/pubmed/39869908 %0 Journal Article %@ 2561-326X %I JMIR Publications %V 9 %N %P e64244 %T The Association of Psychological Factors With Willingness to Share Health-Related Data From Technological Devices: Cross-Sectional Questionnaire Study %A Eversdijk,Marijn %A Douma,Emma Rixt %A Habibovic,Mirela %A Kop,Willem Johan %K health data sharing %K privacy concerns %K wearable health technology %K personality %K psychological flexibility %K optimism %K social inhibition %K psychological factors %K willingness %K health-related data %K mobile phone %D 2025 %7 23.1.2025 %9 %J JMIR Form Res %G English %X Background: Health-related data from technological devices are increasingly obtained through smartphone apps and wearable devices. These data could enable physicians and other care providers to monitor patients outside the clinic or assist individuals in improving lifestyle factors. However, the use of health technology data might be hampered by the reluctance of patients to share personal health technology data because of the privacy sensitivity of this information. Objective: This study investigates to what extent psychological factors play a role in people’s willingness to share personal health technology data. Methods: Data for this cross-sectional study were obtained by quota sampling based on age and sex in a community-based sample (N=1013; mean age 48.6, SD 16.6 years; 522/1013, 51.5% women). Willingness to share personal health technology data and related privacy concerns were assessed using an 8-item questionnaire with good psychometric properties (Cronbach’s α=0.82). Psychological variables were assessed using validated questionnaires for optimism (Life Orientation Test—Revised), psychological flexibility (Psychological Flexibility Questionnaire), negative affectivity (Type D Scale-14—Negative Affectivity), social inhibition (Type D Scale-14—Social Inhibition), generalized anxiety (Generalized Anxiety Disorder-7), and depressive symptoms (Patient Health Questionnaire-9). Data were analyzed using multiple linear regression analyses, and network analysis was used to visualize the associations between the item scores. Results: Higher levels of optimism (β=.093; P=.004) and psychological flexibility (β=.127; P<.001) and lower levels of social inhibition (β=−.096; P=.002) were significantly associated with higher levels of willingness to share health technology data when adjusting for age, sex, and education level in separate regression models. Other associations with psychological variables were not statistically significant. Network analysis revealed that psychological flexibility clustered more with items that focused on the benefits of sharing data, while optimism was negatively associated with privacy concerns. Conclusions: The current results suggest that people with higher levels of optimism and psychological flexibility and those with lower social inhibition levels are more likely to share health technology data. The magnitude of the effect sizes was low, and future studies with additional psychological measures are needed to establish which factors identify people who are reluctant to share their data such that optimal use of devices in health care can be facilitated. %R 10.2196/64244 %U https://formative.jmir.org/2025/1/e64244 %U https://doi.org/10.2196/64244 %0 Journal Article %@ 2291-9694 %I JMIR Publications %V 13 %N %P e66444 %T The Impact of Data Control and Delayed Discounting on the Public’s Willingness to Share Different Types of Health Care Data: Empirical Study %A Wei,Dongle %A Gao,Pan %A Zhai,Yunkai %K health data control %K delay discounting rate %K mental accounting %K health data %K data sharing %K willingness %K patient-generated data %K clinical medical data %K disease prevention %K precision medicine %K health care %K portability %K accountability %K app %K web-based survey %K data security %K data privacy %K mobile phone %D 2025 %7 22.1.2025 %9 %J JMIR Med Inform %G English %X Background: Health data typically include patient-generated data and clinical medical data. Different types of data contribute to disease prevention, precision medicine, and the overall improvement of health care. With the introduction of regulations such as the Health Insurance Portability and Accountability Act (HIPAA), individuals play a key role in the sharing and application of personal health data. Objective: This study aims to explore the impact of different types of health data on users’ willingness to share. Additionally, it analyzes the effect of data control and delay discounting rate on this process. Methods: The results of a web-based survey were analyzed to examine individuals’ perceptions of sharing different types of health data and how data control and delay discounting rates influenced their decisions. We recruited participants for our study through the web-based platform “Wenjuanxing.” After screening, we obtained 257 valid responses. Regression analysis was used to investigate the impact of data control, delayed discounting, and mental accounting on the public’s willingness to share different types of health care data. Results: Our findings indicate that the type of health data does not significantly affect the perceived benefits of data sharing. Instead, it negatively influences willingness to share by indirectly affecting data acquisition costs and perceived risks. Our results also show that data control reduces the perceived risks associated with sharing, while higher delay discounting rates lead to an overestimation of data acquisition costs and perceived risks. Conclusions: Individuals’ willingness to share data is primarily influenced by costs. To promote the acquisition and development of personal health data, stakeholders should strengthen individuals’ control over their data or provide direct short-term incentives. %R 10.2196/66444 %U https://medinform.jmir.org/2025/1/e66444 %U https://doi.org/10.2196/66444 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 27 %N %P e59111 %T From Theory to Practice: Viewpoint on Economic Indicators for Trust in Digital Health %A Gille,Felix %A Maaß,Laura %A Ho,Benjamin %A Srivastava,Divya %+ University of Zurich, Digital Society Initiative, Rämistrasse 69, Zurich, 8001, Switzerland, 41 44635 7133, felix.gille@uzh.ch %K trust %K economics %K digital health %K digital health innovation %K artificial intelligence %K AI %K economic evaluation %K public trust %K health data %K medical apps %D 2025 %7 15.1.2025 %9 Viewpoint %J J Med Internet Res %G English %X User trust is pivotal for the adoption of digital health systems interventions (DHI). In response, numerous trust-building guidelines have recently emerged targeting DHIs such as artificial intelligence. The common aim of these guidelines aimed at private sector actors and government policy makers is to build trustworthy DHI. While these guidelines provide some indication of what trustworthiness is, the guidelines typically only define trust and trustworthiness in broad terms, they rarely offer guidance about economic considerations that would allow implementers to measure and balance trade-offs between costs and benefits. These considerations are important when deciding how best to allocate scarce resources (eg, financial capital, workforce, or time). The missing focus on economics undermines the potential usefulness of such guidelines. We propose the development of actionable trust-performance-indicators (including but not limited to surveys) to gather evidence on the cost-effectiveness of trust-building principles as a crucial step for successful implementation. Furthermore, we offer guidance on navigating the conceptual complexity surrounding trust and on how to sharpen the trust discourse. Successful implementation of economic considerations is critical to successfully build user trust in DHI. %M 39813672 %R 10.2196/59111 %U https://www.jmir.org/2025/1/e59111 %U https://doi.org/10.2196/59111 %U http://www.ncbi.nlm.nih.gov/pubmed/39813672 %0 Journal Article %@ 2292-9495 %I JMIR Publications %V 11 %N %P e52448 %T Social Media Recruitment as a Potential Trigger for Vulnerability: Multistakeholder Interview Study %A Matthes,Nina %A Willem,Theresa %A Buyx,Alena %A Zimmermann,Bettina M %K vulnerability %K social media %K clinical study enrollment %K clinical study recruitment %K clinical trials %K stigma %K discrimination %K injustice %K recruitment %K clinical study %K hepatitis B %K TherVacB %K clinical research %K attitudes %K patient privacy %K utilization %D 2024 %7 30.12.2024 %9 %J JMIR Hum Factors %G English %X Background: More clinical studies use social media to increase recruitment accrual. However, empirical analyses focusing on the ethical aspects pertinent when targeting patients with vulnerable characteristics are lacking. Objective: This study aims to explore expert and patient perspectives on vulnerability in the context of social media recruitment and seeks to explore how social media can reduce or amplify vulnerabilities. Methods: As part of an international consortium that tests a therapeutic vaccine against hepatitis B (TherVacB), we conducted 30 qualitative interviews with multidisciplinary experts in social media recruitment (from the fields of clinical research, public relations, psychology, ethics, philosophy, law, and social sciences) about the ethical, legal, and social challenges of social media recruitment. We triangulated the expert assessments with the perceptions of 6 patients with hepatitis B regarding social media usage and attitudes relative to their diagnosis. Results: Experts perceived social media recruitment as beneficial for reaching hard-to-reach populations and preserving patient privacy. Features that may aggravate existing vulnerabilities are the acontextual point of contact, potential breaches of user privacy, biased algorithms disproportionately affecting disadvantaged groups, and technological barriers such as insufficient digital literacy skills and restricted access to relevant technology. We also report several practical recommendations from experts to navigate these triggering effects of social media recruitment, including transparent communication, addressing algorithm bias, privacy education, and multichannel recruitment. Conclusions: Using social media for clinical study recruitment can mitigate and aggravate potential study participants’ vulnerabilities. Researchers should anticipate and address the outlined triggering effects within this study’s design and proactively define strategies to overcome them. We suggest practical recommendations to achieve this. %R 10.2196/52448 %U https://humanfactors.jmir.org/2024/1/e52448 %U https://doi.org/10.2196/52448 %0 Journal Article %@ 2369-2960 %I JMIR Publications %V 10 %N %P e51786 %T Challenges and Lessons Learned in Managing Web-Based Survey Fraud for the Garnering Effective Outreach and Research in Georgia for Impact Alliance–Community Engagement Alliance Survey Administrations %A Craig,Leslie S %A Evans,Christina L %A Taylor,Brittany D %A Patterson,Jace %A Whitfield,Kaleb %A Hill,Mekhi %A Nwagwu,Michelle %A Mubasher,Mohamed %A Bednarczyk,Robert A %A McCray,Gail G %A Gaddis,Cheryl L R %A Taylor,Natasha %A Thompson,Emily %A Douglas,Ursula %A Latimer,Saundra K %A Spivey,Sedessie G %A Henry Akintobi,Tabia %A Quarells,Rakale Collins %K web-based survey research %K data quality %K data integrity %K COVID-19 %K Georgia %K data collection %K scientists %K integrity %K transparency %K public health %K deception %K disinformation %K survey fraud %K legitimate data %D 2024 %7 24.12.2024 %9 %J JMIR Public Health Surveill %G English %X Background: Convenience, privacy, and cost-effectiveness associated with web-based data collection have facilitated the recent expansion of web-based survey research. Importantly, however, practical benefits of web-based survey research, to scientists and participants alike, are being overshadowed by the dramatic rise in suspicious and fraudulent survey submissions. Misinformation associated with survey fraud compromises data quality and data integrity with important implications for scientific conclusions, clinical practice, and social benefit. Transparency in reporting on methods used to prevent and manage suspicious and fraudulent submissions is key to protecting the veracity of web-based survey data; yet, there is limited discussion on the use of antideception strategies during all phases of survey research to detect and eliminate low-quality and fraudulent responses. Objective: This study aims to contribute to an evolving evidence base on data integrity threats associated with web-based survey research by describing study design strategies and antideception tools used during the web-based administration of the Garnering Effective Outreach and Research in Georgia for Impact Alliance–Community Engagement Alliance (GEORGIA CEAL) Against COVID-19 Disparities project surveys. Methods: GEORGIA CEAL was established in response to the COVID-19 pandemic and the need for rapid, yet, valid, community-informed, and community-owned research to guide targeted responses to a dynamic, public health crisis. GEORGIA CEAL Surveys I (April 2021 to June 2021) and II (November 2021 to January 2022) received institutional review board approval from the Morehouse School of Medicine and adhered to the CHERRIES (Checklist for Reporting Results of Internet E-Surveys). Results: A total of 4934 and 4905 submissions were received for Surveys I and II, respectively. A small proportion of surveys (Survey I: n=1336, 27.1% and Survey II: n=1024, 20.9%) were excluded due to participant ineligibility, while larger proportions (Survey I: n=1516, 42.1%; Survey II: n=1423, 36.7%) were flagged and removed due to suspicious activity; 2082 (42.2%) and 2458 (50.1%) of GEORGIA CEAL Surveys I and II, respectively, were retained for analysis. Conclusions: Suspicious activity during GEORGIA CEAL Survey I administration prompted the inclusion of additional security tools during Survey II design and administration (eg, hidden questions, Completely Automated Public Turing Test to Tell Computers and Humans Apart verification, and security questions), which proved useful in managing and detecting fraud and resulted in a higher retention rate across survey waves. By thorough discussion of experiences, lessons learned, and future directions for web-based survey research, this study outlines challenges and best practices for designing and implementing a robust defense against survey fraud. Finally, we argue that, in addition to greater transparency and discussion, community stakeholders need to be intentionally and mindfully engaged, via approaches grounded in community-based participatory research, around the potential for research to enable scientific discoveries in order to accelerate investment in quality, legitimate survey data. %R 10.2196/51786 %U https://publichealth.jmir.org/2024/1/e51786 %U https://doi.org/10.2196/51786 %0 Journal Article %@ 2368-7959 %I JMIR Publications %V 11 %N %P e60003 %T Balancing Between Privacy and Utility for Affect Recognition Using Multitask Learning in Differential Privacy–Added Federated Learning Settings: Quantitative Study %A Benouis,Mohamed %A Andre,Elisabeth %A Can,Yekta Said %K privacy preservation %K multitask learning %K federated learning %K privacy %K physiological signals %K affective computing %K wearable sensors %K sensitive data %K empathetic sensors %K data privacy %K digital mental health %K wearables %K ethics %K emotional well-being %D 2024 %7 23.12.2024 %9 %J JMIR Ment Health %G English %X Background: The rise of wearable sensors marks a significant development in the era of affective computing. Their popularity is continuously increasing, and they have the potential to improve our understanding of human stress. A fundamental aspect within this domain is the ability to recognize perceived stress through these unobtrusive devices. Objective: This study aims to enhance the performance of emotion recognition using multitask learning (MTL), a technique extensively explored across various machine learning tasks, including affective computing. By leveraging the shared information among related tasks, we seek to augment the accuracy of emotion recognition while confronting the privacy threats inherent in the physiological data captured by these sensors. Methods: To address the privacy concerns associated with the sensitive data collected by wearable sensors, we proposed a novel framework that integrates differential privacy and federated learning approaches with MTL. This framework was designed to efficiently identify mental stress while preserving private identity information. Through this approach, we aimed to enhance the performance of emotion recognition tasks while preserving user privacy. Results: Comprehensive evaluations of our framework were conducted using 2 prominent public datasets. The results demonstrate a significant improvement in emotion recognition accuracy, achieving a rate of 90%. Furthermore, our approach effectively mitigates privacy risks, as evidenced by limiting reidentification accuracies to 47%. Conclusions: This study presents a promising approach to advancing emotion recognition capabilities while addressing privacy concerns in the context of empathetic sensors. By integrating MTL with differential privacy and federated learning, we have demonstrated the potential to achieve high levels of accuracy in emotion recognition while ensuring the protection of user privacy. This research contributes to the ongoing efforts to use affective computing in a privacy-aware and ethical manner. %R 10.2196/60003 %U https://mental.jmir.org/2024/1/e60003 %U https://doi.org/10.2196/60003 %0 Journal Article %@ 2369-2960 %I JMIR Publications %V 10 %N %P e64726 %T Strengthening the Backbone: Government-Academic Data Collaborations for Crisis Response %A Yang,Rick %A Yang,Alina %K data infrastructure %K data sharing %K cross-sector collaboration %K government-academic partnerships %K public health %K crisis response %D 2024 %7 28.11.2024 %9 %J JMIR Public Health Surveill %G English %X %R 10.2196/64726 %U https://publichealth.jmir.org/2024/1/e64726 %U https://doi.org/10.2196/64726 %0 Journal Article %@ 2369-2960 %I JMIR Publications %V 10 %N %P e66479 %T Authors’ Reply to: Strengthening the Backbone: Government-Academic Data Collaborations for Crisis Response %A Lee,Jian-Sin %A Tyler,Allison R B %A Veinot,Tiffany Christine %A Yakel,Elizabeth %K COVID-19 %K crisis response %K cross-sector collaboration %K data infrastructures %K data science %K data sharing %K pandemic %K public health informatics %D 2024 %7 28.11.2024 %9 %J JMIR Public Health Surveill %G English %X %R 10.2196/66479 %U https://publichealth.jmir.org/2024/1/e66479 %U https://doi.org/10.2196/66479 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e47311 %T Cybersecurity Interventions in Health Care Organizations in Low- and Middle-Income Countries: Scoping Review %A Hasegawa,Kaede %A O'Brien,Niki %A Prendergast,Mabel %A Ajah,Chris Agape %A Neves,Ana Luisa %A Ghafur,Saira %+ Institute of Global Health Innovation, Imperial College London, 10th Floor, St Mary's Hospital, Praed Street, London, W2 1NY, United Kingdom, 44 020 7594 1419, n.obrien@imperial.ac.uk %K computer security %K internet security %K network security %K digital health %K digital health technology %K cybersecurity %K health data %K global health %K security %K data science %K LMIC %K low income %K low resource %K scoping review %K review methodology %K implementation %K barrier %K facilitator %D 2024 %7 20.11.2024 %9 Review %J J Med Internet Res %G English %X Background: Health care organizations globally have seen a significant increase in the frequency of cyberattacks in recent years. Cyberattacks cause massive disruptions to health service delivery and directly impact patient safety through disruption and treatment delays. Given the increasing number of cyberattacks in low- and middle-income countries (LMICs), there is a need to explore the interventions put in place to plan for cyberattacks and develop cyber resilience. Objective: This study aimed to describe cybersecurity interventions, defined as any intervention to improve cybersecurity in a health care organization, including but not limited to organizational strategy(ies); policy(ies); protocol(s), incident plan(s), or assessment process(es); framework(s) or guidelines; and emergency planning, implemented in LMICs to date and to evaluate their impact on the likelihood and impact of attacks. The secondary objective was to describe the main barriers and facilitators for the implementation of such interventions, where reported. Methods: A systematic search of the literature published between January 2017 and July 2024 was performed on Ovid Medline, Embase, Global Health, and Scopus using a combination of controlled terms and free text. A search of the gray literature within the same time parameters was undertaken on the websites of relevant stakeholder organizations to identify possible additional studies that met the inclusion criteria. Findings from included papers were mapped against the dimensions of the Essentials of Cybersecurity in Health Care Organizations (ECHO) framework and presented as a narrative synthesis. Results: We included 20 studies in this review. The sample size of the majority of studies (13/20, 65%) was 1 facility to 5 facilities, and the studies were conducted in 14 countries. Studies were categorized into the thematic dimensions of the ECHO framework, including context; governance; organizational strategy; risk management; awareness, education, and training; and technical capabilities. Few studies (6/20, 30%) discussed cybersecurity intervention(s) as the primary focus of the paper; therefore, information on intervention(s) implemented had to be deduced. There was no attempt to report on the impact and outcomes in all papers except one. Facilitators and barriers identified were grouped and presented across national or regional, organizational, and individual staff levels. Conclusions: This scoping review’s findings highlight the limited body of research published on cybersecurity interventions implemented in health care organizations in LMICs and large heterogeneity across existing studies in interventions, research objectives, methods, and outcome measures used. Although complex and challenging, future research should specifically focus on the evaluation of cybersecurity interventions and their impact in order to build a robust evidence base to inform evidence-based policy and practice. %M 39566062 %R 10.2196/47311 %U https://www.jmir.org/2024/1/e47311 %U https://doi.org/10.2196/47311 %U http://www.ncbi.nlm.nih.gov/pubmed/39566062 %0 Journal Article %@ 2291-9694 %I JMIR Publications %V 12 %N %P e57754 %T Data Ownership in the AI-Powered Integrative Health Care Landscape %A Liu,Shuimei %A Guo,L Raymond %+ School of Juris Master, China University of Political Science and Law, 25 Xitucheng Rd, Hai Dian Qu, Beijing, 100088, China, 1 (734) 358 3970, shuiliu0802@alumni.iu.edu %K data ownership %K integrative healthcare %K artificial intelligence %K AI %K ownership %K data science %K governance %K consent %K privacy %K security %K access %K model %K framework %K transparency %D 2024 %7 19.11.2024 %9 Viewpoint %J JMIR Med Inform %G English %X In the rapidly advancing landscape of artificial intelligence (AI) within integrative health care (IHC), the issue of data ownership has become pivotal. This study explores the intricate dynamics of data ownership in the context of IHC and the AI era, presenting the novel Collaborative Healthcare Data Ownership (CHDO) framework. The analysis delves into the multifaceted nature of data ownership, involving patients, providers, researchers, and AI developers, and addresses challenges such as ambiguous consent, attribution of insights, and international inconsistencies. Examining various ownership models, including privatization and communization postulates, as well as distributed access control, data trusts, and blockchain technology, the study assesses their potential and limitations. The proposed CHDO framework emphasizes shared ownership, defined access and control, and transparent governance, providing a promising avenue for responsible and collaborative AI integration in IHC. This comprehensive analysis offers valuable insights into the complex landscape of data ownership in IHC and the AI era, potentially paving the way for ethical and sustainable advancements in data-driven health care. %M 39560980 %R 10.2196/57754 %U https://medinform.jmir.org/2024/1/e57754 %U https://doi.org/10.2196/57754 %U http://www.ncbi.nlm.nih.gov/pubmed/39560980 %0 Journal Article %@ 2369-2960 %I JMIR Publications %V 10 %N %P e53340 %T Survey of Citizens’ Preferences for Combined Contact Tracing App Features During a Pandemic: Conjoint Analysis %A Bito,Seiji %A Hayashi,Yachie %A Fujita,Takanori %A Takahashi,Ikuo %A Arai,Hiromi %A Yonemura,Shigeto %+ National Hospital Organization Tokyo Medical Center, 2-5-1 Higashigaoka, Meguro-ku, Tokyo, 1528602, Japan, 81 334113130, bitoseiji@gmail.com %K digital contact tracing apps %K infectious disease %K conjoint analysis %K user attitudes %K public preferences %K citizen values %K attitude to health %K COVID-19 %K contact tracing %K privacy %K questionnaires %D 2024 %7 14.11.2024 %9 Original Paper %J JMIR Public Health Surveill %G English %X Background: During the COVID-19 pandemic, an increased need for novel solutions such as digital contact tracing apps to mitigate virus spread became apparent. These apps have the potential to enhance public health initiatives through timely contact tracing and infection rate reduction. However, public and academic scrutiny has emerged around the adoption and use of these apps due to privacy concerns. Objective: This study aims to investigate public attitudes and preferences for contact tracing apps, specifically in Japan, using conjoint analysis to examine what specifications the public values most in such apps. By offering a nuanced understanding of the values that citizens prioritize, this study can help balance public health benefits and data privacy standards when designing contact tracing apps and serve as reference data for discussions on legal development and social consensus formation in the future. Methods: A cross-sectional, web-based questionnaire survey was conducted to determine how various factors related to the development and integration of infectious disease apps affect the public’s intention to use such apps. Individuals were recruited anonymously by a survey company. All respondents were asked to indicate their preferences for a combination of basic attributes and infectious disease app features for conjoint analysis. The respondents were randomly divided into 2 groups: one responded to a scenario where the government was assumed to be the entity dealing with infectious disease apps (ie, the government cluster), and the other responded to a scenario where a commercial company was assumed to be this entity (ie, the business cluster). Samples of 500 respondents from each randomly selected group were used as target data. Results: For the government cluster, the most important attribute in scenario A was distributor rights (42.557), followed by public benefits (29.458), personal health benefits (22.725), and profit sharing (5.260). For the business cluster, the most important attribute was distributor rights (45.870), followed by public benefits (32.896), personal health benefits (13.994), and profit sharing (7.240). Hence, personal health benefits tend to be more important in encouraging active app use than personal financial benefits. However, the factor that increased motivation for app use the most was the public health benefits of cutting infections by half. Further, concern about the use of personal data collected by the app for any secondary purpose was a negative incentive, which was more significant toward app use compared to the other 3 factors. Conclusions: The findings suggest that potential app users are positively motivated not only by personal health benefits but also by contributing to public health. Thus, a combined approach can be taken to increase app use. %M 39541579 %R 10.2196/53340 %U https://publichealth.jmir.org/2024/1/e53340 %U https://doi.org/10.2196/53340 %U http://www.ncbi.nlm.nih.gov/pubmed/39541579 %0 Journal Article %@ 1947-2579 %I JMIR Publications %V 16 %N %P e57764 %T Attitudes of Health Professionals Toward Digital Health Data Security in Northwest Ethiopia: Cross-Sectional Study %A Gebeyew,Ayenew Sisay %A Wordofa,Zegeye Regasa %A Muluneh,Ayana Alebachew %A Shibabaw,Adamu Ambachew %A Walle,Agmasie Damtew %A Tizie,Sefefe Birhanu %A Mengistie,Muluken Belachew %A Takillo,Mitiku Kassaw %A Assaye,Bayou Tilahun %A Senishaw,Adualem Fentahun %A Hailye,Gizaw %A Shimie,Aynadis Worku %A Butta,Fikadu Wake %K health %K profession %K digital %K attitude %K security %K data %D 2024 %7 6.11.2024 %9 %J Online J Public Health Inform %G English %X Background: Digital health is a new health field initiative. Health professionals require security in digital places because cybercriminals target health care professionals. Therefore, millions of medical records have been breached for money. Regarding digital security, there is a gap in studies in limited-resource countries. Therefore, surveying health professionals’ attitudes toward digital health data security has a significant purpose for interventions. Objective: This study aimed to assess the attitudes of health professionals toward digital health data security and their associated factors in a resource-limited country. Methods: A cross-sectional study was conducted to measure health professionals’ attitudes toward digital health data security. The sample size was calculated using a single population. A pretest was conducted to measure consistency. Binary logistic regression was used to identify associated factors. For multivariable logistic analysis, a P value ≤.20 was selected using Stata software (version 16; StataCorp LP). Results: Of the total sample, 95% (402/423) of health professionals participated in the study. Of all participants, 63.2% (254/402) were male, and the mean age of the respondents was 34.5 (SD 5.87) years. The proportion of health professionals who had a favorable attitude toward digital health data security at specialized teaching hospitals was 60.9% (95% CI 56.0%‐65.6%). Educational status (adjusted odds ratio [AOR] 3.292, 95% CI 1.16‐9.34), basic computer skills (AOR 1.807, 95% CI 1.11‐2.938), knowledge (AOR 3.238, 95% CI 2.0‐5.218), and perceived usefulness (AOR 1.965, 95% CI 1.063‐3.632) were factors associated with attitudes toward digital health data security. Conclusions: This study aimed to assess health professionals’ attitudes toward digital health data security. Interventions on educational status, basic computer skills, knowledge, and perceived usefulness are important for improving health professionals’ attitudes. Improving the attitudes of health professionals related to digital data security is necessary for digitalization in the health care arena. %R 10.2196/57764 %U https://ojphi.jmir.org/2024/1/e57764 %U https://doi.org/10.2196/57764 %0 Journal Article %@ 2818-3045 %I JMIR Publications %V 1 %N %P e59409 %T Cybersecurity and Privacy Issues in Extended Reality Health Care Applications: Scoping Review %A Lake,Kaitlyn %A Mc Kittrick,Andrea %A Desselle,Mathilde %A Padilha Lanari Bo,Antonio %A Abayasiri,R Achintha M %A Fleming,Jennifer %A Baghaei,Nilufar %A Kim,Dan Dongseong %K cyberattacks %K cyber defence %K cyber security %K extended reality %K health care %K privacy %K risk mitigation %K virtual reality %K cybersecurity %D 2024 %7 17.10.2024 %9 %J JMIR XR Spatial Comput %G English %X Background: Virtual reality (VR) is a type of extended reality (XR) technology that is seeing increasing adoption in health care. There is robust evidence articulating how consumer-grade VR presents significant cybersecurity and privacy risks due to the often ubiquitous and wide range of data collection and user monitoring, as well as the unique user impact of attacks due to the immersive nature of the technology. However, little is known about how these risks translate in the use of VR systems in health care settings. Objective: The objective of this scoping review is to identify potential cybersecurity risks associated with clinical XR systems, with a focus on VR, and potential mitigations for them. Methods: The scoping review followed the PRISMA-ScR (Preferred Reporting Items for Systematic reviews and Meta-Analyses extension for Scoping Reviews), and publications were reviewed using Covidence software. The Google Scholar database was searched using the predefined search terms. The inclusion criteria of the articles were restricted to relevant primary studies published from 2017 to 2024. Furthermore, reviews, abstracts, viewpoints, opinion pieces, and low-quality studies were excluded. Additionally, data on publication statistics, topic, technology, cyber threats, and risk mitigation were extracted. These data were synthesized and analyzed using the STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege) framework, enterprise risk management framework, and National Institute of Standards and Technology Cybersecurity Framework, as well as developing threat taxonomies. Results: Google Scholar returned 482 articles that matched the search criteria. After title and abstract screening, 53 studies were extracted for a full-text review, of which 29 were included for analysis. Of these, the majority were published in the last 4 years and had a focus on VR. The greatest cyber threat identified to XR components was information disclosure followed by tampering when mapped against the STRIDE framework. The majority of risk mitigation strategies provide confidentiality and integrity and can potentially address these threats. Only 3 of 29 papers mention XR in the context of health care and none of the identified threats or mitigations have been studied in a clinical setting. Conclusions: This scoping review identified privacy threats where personal and health-related data may be inferred from VR usage data, potentially breaching confidentiality, as the most significant threat posited for health care VR systems. Additionally, immersive manipulation threats were highlighted, which could potentially risk user safety when launched from a compromised VR system. Many potential mitigations were identified for these threats, but these mitigations must first be assessed for their effectiveness and suitability for health care services. Furthermore, health care services should consider the usage and governance of XR for each individual application based on risk threshold and perceived benefits. Finally, it is also important to note that this scoping review was limited by the quality and scope of the studies returned by Google Scholar. %R 10.2196/59409 %U https://xr.jmir.org/2024/1/e59409 %U https://doi.org/10.2196/59409 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e58616 %T Quality Assessment of Digital Health Apps: Umbrella Review %A Zych,Maciej Marek %A Bond,Raymond %A Mulvenna,Maurice %A Martinez Carracedo,Jorge %A Bai,Lu %A Leigh,Simon %+ School of Computing, Ulster University, 2-24 York St, Belfast, BT15 1AP, United Kingdom, 44 7526852505, maciejmarekzych@gmail.com %K mHealth assessment %K digital health %K quality assessment %K health apps quality %K assessment criteria %K evaluation criteria %K health apps criteria %K assessment %K digital health app %K app %K umbrella review %K risk %K mobile phone %K frameworks %D 2024 %7 10.10.2024 %9 Review %J J Med Internet Res %G English %X Background: With an increasing number of digital health apps available in app stores, it is important to assess these technologies reliably regarding their quality. This is done to mitigate the risks associated with their use. There are many different guidelines, methods, and metrics available to assess digital health apps with regard to their quality. Objective: This study aimed to give a holistic summary of the current methods and “condition agnostic” frameworks that are broadly applicable for the quality assessment of all digital health apps. Methods: A systematic search of literature was conducted on 4 databases: Scopus, PubMed, ACM Digital Library, and IEEE Xplore. We followed the PICOS (Population, Patient, or Problem; Intervention; Comparison; Outcomes; and Study Design) and PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) methodologies when conducting this umbrella review. The search was conducted on January 26, 2024, for review articles published between 2018 and 2023. We identified 4781 candidate papers for inclusion; after title and abstract screening, 39 remained. After full-text analysis, we included 15 review articles in the full review. Results: Of the 15 review articles, scoping reviews were the most common (n=6, 40%), followed by systematic reviews (n=4, 27%), narrative reviews (n=4, 27%), and a rapid review (n=1, 7%). A total of 4 (27%) review articles proposed assessment criteria for digital health apps. “Data privacy and/or security” was the most mentioned criterion (n=13, 87%) and “Cost” was the least mentioned criterion (n=1, 7%) for the assessment of digital health apps. The Mobile App Rating Scale was the most frequently used framework for quality assessment of digital health apps. Conclusions: There is a lack of unity or consolidation across identified frameworks, as most do not meet all the identified criteria from the reviewed articles. Safety concerns associated with the use of digital health apps may be mitigated with the use of quality frameworks. %R 10.2196/58616 %U https://www.jmir.org/2024/1/e58616 %U https://doi.org/10.2196/58616 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e46556 %T Designing A Blockchain-Empowered Telehealth Artifact for Decentralized Identity Management and Trustworthy Communication: Interdisciplinary Approach %A Liang,Xueping %A Alam,Nabid %A Sultana,Tahmina %A Bandara,Eranga %A Shetty,Sachin %+ Florida International University, 11200 S.W. 8th Street, Miami, FL, 33199, United States, 1 305 348 2830, xuliang@fiu.edu %K telehealth %K blockchain %K security %K software %K proof of concept %K implementation %K privacy %D 2024 %7 25.9.2024 %9 Original Paper %J J Med Internet Res %G English %X Background: Telehealth played a critical role during the COVID-19 pandemic and continues to function as an essential component of health care. Existing platforms cannot ensure privacy and prevent cyberattacks. Objective: The main objectives of this study are to understand existing cybersecurity issues in identity management and trustworthy communication processes in telehealth platforms and to design a software architecture integrated with blockchain to improve security and trustworthiness with acceptable performance. Methods: We improved personal information security in existing telehealth platforms by adopting an innovative interdisciplinary approach combining design science, social science, and computer science in the health care domain, with prototype implementation. We used the design science research methodology to implement our overall design. We innovated over existing telehealth platforms with blockchain integration that improves health care delivery services in terms of security, privacy, and efficiency. We adopted a user-centric design approach and started with user requirement collection, followed by system functionality development. Overall system implementation facilitates user requirements, thus promoting user behavior for the adoption of the telehealth platform with decentralized identity management and an access control mechanism. Results: Our investigation identified key challenges to identity management and trustworthy communication processes in telehealth platforms used in the current health care domain. By adopting distributed ledger technology, we proposed a decentralized telehealth platform to support identity management and a trustworthy communication process. Our design and prototype implementation using a smart contract–driven telehealth platform to provide decentralized identity management and trustworthy communication with token-based access control addressed several security challenges. This was substantiated by testing with 10,000 simulated transactions across 5 peers in the Rahasak blockchain network. The proposed design provides resistance to common attacks while maintaining a linear time overhead, demonstrating improved security and efficiency in telehealth services. We evaluated the performance in terms of transaction throughput, smart contract execution time, and block generation time. To create a block with 10,000 transactions, it takes 8 seconds on average, which is an acceptable overhead for blockchain-based applications. Conclusions: We identified technical limitations in current telehealth platforms. We presented several design innovations using blockchain to prototype a system. We also presented the implementation details of a unique distributed architecture for a trustworthy communication system. We illustrated how this design can overcome privacy, security, and scalability limitations. Moreover, we illustrated how improving these factors sets the stage for improving and standardizing the application and for the wide adoption of blockchain-enabled telehealth platforms. %M 39320943 %R 10.2196/46556 %U https://www.jmir.org/2024/1/e46556 %U https://doi.org/10.2196/46556 %U http://www.ncbi.nlm.nih.gov/pubmed/39320943 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e57309 %T Contextual Acceptance of COVID-19 Mitigation Mobile Apps in the United States: Mixed Methods Survey Study on Postpandemic Data Privacy %A Feng,Yuanyuan %A Stenger,Brad %A Zhang,Shikun %+ Department of Computer Science, University of Vermont, 85 South Prospect Street, Burlington, VT, 05405, United States, 1 802 656 3475, yuanyuan.feng@uvm.edu %K data privacy %K health privacy %K COVID-19 %K mobile apps %K contextual integrity %K respiratory %K infectious %K pulmonary %K pandemic %K mobile app %K app %K apps %K digital health %K digital technology %K digital intervention %K digital interventions %K smartphone %K smartphones %K mobile phone %D 2024 %7 29.8.2024 %9 Original Paper %J J Med Internet Res %G English %X Background: The COVID-19 pandemic gave rise to countless user-facing mobile apps to help fight the pandemic (“COVID-19 mitigation apps”). These apps have been at the center of data privacy discussions because they collect, use, and even retain sensitive personal data from their users (eg, medical records and location data). The US government ended its COVID-19 emergency declaration in May 2023, marking a unique time to comprehensively investigate how data privacy impacted people’s acceptance of various COVID-19 mitigation apps deployed throughout the pandemic. Objective: This research aims to provide insights into health data privacy regarding COVID-19 mitigation apps and policy recommendations for future deployment of public health mobile apps through the lens of data privacy. This research explores people’s contextual acceptance of different types of COVID-19 mitigation apps by applying the privacy framework of contextual integrity. Specifically, this research seeks to identify the factors that impact people’s acceptance of data sharing and data retention practices in various social contexts. Methods: A mixed methods web-based survey study was conducted by recruiting a simple US representative sample (N=674) on Prolific in February 2023. The survey includes a total of 60 vignette scenarios representing realistic social contexts that COVID-19 mitigation apps could be used. Each survey respondent answered questions about their acceptance of 10 randomly selected scenarios. Three contextual integrity parameters (attribute, recipient, and transmission principle) and respondents’ basic demographics are controlled as independent variables. Regression analysis was performed to determine the factors impacting people’s acceptance of initial data sharing and data retention practices via these apps. Qualitative data from the survey were analyzed to support the statistical results. Results: Many contextual integrity parameter values, pairwise combinations of contextual integrity parameter values, and some demographic features of respondents have a significant impact on their acceptance of using COVID-19 mitigation apps in various social contexts. Respondents’ acceptance of data retention practices diverged from their acceptance of initial data sharing practices in some scenarios. Conclusions: This study showed that people’s acceptance of using various COVID-19 mitigation apps depends on specific social contexts, including the type of data (attribute), the recipients of the data (recipient), and the purpose of data use (transmission principle). Such acceptance may differ between the initial data sharing and data retention practices, even in the same context. Study findings generated rich implications for future pandemic mitigation apps and the broader public health mobile apps regarding data privacy and deployment considerations. %M 39207832 %R 10.2196/57309 %U https://www.jmir.org/2024/1/e57309 %U https://doi.org/10.2196/57309 %U http://www.ncbi.nlm.nih.gov/pubmed/39207832 %0 Journal Article %@ 2369-1999 %I JMIR Publications %V 10 %N %P e52985 %T Using a Mobile Messenger Service as a Digital Diary to Capture Patients’ Experiences Along Their Interorganizational Treatment Path in Gynecologic Oncology: Lessons Learned %A Baum,Eleonore %A Thiel,Christian %A Kobleder,Andrea %A Bernhardsgrütter,Daniela %A Engst,Ramona %A Maurer,Carola %A Koller,Antje %+ Institute of Applied Nursing Science, School of Health, Eastern Switzerland University of Applied Sciences, Neumarkt 3, Vadianstrasse 29, St.Gallen, 9000, Switzerland, 41 58 257 12 13, antje.koller@ost.ch %K mobile apps %K computer security %K confidentiality %K data collection %K oncology %K breast neoplasms %K mobile phone %D 2024 %7 29.7.2024 %9 Viewpoint %J JMIR Cancer %G English %X A digital diary in the form of a mobile messenger service offers a novel method for data collection in cancer research. Little is known about the things to consider when using this data collection method in clinical research for patients with cancer. In this Viewpoint paper, we discuss the lessons we learned from using a qualitative digital diary method via a mobile messenger service for data collection in oncology care. The lessons learned focus on three main topics: (1) data quality, (2) practical aspects, and (3) data protection. We hope to provide useful information to other researchers who consider this method for their research with patients. First, in this paper, we argue that the interactive nature of a digital diary via a messenger service is very well suited for the phenomenological approach and produces high-quality data. Second, we discuss practical issues of data collection with a mobile messenger service, including participant and researcher interaction. Third, we highlight corresponding aspects around technicalities, particularly those regarding data security. Our views on data privacy and information security are summarized in a comprehensive checklist to inform fellow researchers on the selection of a suitable messenger service for different scenarios. In our opinion, a digital diary via a mobile messenger service can provide high-quality data almost in real time and from participants’ daily lives. However, some considerations must be made to ensure that patient data are sufficiently protected. The lessons we learned can guide future qualitative research using this relatively novel method for data collection in cancer research. %M 39073852 %R 10.2196/52985 %U https://cancer.jmir.org/2024/1/e52985 %U https://doi.org/10.2196/52985 %U http://www.ncbi.nlm.nih.gov/pubmed/39073852 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e55352 %T Finding Medical Photographs of Patients Online: Randomized, Cross-Sectional Study %A Marshall,Zack %A Bhattacharjee,Maushumi %A Wang,Meng %A Cadri,Abdul %A James,Hannah %A Asghari,Shabnam %A Peltekian,Rene %A Benz,Veronica %A Finley-Roy,Vanessa %A Childs,Brynna %A Asaad,Lauren %A Swab,Michelle %A Welch,Vivian %A Brunger,Fern %A Kaposy,Chris %+ Department of Community Health Sciences, Cumming School of Medicine, University of Calgary, 3280 Hospital Drive NW, Calgary, AB, T2N 4Z6, Canada, 1 4032206940, zack.marshall@ucalgary.ca %K patient photographs %K privacy %K informed consent %K publication ethics %K case reports %D 2024 %7 24.6.2024 %9 Original Paper %J J Med Internet Res %G English %X Background: Photographs from medical case reports published in academic journals have previously been found in online image search results. This means that patient photographs circulate beyond the original journal website and can be freely accessed online. While this raises ethical and legal concerns, no systematic study has documented how often this occurs. Objective: The aim of this cross-sectional study was to provide systematic evidence that patient photographs from case reports published in medical journals appear in Google Images search results. Research questions included the following: (1) what percentage of patient medical photographs published in case reports were found in Google Images search results? (2) what was the relationship between open access publication status and image availability? and (3) did the odds of finding patient photographs on third-party websites differ between searches conducted in 2020 and 2022? Methods: The main outcome measure assessed whether at least 1 photograph from each case report was found on Google Images when using a structured search. Secondary outcome variables included the image source and the availability of images on third-party websites over time. The characteristics of medical images were described using summary statistics. The association between the source of full-text availability and image availability on Google Images was tested using logistic regressions. Finally, we examined the trend of finding patient photographs using generalized estimating equations. Results: From a random sample of 585 case reports indexed in PubMed, 186 contained patient photographs, for a total of 598 distinct images. For 142 (76.3%) out of 186 case reports, at least 1 photograph was found in Google Images search results. A total of 18.3% (110/598) of photographs included eye, face, or full body, including 10.9% (65/598) that could potentially identify the patient. The odds of finding an image from the case report online were higher if the full-text paper was available on ResearchGate (odds ratio [OR] 9.16, 95% CI 2.71-31.02), PubMed Central (OR 7.90, 95% CI 2.33-26.77), or Google Scholar (OR 6.07, 95% CI 2.77-13.29) than if the full-text was available solely through an open access journal (OR 5.33, 95% CI 2.31-12.28). However, all factors contributed to an increased risk of locating patient images online. Compared with the search in 2020, patient photographs were less likely to be found on third-party websites based on the 2022 search results (OR 0.61, 95% Cl 0.43-0.87). Conclusions: A high proportion of medical photographs from case reports was found on Google Images, raising ethical concerns with policy and practice implications. Journal publishers and corporations such as Google are best positioned to develop an effective remedy. Until then, it is crucial that patients are adequately informed about the potential risks and benefits of providing consent for clinicians to publish their images in medical journals. %M 38913416 %R 10.2196/55352 %U https://www.jmir.org/2024/1/e55352 %U https://doi.org/10.2196/55352 %U http://www.ncbi.nlm.nih.gov/pubmed/38913416 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 12 %N %P e55061 %T Medical Information Protection in Internet Hospital Apps in China: Scale Development and Content Analysis %A Jiang,Jiayi %A Zheng,Zexing %+ Law School, Central South University, Number 932 Lushan South Road, Yuelu District, Changsha, 410083, China, 86 18718479720, xing986@126.com %K hospital apps %K privacy policy %K personal information protection %K policy evaluation %K content analysis %D 2024 %7 21.6.2024 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Hospital apps are increasingly being adopted in many countries, especially since the start of the COVID-19 pandemic. Web-based hospitals can provide valuable medical services and enhanced accessibility. However, increasing concerns about personal information (PI) and strict legal compliance requirements necessitate privacy assessments for these platforms. Guided by the theory of contextual integrity, this study investigates the regulatory compliance of privacy policies for internet hospital apps in the mainland of China. Objective: In this paper, we aim to evaluate the regulatory compliance of privacy policies of internet hospital apps in the mainland of China and offer recommendations for improvement. Methods: We obtained 59 internet hospital apps on November 7, 2023, and reviewed 52 privacy policies available between November 8 and 23, 2023. We developed a 3-level indicator scale based on the information processing activities, as stipulated in relevant regulations. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 70 level-3 indicators. Results: The mean compliance score of the 52 assessed apps was 73/100 (SD 22.4%), revealing a varied spectrum of compliance. Sensitive PI protection compliance (mean 73.9%, SD 24.2%) lagged behind general PI protection (mean 90.4%, SD 14.7%), with only 12 apps requiring separate consent for processing sensitive PI (mean 73.9%, SD 24.2%). Although most apps (n=41, 79%) committed to supervising subcontractors, only a quarter (n=13, 25%) required users’ explicit consent for subcontracting activities. Concerning PI storage security (mean 71.2%, SD 29.3%) and incident management (mean 71.8%, SD 36.6%), half of the assessed apps (n=27, 52%) committed to bear corresponding legal responsibility, whereas fewer than half (n=24, 46%) specified the security level obtained. Most privacy policies stated the PI retention period (n=40, 77%) and instances of PI deletion or anonymization (n=41, 79%), but fewer (n=20, 38.5%) committed to prompt third-party PI deletion. Most apps delineated various individual rights, but only a fraction addressed the rights to obtain copies (n=22, 42%) or to refuse advertisement based on automated decision-making (n=13, 25%). Significant deficiencies remained in regular compliance audits (mean 11.5%, SD 37.8%), impact assessments (mean 13.5%, SD 15.2%), and PI officer disclosure (mean 48.1%, SD 49.3%). Conclusions: Our analysis revealed both strengths and significant shortcomings in the compliance of internet hospital apps’ privacy policies with relevant regulations. As China continues to implement internet hospital apps, it should ensure the informed consent of users for PI processing activities, enhance compliance levels of relevant privacy policies, and fortify PI protection enforcement across the information processing stages. %M 38904994 %R 10.2196/55061 %U https://mhealth.jmir.org/2024/1/e55061 %U https://doi.org/10.2196/55061 %U http://www.ncbi.nlm.nih.gov/pubmed/38904994 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e50344 %T Does an App a Day Keep the Doctor Away? AI Symptom Checker Applications, Entrenched Bias, and Professional Responsibility %A Zawati,Ma'n H %A Lang,Michael %+ Centre of Genomics and Policy, McGill University, 5200-740 Dr Penfield Avenue, Montreal, QC, H3A 0G1, Canada, 1 5143988155, man.zawati@mcgill.ca %K artificial intelligence %K applications %K mobile health %K mHealth %K bias %K biases %K professional obligations %K professional obligation %K app %K apps %K application %K symptom checker %K symptom checkers %K diagnose %K diagnosis %K self-diagnose %K self-diagnosis %K ethic %K ethics %K ethical %K regulation %K regulations %K legal %K law %K laws %K safety %K mobile phone %D 2024 %7 5.6.2024 %9 Viewpoint %J J Med Internet Res %G English %X The growing prominence of artificial intelligence (AI) in mobile health (mHealth) has given rise to a distinct subset of apps that provide users with diagnostic information using their inputted health status and symptom information—AI-powered symptom checker apps (AISympCheck). While these apps may potentially increase access to health care, they raise consequential ethical and legal questions. This paper will highlight notable concerns with AI usage in the health care system, further entrenchment of preexisting biases in the health care system and issues with professional accountability. To provide an in-depth analysis of the issues of bias and complications of professional obligations and liability, we focus on 2 mHealth apps as examples—Babylon and Ada. We selected these 2 apps as they were both widely distributed during the COVID-19 pandemic and make prominent claims about their use of AI for the purpose of assessing user symptoms. First, bias entrenchment often originates from the data used to train AI systems, causing the AI to replicate these inequalities through a “garbage in, garbage out” phenomenon. Users of these apps are also unlikely to be demographically representative of the larger population, leading to distorted results. Second, professional accountability poses a substantial challenge given the vast diversity and lack of regulation surrounding the reliability of AISympCheck apps. It is unclear whether these apps should be subject to safety reviews, who is responsible for app-mediated misdiagnosis, and whether these apps ought to be recommended by physicians. With the rapidly increasing number of apps, there remains little guidance available for health professionals. Professional bodies and advocacy organizations have a particularly important role to play in addressing these ethical and legal gaps. Implementing technical safeguards within these apps could mitigate bias, AIs could be trained with primarily neutral data, and apps could be subject to a system of regulation to allow users to make informed decisions. In our view, it is critical that these legal concerns are considered throughout the design and implementation of these potentially disruptive technologies. Entrenched bias and professional responsibility, while operating in different ways, are ultimately exacerbated by the unregulated nature of mHealth. %M 38838309 %R 10.2196/50344 %U https://www.jmir.org/2024/1/e50344 %U https://doi.org/10.2196/50344 %U http://www.ncbi.nlm.nih.gov/pubmed/38838309 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e46904 %T Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic Review %A Ewoh,Pius %A Vartiainen,Tero %+ School of Technology and Innovations, Information Systems Science, University of Vaasa, Wolffintie 32, Vaasa, 65200, Finland, 358 414888477, pius.ewoh@uwasa.fi %K health care systems %K cybersecurity %K sociotechnical %K medical device %K secure systems development %K training %K ransomware %K data breaches %K protected health information %K patient safety %D 2024 %7 31.5.2024 %9 Review %J J Med Internet Res %G English %X Background: Health care organizations worldwide are faced with an increasing number of cyberattacks and threats to their critical infrastructure. These cyberattacks cause significant data breaches in digital health information systems, which threaten patient safety and privacy. Objective: From a sociotechnical perspective, this paper explores why digital health care systems are vulnerable to cyberattacks and provides sociotechnical solutions through a systematic literature review (SLR). Methods: An SLR using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) was conducted by searching 6 databases (PubMed, Web of Science, ScienceDirect, Scopus, Institute of Electrical and Electronics Engineers, and Springer) and a journal (Management Information Systems Quarterly) for articles published between 2012 and 2022 and indexed using the following keywords: “(cybersecurity OR cybercrime OR ransomware) AND (healthcare) OR (cybersecurity in healthcare).” Reports, review articles, and industry white papers that focused on cybersecurity and health care challenges and solutions were included. Only articles published in English were selected for the review. Results: In total, 5 themes were identified: human error, lack of investment, complex network-connected end-point devices, old legacy systems, and technology advancement (digitalization). We also found that knowledge applications for solving vulnerabilities in health care systems between 2012 to 2022 were inconsistent. Conclusions: This SLR provides a clear understanding of why health care systems are vulnerable to cyberattacks and proposes interventions from a new sociotechnical perspective. These solutions can serve as a guide for health care organizations in their efforts to prevent breaches and address vulnerabilities. To bridge the gap, we recommend that health care organizations, in partnership with educational institutions, develop and implement a cybersecurity curriculum for health care and intelligence information sharing through collaborations; training; awareness campaigns; and knowledge application areas such as secure design processes, phase-out of legacy systems, and improved investment. Additional studies are needed to create a sociotechnical framework that will support cybersecurity in health care systems and connect technology, people, and processes in an integrated manner. %M 38820579 %R 10.2196/46904 %U https://www.jmir.org/2024/1/e46904 %U https://doi.org/10.2196/46904 %U http://www.ncbi.nlm.nih.gov/pubmed/38820579 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e50715 %T Patients’ Perspectives on the Data Confidentiality, Privacy, and Security of mHealth Apps: Systematic Review %A Alhammad,Nasser %A Alajlani,Mohannad %A Abd-alrazaq,Alaa %A Epiphaniou,Gregory %A Arvanitis,Theodoros %+ Institute of Digital Healthcare, WMG, University of Warwick, Millburn House, Coventry, CV47AL, United Kingdom, 66 558885007, N.alhammad@seu.edu.sa %K mobile health apps %K mHealth apps %K mobile health %K privacy %K confidentiality %K security %K awareness %K perspectives %K mobile phone %D 2024 %7 31.5.2024 %9 Review %J J Med Internet Res %G English %X Background: Mobile health (mHealth) apps have the potential to enhance health care service delivery. However, concerns regarding patients’ confidentiality, privacy, and security consistently affect the adoption of mHealth apps. Despite this, no review has comprehensively summarized the findings of studies on this subject matter. Objective: This systematic review aims to investigate patients’ perspectives and awareness of the confidentiality, privacy, and security of the data collected through mHealth apps. Methods: Using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) guidelines, a comprehensive literature search was conducted in 3 electronic databases: PubMed, Ovid, and ScienceDirect. All the retrieved articles were screened according to specific inclusion criteria to select relevant articles published between 2014 and 2022. Results: A total of 33 articles exploring mHealth patients’ perspectives and awareness of data privacy, security, and confidentiality issues and the associated factors were included in this systematic review. Thematic analyses of the retrieved data led to the synthesis of 4 themes: concerns about data privacy, confidentiality, and security; awareness; facilitators and enablers; and associated factors. Patients showed discordant and concordant perspectives regarding data privacy, security, and confidentiality, as well as suggesting approaches to improve the use of mHealth apps (facilitators), such as protection of personal data, ensuring that health status or medical conditions are not mentioned, brief training or education on data security, and assuring data confidentiality and privacy. Similarly, awareness of the subject matter differed across the studies, suggesting the need to improve patients’ awareness of data security and privacy. Older patients, those with a history of experiencing data breaches, and those belonging to the higher-income class were more likely to raise concerns about the data security and privacy of mHealth apps. These concerns were not frequent among patients with higher satisfaction levels and those who perceived the data type to be less sensitive. Conclusions: Patients expressed diverse views on mHealth apps’ privacy, security, and confidentiality, with some of the issues raised affecting technology use. These findings may assist mHealth app developers and other stakeholders in improving patients’ awareness and adjusting current privacy and security features in mHealth apps to enhance their adoption and use. Trial Registration: PROSPERO CRD42023456658; https://tinyurl.com/ytnjtmca %M 38820572 %R 10.2196/50715 %U https://www.jmir.org/2024/1/e50715 %U https://doi.org/10.2196/50715 %U http://www.ncbi.nlm.nih.gov/pubmed/38820572 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e46160 %T Efficient Use of Biological Data in the Web 3.0 Era by Applying Nonfungible Token Technology %A Wang,Guanyi %A Chen,Chen %A Jiang,Ziyu %A Li,Gang %A Wu,Can %A Li,Sheng %+ Department of Urology, Cancer Precision Diagnosis and Treatment and Translational Medicine Hubei Engineering Research Center, Zhongnan Hospital, Wuhan University, 169 Donghu Road, Wuchang District, Wuhan, 430062, China, 86 18086601827, lisheng-znyy@whu.edu.cn %K NFTs %K biobanks %K blockchains %K health care %K medical big data %K sustainability %K blockchain platform %K platform %K tracing %K virtual %K biomedical data %K transformation %K development %K promoted %D 2024 %7 28.5.2024 %9 Viewpoint %J J Med Internet Res %G English %X CryptoKitties, a trendy game on Ethereum that is an open-source public blockchain platform with a smart contract function, brought nonfungible tokens (NFTs) into the public eye in 2017. NFTs are popular because of their nonfungible properties and their unique and irreplaceable nature in the real world. The embryonic form of NFTs can be traced back to a P2P network protocol improved based on Bitcoin in 2012 that can realize decentralized digital asset transactions. NFTs have recently gained much attention and have shown an unprecedented explosive growth trend. Herein, the concept of digital asset NFTs is introduced into the medical and health field to conduct a subversive discussion on biobank operations. By converting biomedical data into NFTs, the collection and circulation of samples can be accelerated, and the transformation of resources can be promoted. In conclusion, the biobank can achieve sustainable development through “decentralization.” %M 38805706 %R 10.2196/46160 %U https://www.jmir.org/2024/1/e46160 %U https://doi.org/10.2196/46160 %U http://www.ncbi.nlm.nih.gov/pubmed/38805706 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e55676 %T An Extensible Evaluation Framework Applied to Clinical Text Deidentification Natural Language Processing Tools: Multisystem and Multicorpus Study %A Heider,Paul M %A Meystre,Stéphane M %+ Biomedical Informatics Center, Medical University of South Carolina, 22 WestEdge Street, Suite 200, Charleston, SC, 29403, United States, 1 843 792 3385, heiderp@musc.edu %K natural language processing %K evaluation methodology %K deidentification %K privacy protection %K de-identification %K secondary use %K patient privacy %D 2024 %7 28.5.2024 %9 Original Paper %J J Med Internet Res %G English %X Background: Clinical natural language processing (NLP) researchers need access to directly comparable evaluation results for applications such as text deidentification across a range of corpus types and the means to easily test new systems or corpora within the same framework. Current systems, reported metrics, and the personally identifiable information (PII) categories evaluated are not easily comparable. Objective: This study presents an open-source and extensible end-to-end framework for comparing clinical NLP system performance across corpora even when the annotation categories do not align. Methods: As a use case for this framework, we use 6 off-the-shelf text deidentification systems (ie, CliniDeID, deid from PhysioNet, MITRE Identity Scrubber Toolkit [MIST], NeuroNER, National Library of Medicine [NLM] Scrubber, and Philter) across 3 standard clinical text corpora for the task (2 of which are publicly available) and 1 private corpus (all in English), with annotation categories that are not directly analogous. The framework is built on shell scripts that can be extended to include new systems, corpora, and performance metrics. We present this open tool, multiple means for aligning PII categories during evaluation, and our initial timing and performance metric findings. Code for running this framework with all settings needed to run all pairs are available via Codeberg and GitHub. Results: From this case study, we found large differences in processing speed between systems. The fastest system (ie, MIST) processed an average of 24.57 (SD 26.23) notes per second, while the slowest (ie, CliniDeID) processed an average of 1.00 notes per second. No system uniformly outperformed the others at identifying PII across corpora and categories. Instead, a rich tapestry of performance trade-offs emerged for PII categories. CliniDeID and Philter prioritize recall over precision (with an average recall 6.9 and 11.2 points higher, respectively, for partially matching spans of text matching any PII category), while the other 4 systems consistently have higher precision (with MIST’s precision scoring 20.2 points higher, NLM Scrubber scoring 4.4 points higher, NeuroNER scoring 7.2 points higher, and deid scoring 17.1 points higher). The macroaverage recall across corpora for identifying names, one of the more sensitive PII categories, included deid (48.8%) and MIST (66.9%) at the low end and NeuroNER (84.1%), NLM Scrubber (88.1%), and CliniDeID (95.9%) at the high end. A variety of metrics across categories and corpora are reported with a wider variety (eg, F2-score) available via the tool. Conclusions: NLP systems in general and deidentification systems and corpora in our use case tend to be evaluated in stand-alone research articles that only include a limited set of comparators. We hold that a single evaluation pipeline across multiple systems and corpora allows for more nuanced comparisons. Our open pipeline should reduce barriers to evaluation and system advancement. %M 38805692 %R 10.2196/55676 %U https://www.jmir.org/2024/1/e55676 %U https://doi.org/10.2196/55676 %U http://www.ncbi.nlm.nih.gov/pubmed/38805692 %0 Journal Article %@ 2563-3570 %I JMIR Publications %V 5 %N %P e54332 %T Assessing Privacy Vulnerabilities in Genetic Data Sets: Scoping Review %A Thomas,Mara %A Mackes,Nuria %A Preuss-Dodhy,Asad %A Wieland,Thomas %A Bundschus,Markus %+ F. Hoffmann-La Roche AG, Grenzacherstrasse 124, Basel, 4070, Switzerland, 41 616881111, mara.thomas@roche.com %K genetic privacy %K privacy %K data anonymization %K reidentification %D 2024 %7 27.5.2024 %9 Review %J JMIR Bioinform Biotech %G English %X Background: Genetic data are widely considered inherently identifiable. However, genetic data sets come in many shapes and sizes, and the feasibility of privacy attacks depends on their specific content. Assessing the reidentification risk of genetic data is complex, yet there is a lack of guidelines or recommendations that support data processors in performing such an evaluation. Objective: This study aims to gain a comprehensive understanding of the privacy vulnerabilities of genetic data and create a summary that can guide data processors in assessing the privacy risk of genetic data sets. Methods: We conducted a 2-step search, in which we first identified 21 reviews published between 2017 and 2023 on the topic of genomic privacy and then analyzed all references cited in the reviews (n=1645) to identify 42 unique original research studies that demonstrate a privacy attack on genetic data. We then evaluated the type and components of genetic data exploited for these attacks as well as the effort and resources needed for their implementation and their probability of success. Results: From our literature review, we derived 9 nonmutually exclusive features of genetic data that are both inherent to any genetic data set and informative about privacy risk: biological modality, experimental assay, data format or level of processing, germline versus somatic variation content, content of single nucleotide polymorphisms, short tandem repeats, aggregated sample measures, structural variants, and rare single nucleotide variants. Conclusions: On the basis of our literature review, the evaluation of these 9 features covers the great majority of privacy-critical aspects of genetic data and thus provides a foundation and guidance for assessing genetic data risk. %M 38935957 %R 10.2196/54332 %U https://bioinform.jmir.org/2024/1/e54332 %U https://doi.org/10.2196/54332 %U http://www.ncbi.nlm.nih.gov/pubmed/38935957 %0 Journal Article %@ 1929-0748 %I JMIR Publications %V 13 %N %P e54933 %T Patients and Stakeholders’ Perspectives Regarding the Privacy, Security, and Confidentiality of Data Collected via Mobile Health Apps in Saudi Arabia: Protocol for a Mixed Method Study %A Alhammad,Nasser %A Alajlani,Mohannad %A Abd-alrazaq,Alaa %A Arvanitis,Theodoros %A Epiphaniou,Gregory %+ Institute of Digital Healthcare, WMG, University of Warwick, Millburn House, Coventry, CV4 7AL, United Kingdom, 44 558885007, N.alhammad@seu.edu.sa %K awareness %K data privacy %K confidentiality %K security %K health care %K patients %K Saudi Arabia %K mHealth %K mobile apps %D 2024 %7 22.5.2024 %9 Protocol %J JMIR Res Protoc %G English %X Background: There is data paucity regarding users’ awareness of privacy concerns and the resulting impact on the acceptance of mobile health (mHealth) apps, especially in the Saudi context. Such information is pertinent in addressing users’ needs in the Kingdom of Saudi Arabia (KSA). Objective: This article presents a study protocol for a mixed method study to assess the perspectives of patients and stakeholders regarding the privacy, security, and confidentiality of data collected via mHealth apps in the KSA and the factors affecting the adoption of mHealth apps. Methods: A mixed method study design will be used. In the quantitative phase, patients and end users of mHealth apps will be randomly recruited from various provinces in Saudi Arabia with a high population of mHealth users. The research instrument will be developed based on the emerging themes and findings from the interview conducted among stakeholders, app developers, health care professionals, and users of mHealth apps (n=25). The survey will focus on (1) how to improve patients’ awareness of data security, privacy, and confidentiality; (2) feedback on the current mHealth apps in terms of data security, privacy, and confidentiality; and (3) the features that might improve data security, privacy, and confidentiality of mHealth apps. Meanwhile, specific sections of the questionnaire will focus on patients’ awareness, privacy concerns, confidentiality concerns, security concerns, perceived usefulness, perceived ease of use, and behavioral intention. Qualitative data will be analyzed thematically using NVivo version 12. Descriptive statistics, regression analysis, and structural equation modeling will be performed using SPSS and partial least squares structural equation modeling. Results: The ethical approval for this research has been obtained from the Biomedical and Scientific Research Ethics Committee, University of Warwick, and the Medical Research and Ethics Committee Ministry of Health in the KSA. The qualitative phase is ongoing and 15 participants have been interviewed. The interviews for the remaining 10 participants will be completed by November 25, 2023. Preliminary thematic analysis is still ongoing. Meanwhile, the quantitative phase will commence by December 10, 2023, with 150 participants providing signed and informed consent to participate in the study. Conclusions: The mixed methods study will elucidate the antecedents of patients’ awareness and concerns regarding the privacy, security, and confidentiality of data collected via mHealth apps in the KSA. Furthermore, pertinent findings on the perspectives of stakeholders and health care professionals toward the aforementioned issues will be gleaned. The results will assist policy makers in developing strategies to improve Saudi users’/patients’ adoption of mHealth apps and addressing the concerns raised to benefit significantly from these advanced health care modalities. International Registered Report Identifier (IRRID): DERR1-10.2196/54933 %M 38776540 %R 10.2196/54933 %U https://www.researchprotocols.org/2024/1/e54933 %U https://doi.org/10.2196/54933 %U http://www.ncbi.nlm.nih.gov/pubmed/38776540 %0 Journal Article %@ 2562-7600 %I JMIR Publications %V 7 %N %P e53592 %T Privacy Barriers in Health Monitoring: Scoping Review %A Sun,Luyi %A Yang,Bian %A Kindt,Els %A Chu,Jingyi %+ Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, Teknologivegen 22, Gjøvik, 2815, Norway, 47 96864781, luyi.sun@ntnu.no %K privacy attitudes %K health monitoring technologies %K privacy concerns %K privacy barriers %K legal concerns %K social psychology %D 2024 %7 9.5.2024 %9 Review %J JMIR Nursing %G English %X Background: Health monitoring technologies help patients and older adults live better and stay longer in their own homes. However, there are many factors influencing their adoption of these technologies. Privacy is one of them. Objective: The aim of this study was to provide an overview of the privacy barriers in health monitoring from current research, analyze the factors that influence patients to adopt assisted living technologies, provide a social psychological explanation, and propose suggestions for mitigating these barriers in future research. Methods: A scoping review was conducted, and web-based literature databases were searched for published studies to explore the available research on privacy barriers in a health monitoring environment. Results: In total, 65 articles met the inclusion criteria and were selected and analyzed. Contradictory findings and results were found in some of the included articles. We analyzed the contradictory findings and provided possible explanations for current barriers, such as demographic differences, information asymmetry, researchers’ conceptual confusion, inducible experiment design and its psychological impacts on participants, researchers’ confirmation bias, and a lack of distinction among different user roles. We found that few exploratory studies have been conducted so far to collect privacy-related legal norms in a health monitoring environment. Four research questions related to privacy barriers were raised, and an attempt was made to provide answers. Conclusions: This review highlights the problems of some research, summarizes patients’ privacy concerns and legal concerns from the studies conducted, and lists the factors that should be considered when gathering and analyzing people’s privacy attitudes. %M 38723253 %R 10.2196/53592 %U https://nursing.jmir.org/2024/1/e53592 %U https://doi.org/10.2196/53592 %U http://www.ncbi.nlm.nih.gov/pubmed/38723253 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e49910 %T IT-Related Barriers and Facilitators to the Implementation of a New European eHealth Solution, the Digital Survivorship Passport (SurPass Version 2.0): Semistructured Digital Survey %A de Beijer,Ismay A E %A van den Oever,Selina R %A Charalambous,Eliana %A Cangioli,Giorgio %A Balaguer,Julia %A Bardi,Edit %A Alfes,Marie %A Cañete Nieto,Adela %A Correcher,Marisa %A Pinto da Costa,Tiago %A Degelsegger-Márquez,Alexander %A Düster,Vanessa %A Filbert,Anna-Liesa %A Grabow,Desiree %A Gredinger,Gerald %A Gsell,Hannah %A Haupt,Riccardo %A van Helvoirt,Maria %A Ladenstein,Ruth %A Langer,Thorsten %A Laschkolnig,Anja %A Muraca,Monica %A Pluijm,Saskia M F %A Rascon,Jelena %A Schreier,Günter %A Tomášikova,Zuzana %A Trauner,Florian %A Trinkūnas,Justas %A Trunner,Kathrin %A Uyttebroeck,Anne %A Kremer,Leontien C M %A van der Pal,Helena J H %A Chronaki,Catherine %A , %+ Princess Máxima Center for Pediatric Oncology, Heidelberglaan 25, Utrecht, 3484 CS, Netherlands, 31 638960162, i.a.e.debeijer-3@prinsesmaximacentrum.nl %K pediatric oncology %K long-term follow up care %K survivorship %K cancer survivors %K Survivorship Passport %K SurPass, eHealth %K information and technology %D 2024 %7 2.5.2024 %9 Original Paper %J J Med Internet Res %G English %X Background: To overcome knowledge gaps and optimize long-term follow-up (LTFU) care for childhood cancer survivors, the concept of the Survivorship Passport (SurPass) has been invented. Within the European PanCareSurPass project, the semiautomated and interoperable SurPass (version 2.0) will be optimized, implemented, and evaluated at 6 LTFU care centers representing 6 European countries and 3 distinct health system scenarios: (1) national electronic health information systems (EHISs) in Austria and Lithuania, (2) regional or local EHISs in Italy and Spain, and (3) cancer registries or hospital-based EHISs in Belgium and Germany. Objective: We aimed to identify and describe barriers and facilitators for SurPass (version 2.0) implementation concerning semiautomation of data input, interoperability, data protection, privacy, and cybersecurity. Methods: IT specialists from the 6 LTFU care centers participated in a semistructured digital survey focusing on IT-related barriers and facilitators to SurPass (version 2.0) implementation. We used the fit-viability model to assess the compatibility and feasibility of integrating SurPass into existing EHISs. Results: In total, 13/20 (65%) invited IT specialists participated. The main barriers and facilitators in all 3 health system scenarios related to semiautomated data input and interoperability included unaligned EHIS infrastructure and the use of interoperability frameworks and international coding systems. The main barriers and facilitators related to data protection or privacy and cybersecurity included pseudonymization of personal health data and data retention. According to the fit-viability model, the first health system scenario provides the best fit for SurPass implementation, followed by the second and third scenarios. Conclusions: This study provides essential insights into the information and IT-related influencing factors that need to be considered when implementing the SurPass (version 2.0) in clinical practice. We recommend the adoption of Health Level Seven Fast Healthcare Interoperability Resources and data security measures such as encryption, pseudonymization, and multifactor authentication to protect personal health data where applicable. In sum, this study offers practical insights into integrating digital health solutions into existing EHISs. %M 38696248 %R 10.2196/49910 %U https://www.jmir.org/2024/1/e49910 %U https://doi.org/10.2196/49910 %U http://www.ncbi.nlm.nih.gov/pubmed/38696248 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 26 %N %P e49445 %T The Costs of Anonymization: Case Study Using Clinical Data %A Pilgram,Lisa %A Meurers,Thierry %A Malin,Bradley %A Schaeffner,Elke %A Eckardt,Kai-Uwe %A Prasser,Fabian %A , %+ Junior Digital Clinician Scientist Program, Biomedical Innovation Academy, Berlin Institute of Health at Charité—Universitätsmedizin Berlin, Charitéplatz 1, Berlin, 10117, Germany, 49 30 450543049, lisa.pilgram@charite.de %K data sharing %K anonymization %K deidentification %K privacy-utility trade-off %K privacy-enhancing technologies %K medical informatics %K privacy %K anonymized %K security %K identification %K confidentiality %K data science %D 2024 %7 24.4.2024 %9 Original Paper %J J Med Internet Res %G English %X Background: Sharing data from clinical studies can accelerate scientific progress, improve transparency, and increase the potential for innovation and collaboration. However, privacy concerns remain a barrier to data sharing. Certain concerns, such as reidentification risk, can be addressed through the application of anonymization algorithms, whereby data are altered so that it is no longer reasonably related to a person. Yet, such alterations have the potential to influence the data set’s statistical properties, such that the privacy-utility trade-off must be considered. This has been studied in theory, but evidence based on real-world individual-level clinical data is rare, and anonymization has not broadly been adopted in clinical practice. Objective: The goal of this study is to contribute to a better understanding of anonymization in the real world by comprehensively evaluating the privacy-utility trade-off of differently anonymized data using data and scientific results from the German Chronic Kidney Disease (GCKD) study. Methods: The GCKD data set extracted for this study consists of 5217 records and 70 variables. A 2-step procedure was followed to determine which variables constituted reidentification risks. To capture a large portion of the risk-utility space, we decided on risk thresholds ranging from 0.02 to 1. The data were then transformed via generalization and suppression, and the anonymization process was varied using a generic and a use case–specific configuration. To assess the utility of the anonymized GCKD data, general-purpose metrics (ie, data granularity and entropy), as well as use case–specific metrics (ie, reproducibility), were applied. Reproducibility was assessed by measuring the overlap of the 95% CI lengths between anonymized and original results. Results: Reproducibility measured by 95% CI overlap was higher than utility obtained from general-purpose metrics. For example, granularity varied between 68.2% and 87.6%, and entropy varied between 25.5% and 46.2%, whereas the average 95% CI overlap was above 90% for all risk thresholds applied. A nonoverlapping 95% CI was detected in 6 estimates across all analyses, but the overwhelming majority of estimates exhibited an overlap over 50%. The use case–specific configuration outperformed the generic one in terms of actual utility (ie, reproducibility) at the same level of privacy. Conclusions: Our results illustrate the challenges that anonymization faces when aiming to support multiple likely and possibly competing uses, while use case–specific anonymization can provide greater utility. This aspect should be taken into account when evaluating the associated costs of anonymized data and attempting to maintain sufficiently high levels of privacy for anonymized data. Trial Registration: German Clinical Trials Register DRKS00003971; https://drks.de/search/en/trial/DRKS00003971 International Registered Report Identifier (IRRID): RR2-10.1093/ndt/gfr456 %M 38657232 %R 10.2196/49445 %U https://www.jmir.org/2024/1/e49445 %U https://doi.org/10.2196/49445 %U http://www.ncbi.nlm.nih.gov/pubmed/38657232 %0 Journal Article %@ 2369-2960 %I JMIR Publications %V 10 %N %P e51880 %T Now Is the Time to Strengthen Government-Academic Data Infrastructures to Jump-Start Future Public Health Crisis Response %A Lee,Jian-Sin %A Tyler,Allison R B %A Veinot,Tiffany Christine %A Yakel,Elizabeth %+ School of Information, University of Michigan, 105 S State St, Ann Arbor, MI, 48109-1285, United States, 1 734 389 9552, jianslee@umich.edu %K COVID-19 %K crisis response %K cross-sector collaboration %K data infrastructures %K data science %K data sharing %K pandemic %K public health %D 2024 %7 24.4.2024 %9 Viewpoint %J JMIR Public Health Surveill %G English %X During public health crises, the significance of rapid data sharing cannot be overstated. In attempts to accelerate COVID-19 pandemic responses, discussions within society and scholarly research have focused on data sharing among health care providers, across government departments at different levels, and on an international scale. A lesser-addressed yet equally important approach to sharing data during the COVID-19 pandemic and other crises involves cross-sector collaboration between government entities and academic researchers. Specifically, this refers to dedicated projects in which a government entity shares public health data with an academic research team for data analysis to receive data insights to inform policy. In this viewpoint, we identify and outline documented data sharing challenges in the context of COVID-19 and other public health crises, as well as broader crisis scenarios encompassing natural disasters and humanitarian emergencies. We then argue that government-academic data collaborations have the potential to alleviate these challenges, which should place them at the forefront of future research attention. In particular, for researchers, data collaborations with government entities should be considered part of the social infrastructure that bolsters their research efforts toward public health crisis response. Looking ahead, we propose a shift from ad hoc, intermittent collaborations to cultivating robust and enduring partnerships. Thus, we need to move beyond viewing government-academic data interactions as 1-time sharing events. Additionally, given the scarcity of scholarly exploration in this domain, we advocate for further investigation into the real-world practices and experiences related to sharing data from government sources with researchers during public health crises. %M 38656780 %R 10.2196/51880 %U https://publichealth.jmir.org/2024/1/e51880 %U https://doi.org/10.2196/51880 %U http://www.ncbi.nlm.nih.gov/pubmed/38656780 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 12 %N %P e48986 %T The Roles of Trust in Government and Sense of Community in the COVID-19 Contact Tracing Privacy Calculus: Mixed Method Study Using a 2-Wave Survey and In-Depth Interviews %A Kang,Hyunjin %A Lee,Jeong Kyu %A Lee,Edmund WJ %A Toh,Cindy %+ Wee Kim Wee School of Communication and Information, Nanyang Technological University, 31 Nanyang Link, Singapore, 637718, Singapore, 65 69083431, hjkang@ntu.edu.sg %K COVID-19 %K contact tracing technology %K privacy calculus %K trust in government %K sense of community %K mixed method %K mobile phone %D 2024 %7 7.3.2024 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Contact tracing technology has been adopted in many countries to aid in identifying, evaluating, and handling individuals who have had contact with those infected with COVID-19. Singapore was among the countries that actively implemented the government-led contact tracing program known as TraceTogether. Despite the benefits the contact tracing program could provide to individuals and the community, privacy issues were a significant barrier to individuals’ acceptance of the program. Objective: Building on the privacy calculus model, this study investigates how the perceptions of the 2 key groups (ie, government and community members) involved in the digital contact tracing factor into individuals’ privacy calculus of digital contact tracing. Methods: Using a mixed method approach, we conducted (1) a 2-wave survey (n=674) and (2) in-depth interviews (n=12) with TraceTogether users in Singapore. Using structural equation modeling, this study investigated how trust in the government and the sense of community exhibited by individuals during the early stage of implementation (time 1) predicted privacy concerns, perceived benefits, and future use intentions, measured after the program was fully implemented (time 2). Expanding on the survey results, this study conducted one-on-one interviews to gain in-depth insights into the privacy considerations involved in digital contact tracing. Results: The results from the survey showed that trust in the government increased perceived benefits while decreasing privacy concerns regarding the use of TraceTogether. Furthermore, individuals who felt a connection to community members by participating in the program (ie, the sense of community) were more inclined to believe in its benefits. The sense of community also played a moderating role in the influence of government trust on perceived benefits. Follow-up in-depth interviews highlighted that having a sense of control over information and transparency in the government’s data management were crucial factors in privacy considerations. The interviews also highlighted surveillance as the most prevalent aspect of privacy concerns regarding TraceTogether use. In addition, our findings revealed that trust in the government, particularly the perceived transparency of government actions, was most strongly associated with concerns regarding the secondary use of data. Conclusions: Using a mixed method approach involving a 2-wave survey and in-depth interview data, we expanded our understanding of privacy decisions and the privacy calculus in the context of digital contact tracing. The opposite influences of privacy concerns and perceived benefit on use intention suggest that the privacy calculus in TraceTogether might be viewed as a rational process of weighing between privacy risks and use benefits to make an uptake decision. However, our study demonstrated that existing perceptions toward the provider and the government in the contact tracing context, as well as the perception of the community triggered by TraceTogether use, may bias user appraisals of privacy risks and the benefits of contact tracing. %M 38451602 %R 10.2196/48986 %U https://mhealth.jmir.org/2024/1/e48986 %U https://doi.org/10.2196/48986 %U http://www.ncbi.nlm.nih.gov/pubmed/38451602 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 12 %N %P e48526 %T User Perception of Smart Home Surveillance Among Adults Aged 50 Years and Older: Scoping Review %A Percy Campbell,Jessica %A Buchan,Jacob %A Chu,Charlene H %A Bianchi,Andria %A Hoey,Jesse %A Khan,Shehroz S %+ Institute of Biomedical Engineering, University of Toronto, Rosebrugh Bldg, 164 College St, Toronto, ON, M5S 3G9, Canada, 1 4169787459, shehroz.khan@uhn.ca %K smart homes %K privacy %K surveillance %K ambient assisted living %K smart speakers %K Internet of Things %K sensors %K sensor %K smart home %K perception %K perceptions %K elderly %K older adult %K older adults %K review methods %K review methodology %K home monitoring %K security %K safety %K ageing %K ageing-in-place %K integrative review %K integrative reviews %D 2024 %7 9.2.2024 %9 Review %J JMIR Mhealth Uhealth %G English %X Background: Smart home technology (SHT) can be useful for aging in place or health-related purposes. However, surveillance studies have highlighted ethical issues with SHTs, including user privacy, security, and autonomy. Objective: As digital technology is most often designed for younger adults, this review summarizes perceptions of SHTs among users aged 50 years and older to explore their understanding of privacy, the purpose of data collection, risks and benefits, and safety. Methods: Through an integrative review, we explored community-dwelling adults’ (aged 50 years and older) perceptions of SHTs based on research questions under 4 nonmutually exclusive themes: privacy, the purpose of data collection, risk and benefits, and safety. We searched 1860 titles and abstracts from Ovid MEDLINE, Ovid Embase, Cochrane Database of Systematic Reviews, and Cochrane Central Register of Controlled Trials, Scopus, Web of Science Core Collection, and IEEE Xplore or IET Electronic Library, resulting in 15 included studies. Results: The 15 studies explored user perception of smart speakers, motion sensors, or home monitoring systems. A total of 13 (87%) studies discussed user privacy concerns regarding data collection and access. A total of 4 (27%) studies explored user knowledge of data collection purposes, 7 (47%) studies featured risk-related concerns such as data breaches and third-party misuse alongside benefits such as convenience, and 9 (60%) studies reported user enthusiasm about the potential for home safety. Conclusions: Due to the growing size of aging populations and advances in technological capabilities, regulators and designers should focus on user concerns by supporting higher levels of agency regarding data collection, use, and disclosure and by bolstering organizational accountability. This way, relevant privacy regulation and SHT design can better support user safety while diminishing potential risks to privacy, security, autonomy, or discriminatory outcomes. %M 38335026 %R 10.2196/48526 %U https://mhealth.jmir.org/2024/1/e48526 %U https://doi.org/10.2196/48526 %U http://www.ncbi.nlm.nih.gov/pubmed/38335026 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 12 %N %P e48700 %T Investigating Citizens’ Acceptance of Contact Tracing Apps: Quantitative Study of the Role of Trust and Privacy %A Fox,Grace %A van der Werff,Lisa %A Rosati,Pierangelo %A Lynn,Theo %+ Irish Institute of Digital Business, Dublin City University, Collins Ave, Dublin9, Dublin, Ireland, 353 1 700 6873, theo.lynn@dcu.ie %K privacy %K trust %K public health surveillance %K contact tracing %K mobile apps %K adoption %K information disclosure %D 2024 %7 18.1.2024 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: The COVID-19 pandemic accelerated the need to understand citizen acceptance of health surveillance technologies such as contact tracing (CT) apps. Indeed, the success of these apps required widespread public acceptance and the alleviation of concerns about privacy, surveillance, and trust. Objective: This study aims to examine the factors that foster a sense of trust and a perception of privacy in CT apps. Our study also investigates how trust and perceived privacy influence citizens’ willingness to adopt, disclose personal data, and continue to use these apps. Methods: Drawing on privacy calculus and procedural fairness theories, we developed a model of the antecedents and behavioral intentions related to trust and privacy perceptions. We used structural equation modeling to test our hypotheses on a data set collected at 2 time points (before and after the launch of a national CT app). The sample consisted of 405 Irish residents. Results: Trust in CT apps was positively influenced by propensity to trust technology (β=.074; P=.006), perceived need for surveillance (β=.119; P<.001), and perceptions of government motives (β=.671; P<.001) and negatively influenced by perceived invasion (β=−.224; P<.001). Perceived privacy was positively influenced by trust (β=.466; P<.001) and perceived control (β=.451; P<.001) and negatively influenced by perceived invasion (β=−.165; P<.001). Prelaunch intentions toward adoption were influenced by trust (β=.590; P<.001) and perceived privacy (β=.247; P<.001). Prelaunch intentions to disclose personal data to the app were also influenced by trust (β=.215; P<.001) and perceived privacy (β=.208; P<.001) as well as adoption intentions before the launch (β=.550; P<.001). However, postlaunch intentions to use the app were directly influenced by prelaunch intentions (β=.530; P<.001), but trust and perceived privacy only had an indirect influence. Finally, with regard to intentions to disclose after the launch, use intentions after the launch (β=.665; P<.001) and trust (β=.215; P<.001) had a direct influence, but perceived privacy only had an indirect influence. The proposed model explained 74.4% of variance in trust, 91% of variance in perceived privacy, 66.6% of variance in prelaunch adoption intentions, 45.9% of variance in postlaunch use intentions, and 83.9% and 79.4% of variance in willingness to disclose before the launch and after the launch, respectively. Conclusions: Positive perceptions of trust and privacy can be fostered through clear communication regarding the need and motives for CT apps, the level of control citizens maintain, and measures to limit invasive data practice. By engendering these positive beliefs before launch and reinforcing them after launch, citizens may be more likely to accept and use CT apps. These insights are important for the launch of future apps and technologies that require mass acceptance and information disclosure. %M 38085914 %R 10.2196/48700 %U https://mhealth.jmir.org/2024/1/e48700 %U https://doi.org/10.2196/48700 %U http://www.ncbi.nlm.nih.gov/pubmed/38085914 %0 Journal Article %@ 2292-9495 %I JMIR Publications %V 11 %N %P e47031 %T Trust in and Acceptance of Artificial Intelligence Applications in Medicine: Mixed Methods Study %A Shevtsova,Daria %A Ahmed,Anam %A Boot,Iris W A %A Sanges,Carmen %A Hudecek,Michael %A Jacobs,John J L %A Hort,Simon %A Vrijhoef,Hubertus J M %+ Panaxea bv, Pettelaarpark 84, Den Bosch, 5216 PP, Netherlands, 31 639421854, anam.ahmed@panaxea.eu %K trust %K acceptance %K artificial intelligence %K medicine %K mixed methods %K rapid review %K survey %D 2024 %7 17.1.2024 %9 Original Paper %J JMIR Hum Factors %G English %X Background: Artificial intelligence (AI)–powered technologies are being increasingly used in almost all fields, including medicine. However, to successfully implement medical AI applications, ensuring trust and acceptance toward such technologies is crucial for their successful spread and timely adoption worldwide. Although AI applications in medicine provide advantages to the current health care system, there are also various associated challenges regarding, for instance, data privacy, accountability, and equity and fairness, which could hinder medical AI application implementation. Objective: The aim of this study was to identify factors related to trust in and acceptance of novel AI-powered medical technologies and to assess the relevance of those factors among relevant stakeholders. Methods: This study used a mixed methods design. First, a rapid review of the existing literature was conducted, aiming to identify various factors related to trust in and acceptance of novel AI applications in medicine. Next, an electronic survey including the rapid review–derived factors was disseminated among key stakeholder groups. Participants (N=22) were asked to assess on a 5-point Likert scale (1=irrelevant to 5=relevant) to what extent they thought the various factors (N=19) were relevant to trust in and acceptance of novel AI applications in medicine. Results: The rapid review (N=32 papers) yielded 110 factors related to trust and 77 factors related to acceptance toward AI technology in medicine. Closely related factors were assigned to 1 of the 19 overarching umbrella factors, which were further grouped into 4 categories: human-related (ie, the type of institution AI professionals originate from), technology-related (ie, the explainability and transparency of AI application processes and outcomes), ethical and legal (ie, data use transparency), and additional factors (ie, AI applications being environment friendly). The categorized 19 umbrella factors were presented as survey statements, which were evaluated by relevant stakeholders. Survey participants (N=22) represented researchers (n=18, 82%), technology providers (n=5, 23%), hospital staff (n=3, 14%), and policy makers (n=3, 14%). Of the 19 factors, 16 (84%) human-related, technology-related, ethical and legal, and additional factors were considered to be of high relevance to trust in and acceptance of novel AI applications in medicine. The patient’s gender, age, and education level were found to be of low relevance (3/19, 16%). Conclusions: The results of this study could help the implementers of medical AI applications to understand what drives trust and acceptance toward AI-powered technologies among key stakeholders in medicine. Consequently, this would allow the implementers to identify strategies that facilitate trust in and acceptance of medical AI applications among key stakeholders and potential users. %M 38231544 %R 10.2196/47031 %U https://humanfactors.jmir.org/2024/1/e47031 %U https://doi.org/10.2196/47031 %U http://www.ncbi.nlm.nih.gov/pubmed/38231544 %0 Journal Article %@ 2369-2960 %I JMIR Publications %V 9 %N %P e49560 %T Combatting SARS-CoV-2 With Digital Contact Tracing and Notification: Navigating Six Points of Failure %A Masel,Joanna %A Petrie,James Ian Mackie %A Bay,Jason %A Ebbers,Wolfgang %A Sharan,Aalekh %A Leibrand,Scott Michael %A Gebhard,Andreas %A Zimmerman,Samuel %+ Department of Ecology & Evolutionary Biology, University of Arizona, 1041 E Lowell St, Tucson, AZ, 85721, United States, 1 5206269888, masel@arizona.edu %K COVID-19 %K SARS-CoV-2 %K pandemic preparedness %K decentralized protocols %K smartphone %K mobile phone %K contact tracing %D 2023 %7 4.12.2023 %9 Viewpoint %J JMIR Public Health Surveill %G English %X Digital contact tracing and notification were initially hailed as promising strategies to combat SARS-CoV-2; however, in most jurisdictions, they did not live up to their promise. To avert a given transmission event, both parties must have adopted the technology, it must detect the contact, the primary case must be promptly diagnosed, notifications must be triggered, and the secondary case must change their behavior to avoid the focal tertiary transmission event. If we approximate these as independent events, achieving a 26% reduction in the effective reproduction number Rt would require an 80% success rate at each of these 6 points of failure. Here, we review the 6 failure rates experienced by a variety of digital contact tracing and contact notification schemes, including Singapore’s TraceTogether, India’s Aarogya Setu, and leading implementations of the Google Apple Exposure Notification system. This leads to a number of recommendations, for example, that the narrative be framed in terms of user autonomy rather than user privacy, and that tracing/notification apps be multifunctional and integrated with testing, manual contact tracing, and the gathering of critical scientific data. %M 38048155 %R 10.2196/49560 %U https://publichealth.jmir.org/2023/1/e49560 %U https://doi.org/10.2196/49560 %U http://www.ncbi.nlm.nih.gov/pubmed/38048155 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 25 %N %P e52444 %T Use of Consumer Wearables in Health Research: Issues and Considerations %A Dobson,Rosie %A Stowell,Melanie %A Warren,Jim %A Tane,Taria %A Ni,Lin %A Gu,Yulong %A McCool,Judith %A Whittaker,Robyn %+ School of Population Health, University of Auckland, Private Bag 92019, Auckland, 1142, New Zealand, 64 93737599, r.dobson@auckland.ac.nz %K wearable device %K wearable %K wearables %K inclusion %K inclusive %K inclusivity %K data quality %K consumer wearables %K sensors %K digital health %K mental health %K ethics %K ethic %K ethical %K privacy %K security %K viewpoint %K digital divide %K data privacy %K health information management %K data science %K data collection %D 2023 %7 21.11.2023 %9 Viewpoint %J J Med Internet Res %G English %X As wearable devices, which allow individuals to track and self-manage their health, become more ubiquitous, the opportunities are growing for researchers to use these sensors within interventions and for data collection. They offer access to data that are captured continuously, passively, and pragmatically with minimal user burden, providing huge advantages for health research. However, the growth in their use must be coupled with consideration of their potential limitations, in particular, digital inclusion, data availability, privacy, ethics of third-party involvement, data quality, and potential for adverse consequences. In this paper, we discuss these issues and strategies used to prevent or mitigate them and recommendations for researchers using wearables as part of interventions or for data collection. %M 37988147 %R 10.2196/52444 %U https://www.jmir.org/2023/1/e52444 %U https://doi.org/10.2196/52444 %U http://www.ncbi.nlm.nih.gov/pubmed/37988147 %0 Journal Article %@ 2291-5222 %I %V 11 %N %P e48714 %T Personal Information Protection and Privacy Policy Compliance of Health Code Apps in China: Scale Development and Content Analysis %A Jiang,Jiayi %A Zheng,Zexing %K contact tracing %K privacy policy %K personal information protection %K compliance %K content analysis %K COVID-19 %D 2023 %7 14.11.2023 %9 %J JMIR Mhealth Uhealth %G English %X Background: Digital technologies, especially contact tracing apps, have been crucial in monitoring and tracing the transmission of COVID-19 worldwide. China developed health code apps as an emergency response to the pandemic with plans to use them for broader public health services. However, potential problems within privacy policies may compromise personal information (PI) protection. Objective: We aimed to evaluate the compliance of the privacy policies of 30 health code apps in the mainland of China with the Personal Information Protection Law (PIPL) and related specifications. Methods: We reviewed and assessed the privacy policies of 30 health code apps between August 26 and September 6, 2023. We used a 3-level indicator scale based on the information life cycle as provided in the PIPL and related specifications. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 71 level-3 indicators. Results: The mean compliance score of the 30 health code apps was 59.9% (SD 22.6%). A total of 13 (43.3%) apps scored below this average, and 6 apps scored below 40%. Level-1 indicator scores included the following: general attributes (mean 85.6%, SD 23.3%); PI collection and use (mean 66.2%, SD 22.7%); PI storage and protection (mean 63.3%, SD 30.8%); PI sharing, transfer, disclosure, and transmission (mean 57.2%, SD 27.3%); PI deletion (mean 52.2%, SD 29.4%); individual rights (mean 59.3%, SD 25.7%); and PI processor duties (mean 43.7%, SD 23.8%). Sensitive PI protection compliance (mean 51.4%, SD 26.0%) lagged behind general PI protection (mean 83.3%, SD 24.3%), with only 1 app requiring separate consent for sensitive PI processing. Additionally, 46.7% (n=14) of the apps needed separate consent for subcontracting activities, while fewer disclosed PI recipient information (n=13, 43.3%), safety precautions (n=11, 36.7%), and rules of PI transfer during specific events (n=10, 33.3%). Most privacy policies specified the PI retention period (n=23, 76.7%) and postperiod deletion or anonymization (n=22, 73.3%), but only 6.7% (n=2) were committed to prompt third-party PI deletion. Most apps delineated various individual rights: the right to inquire (n=25, 83.3%), correct (n=24, 80%), and delete PI (n=24, 80%); cancel their account (n=21, 70%); withdraw consent (n=20, 60%); and request privacy policy explanations (n=24, 80%). Only a fraction addressed the rights to obtain copies (n=4, 13.3%) or refuse advertisement of automated decision-making (n=1, 3.3%). The mean compliance rate of PI processor duties was only 43.7% (SD 23.8%), with significant deficiencies in impact assessments (mean 5.0%, SD 19.8%), PI protection officer appointment (mean 6.7%, SD 24.9%), regular compliance audits (mean 6.7%, SD 24.9%), and complaint management (mean 37.8%, SD 39.2%). Conclusions: Our analysis revealed both strengths and significant shortcomings in the compliance of privacy policies of health code apps with the PIPL and related specifications considering the information life cycle. As China contemplates the future extended use of health code apps, it should articulate the legitimacy of the apps’ normalization and ensure that users provide informed consent. Meanwhile, China should raise the compliance level of relevant privacy policies and fortify its enforcement mechanisms. %R 10.2196/48714 %U https://mhealth.jmir.org/2023/1/e48714 %U https://doi.org/10.2196/48714 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 25 %N %P e47540 %T Sharing Data With Shared Benefits: Artificial Intelligence Perspective %A Tajabadi,Mohammad %A Grabenhenrich,Linus %A Ribeiro,Adèle %A Leyer,Michael %A Heider,Dominik %+ Department of Data Science in Biomedicine, Faculty of Mathematics and Computer Science, University of Marburg, Hans-Meerwein-Str. 6, Marburg, 35043, Germany, 49 6421 2821579, dominik.heider@uni-marburg.de %K federated learning %K machine learning %K medical data %K fairness %K data sharing %K artificial intelligence %K development %K artificial intelligence model %K applications %K data analysis %K diagnostic tool %K tool %D 2023 %7 29.8.2023 %9 Viewpoint %J J Med Internet Res %G English %X Artificial intelligence (AI) and data sharing go hand in hand. In order to develop powerful AI models for medical and health applications, data need to be collected and brought together over multiple centers. However, due to various reasons, including data privacy, not all data can be made publicly available or shared with other parties. Federated and swarm learning can help in these scenarios. However, in the private sector, such as between companies, the incentive is limited, as the resulting AI models would be available for all partners irrespective of their individual contribution, including the amount of data provided by each party. Here, we explore a potential solution to this challenge as a viewpoint, aiming to establish a fairer approach that encourages companies to engage in collaborative data analysis and AI modeling. Within the proposed approach, each individual participant could gain a model commensurate with their respective data contribution, ultimately leading to better diagnostic tools for all participants in a fair manner. %M 37642995 %R 10.2196/47540 %U https://www.jmir.org/2023/1/e47540 %U https://doi.org/10.2196/47540 %U http://www.ncbi.nlm.nih.gov/pubmed/37642995 %0 Journal Article %@ 2561-326X %I JMIR Publications %V 7 %N %P e49439 %T Demographic Comparison of Information Security Behavior Toward Health Information System Protection: Survey Study %A Sari,Puspita Kencana %A Handayani,Putu Wuri %A Hidayanto,Achmad Nizar %+ Faculty of Computer Science, Universitas Indonesia, Kampus Baru UI, Depok, 16424, Indonesia, 62 217863419, puspita.kencana91@ui.ac.id %K behavioral research %K health information system %K human activities %K information security %K mobile security %D 2023 %7 24.8.2023 %9 Original Paper %J JMIR Form Res %G English %X Background: The health information system (HIS) functions are getting wider with more diverse users. Information security in the health industry is crucial because it involves comprehensive and strategic information that might harm human life. The human factor is one of the biggest security threats to HIS. Objective: This study aims to investigate the information security behavior (ISB) of HIS users using a comprehensive assessment scale suited to the information security concerns in health care. Patients are increasingly being asked to submit their own data into HIS systems. As a result, this study examines the security behavior of health workers and patients, as well as their demographic variables. Methods: We used a quantitative approach using surveys of health workers and patients. We created a research instrument from 4 existing measurement scales to measure prosecurity and antisecurity behavior. We analyzed statistical differences to test the hypotheses, that is, the Kruskal-Wallis test and the Mann-Whitney test. The descriptive analysis was used to determine whether the group exhibited exemplary behavior when processing the survey results. A correlational test using the Spearman correlation coefficient was performed to establish the significance of the relationship between ISB and age as well as level of education. Results: We analyzed 421 responses from the survey. According to demographic factors, the hypotheses tested for full and partial security behavior reveal substantial differences. Education levels most significantly affect security behavior differences, followed by user type, gender, and age. The health workers’ ISB is higher than that of the patients. Women are more likely than men to engage in prosecurity actions while avoiding antisecurity behaviors. The older the HIS user, the more likely it is that they will participate in prosecurity behavior and the less probable it is that they will engage in antisecurity behavior. According to this study, differences in prosecurity behavior are mostly impacted by education level. Higher education, on the other hand, does not guarantee improved ISB for HIS users. All demographic characteristics, particularly concerning user type, show discrepancies that are caused mainly by antisecurity behavior rather than prosecurity behavior. Conclusions: Since patients engage in antisecurity behavior more frequently than health workers and may pose security risks, health care facilities should start to consider information security education for patients. More comprehensive research on ISB in health care facilities is required to better understand the patient’s perspective, which is currently understudied. %M 37616025 %R 10.2196/49439 %U https://formative.jmir.org/2023/1/e49439 %U https://doi.org/10.2196/49439 %U http://www.ncbi.nlm.nih.gov/pubmed/37616025 %0 Journal Article %@ 2292-9495 %I JMIR Publications %V 10 %N %P e45503 %T Extending the Privacy Calculus to the mHealth Domain: Survey Study on the Intention to Use mHealth Apps in Germany %A von Kalckreuth,Niklas %A Feufel,Markus A %+ Division of Ergonomics, Department of Psychology and Ergonomics (IPA), Technische Universität Berlin, Straße des 17. Juni 135, Berlin, 10623, Germany, 49 30 314 70 747, niklas.vkalckreuth@tu-berlin.de %K mHealth %K mobile health %K confidential %K privacy calculus %K privacy %K intention to use %K adoption %K data autonomy %K social norms %K trust in the provider %K trust %K privacy concern %K benefit %K attitude to privacy %K survey %K intention %D 2023 %7 16.8.2023 %9 Original Paper %J JMIR Hum Factors %G English %X Background: With the increasing digitalization of the health sector, more and more mobile health (mHealth) apps are coming to the market to continuously collect and process sensitive health data for the benefit of patients and providers. These technologies open up new opportunities to make the health care system more efficient and save costs but also pose potential threats such as loss of data or finances. Objective: This study aims to present an empirical review and adaptation of the extended privacy calculus model to the mHealth domain and to understand what factors influence the intended usage of mHealth technologies. Methods: A survey study was conducted to empirically validate our model, using a case vignette as cover story. Data were collected from 250 German participants and analyzed using a covariance-based structural equation model. Results: The model explains R2=79.3% of the variance in intention to use. The 3 main factors (social norms, attitude to privacy, and perceived control over personal data) influenced the intention to use mHealth apps, albeit partially indirectly. The intention to use mHealth apps is driven by the perceived benefits of the technology, trust in the provider, and social norms. Privacy concerns have no bearing on the intention to use. The attitude to privacy has a large inhibiting effect on perceived benefits, as well as on trust in the provider. Perceived control over personal data clearly dispels privacy concerns and supports the relationship of trust between the user and the provider. Conclusions: Based on the privacy calculus, our domain-specific model explains the intention to use mHealth apps better than previous, more general models. The findings allow health care providers to improve their products and to increase usage by targeting specific user groups. %M 37585259 %R 10.2196/45503 %U https://humanfactors.jmir.org/2023/1/e45503 %U https://doi.org/10.2196/45503 %U http://www.ncbi.nlm.nih.gov/pubmed/37585259 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 25 %N %P e41294 %T Cyber Hygiene Methodology for Raising Cybersecurity and Data Privacy Awareness in Health Care Organizations: Concept Study %A Argyridou,Elina %A Nifakos,Sokratis %A Laoudias,Christos %A Panda,Sakshyam %A Panaousis,Emmanouil %A Chandramouli,Krishna %A Navarro-Llobet,Diana %A Mora Zamorano,Juan %A Papachristou,Panagiotis %A Bonacina,Stefano %+ Health Informatics Centre, Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, Tomtebodavägen 18a, Stockholm, 11777, Sweden, 46 0 8 524 862 04, sokratis.nifakos@ki.se %K cyber hygiene %K cybersecurity %K awareness %K training %K health care %K risk management %K mobile phone %D 2023 %7 27.7.2023 %9 Original Paper %J J Med Internet Res %G English %X Background: Cyber threats are increasing across all business sectors, with health care being a prominent domain. In response to the ever-increasing threats, health care organizations (HOs) are enhancing the technical measures with the use of cybersecurity controls and other advanced solutions for further protection. Despite the need for technical controls, humans are evidently the weakest link in the cybersecurity posture of HOs. This suggests that addressing the human aspects of cybersecurity is a key step toward managing cyber-physical risks. In practice, HOs are required to apply general cybersecurity and data privacy guidelines that focus on human factors. However, there is limited literature on the methodologies and procedures that can assist in successfully mapping these guidelines to specific controls (interventions), including awareness activities and training programs, with a measurable impact on personnel. To this end, tools and structured methodologies for assisting higher management in selecting the minimum number of required controls that will be most effective on the health care workforce are highly desirable. Objective: This study aimed to introduce a cyber hygiene (CH) methodology that uses a unique survey-based risk assessment approach for raising the cybersecurity and data privacy awareness of different employee groups in HOs. The main objective was to identify the most effective strategy for managing cybersecurity and data privacy risks and recommend targeted human-centric controls that are tailored to organization-specific needs. Methods: The CH methodology relied on a cross-sectional, exploratory survey study followed by a proposed risk-based survey data analysis approach. First, survey data were collected from 4 different employee groups across 3 European HOs, covering 7 categories of cybersecurity and data privacy risks. Next, survey data were transcribed and fitted into a proposed risk-based approach matrix that translated risk levels to strategies for managing the risks. Results: A list of human-centric controls and implementation levels was created. These controls were associated with risk categories, mapped to risk strategies for managing the risks related to all employee groups. Our mapping empowered the computation and subsequent recommendation of subsets of human-centric controls to implement the identified strategy for managing the overall risk of the HOs. An indicative example demonstrated the application of the CH methodology in a simple scenario. Finally, by applying the CH methodology in the health care sector, we obtained results in the form of risk markings; identified strategies to manage the risks; and recommended controls for each of the 3 HOs, each employee group, and each risk category. Conclusions: The proposed CH methodology improves the CH perception and behavior of personnel in the health care sector and provides risk strategies together with a list of recommended human-centric controls for managing a wide range of cybersecurity and data privacy risks related to health care employees. %M 37498644 %R 10.2196/41294 %U https://www.jmir.org/2023/1/e41294 %U https://doi.org/10.2196/41294 %U http://www.ncbi.nlm.nih.gov/pubmed/37498644 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 25 %N %P e45112 %T Cultural Implications Regarding Privacy in Digital Contact Tracing Algorithms: Method Development and Empirical Ethics Analysis of a German and a Japanese Approach to Contact Tracing %A Haltaufderheide,Joschka %A Viero,Davide %A Krämer,Dennis %+ Medical Ethics With Focus on Digitization, Joint Faculty of Health Sciences Brandenburg, University of Potsdam, Am Mühlenberg 9, Potsdam, 14476, Germany, 49 331 977 213830, joschka.haltaufderheide@uni-potsdam.de %K digital contact tracing %K algorithms %K methodology %K empirical ethics %K privacy %K culture-sensitive ethics %K mobile phone %D 2023 %7 28.6.2023 %9 Original Paper %J J Med Internet Res %G English %X Background: Digital contact tracing algorithms (DCTAs) have emerged as a means of supporting pandemic containment strategies and protecting populations from the adverse effects of COVID-19. However, the impact of DCTAs on users’ privacy and autonomy has been heavily debated. Although privacy is often viewed as the ability to control access to information, recent approaches consider it as a norm that structures social life. In this regard, cultural factors are crucial in evaluating the appropriateness of information flows in DCTAs. Hence, an important part of ethical evaluations of DCTAs is to develop an understanding of their information flow and their contextual situatedness to be able to adequately evaluate questions about privacy. However, only limited studies and conceptual approaches are currently available in this regard. Objective: This study aimed to develop a case study methodology to include contextual cultural factors in ethical analysis and present exemplary results of a subsequent analysis of 2 different DCTAs following this approach. Methods: We conducted a comparative qualitative case study of the algorithm of the Google Apple Exposure Notification Framework as exemplified in the German Corona Warn App and the Japanese approach of Computation of Infection Risk via Confidential Locational Entries (CIRCLE) method. The methodology was based on a postphenomenological perspective, combined with empirical investigations of the technological artifacts within their context of use. An ethics of disclosure approach was used to focus on the social ontologies created by the algorithms and highlight their connection to the question about privacy. Results: Both algorithms use the idea of representing a social encounter of 2 subjects. These subjects gain significance in terms of risk against the background of a representation of their temporal and spatial properties. However, the comparative analysis reveals 2 major differences. Google Apple Exposure Notification Framework prioritizes temporality over spatiality. In contrast, the representation of spatiality is reduced to distance without any direction or orientation. However, the CIRCLE framework prioritizes spatiality over temporality. These different concepts and prioritizations can be seen to align with important cultural differences in considering basic concepts such as subject, time, and space in Eastern and Western thought. Conclusions: The differences noted in this study essentially lead to 2 different ethical questions about privacy that are raised against the respective backgrounds. These findings have important implications for the ethical evaluation of DCTAs, suggesting that a culture-sensitive assessment is required to ensure that technologies fit into their context and create less concern regarding their ethical acceptability. Methodologically, our study provides a basis for an intercultural approach to the ethics of disclosure, allowing for cross-cultural dialogue that can overcome mutual implicit biases and blind spots based on cultural differences. %M 37379062 %R 10.2196/45112 %U https://www.jmir.org/2023/1/e45112 %U https://doi.org/10.2196/45112 %U http://www.ncbi.nlm.nih.gov/pubmed/37379062 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 25 %N %P e43664 %T Exploring the Relationship Between Privacy and Utility in Mobile Health: Algorithm Development and Validation via Simulations of Federated Learning, Differential Privacy, and External Attacks %A Shen,Alexander %A Francisco,Luke %A Sen,Srijan %A Tewari,Ambuj %+ Department of Statistics and Data Science, Carnegie Mellon University, 5000 Forbes Ave, Pittsburgh, PA, 15213, United States, 1 7022754242, alexshen@umich.edu %K privacy %K data protection %K machine learning %K federated learning %K neural networks %K mobile health %K mHealth %K wearable electronic devices %K differential privacy %K privacy %K learning %K evidence %K feasibility %K applications %K training %K technology %K mobile phone %D 2023 %7 20.4.2023 %9 Original Paper %J J Med Internet Res %G English %X Background: Although evidence supporting the feasibility of large-scale mobile health (mHealth) systems continues to grow, privacy protection remains an important implementation challenge. The potential scale of publicly available mHealth applications and the sensitive nature of the data involved will inevitably attract unwanted attention from adversarial actors seeking to compromise user privacy. Although privacy-preserving technologies such as federated learning (FL) and differential privacy (DP) offer strong theoretical guarantees, it is not clear how such technologies actually perform under real-world conditions. Objective: Using data from the University of Michigan Intern Health Study (IHS), we assessed the privacy protection capabilities of FL and DP against the trade-offs in the associated model’s accuracy and training time. Using a simulated external attack on a target mHealth system, we aimed to measure the effectiveness of such an attack under various levels of privacy protection on the target system and measure the costs to the target system’s performance associated with the chosen levels of privacy protection. Methods: A neural network classifier that attempts to predict IHS participant daily mood ecological momentary assessment score from sensor data served as our target system. An external attacker attempted to identify participants whose average mood ecological momentary assessment score is lower than the global average. The attack followed techniques in the literature, given the relevant assumptions about the abilities of the attacker. For measuring attack effectiveness, we collected attack success metrics (area under the curve [AUC], positive predictive value, and sensitivity), and for measuring privacy costs, we calculated the target model training time and measured the model utility metrics. Both sets of metrics are reported under varying degrees of privacy protection on the target. Results: We found that FL alone does not provide adequate protection against the privacy attack proposed above, where the attacker’s AUC in determining which participants exhibit lower than average mood is over 0.90 in the worst-case scenario. However, under the highest level of DP tested in this study, the attacker’s AUC fell to approximately 0.59 with only a 10% point decrease in the target’s R2 and a 43% increase in model training time. Attack positive predictive value and sensitivity followed similar trends. Finally, we showed that participants in the IHS most likely to require strong privacy protection are also most at risk from this particular privacy attack and subsequently stand to benefit the most from these privacy-preserving technologies. Conclusions: Our results demonstrated both the necessity of proactive privacy protection research and the feasibility of the current FL and DP methods implemented in a real mHealth scenario. Our simulation methods characterized the privacy-utility trade-off in our mHealth setup using highly interpretable metrics, providing a framework for future research into privacy-preserving technologies in data-driven health and medical applications. %M 37079370 %R 10.2196/43664 %U https://www.jmir.org/2023/1/e43664 %U https://doi.org/10.2196/43664 %U http://www.ncbi.nlm.nih.gov/pubmed/37079370 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 11 %N %P e39055 %T Critical Criteria and Countermeasures for Mobile Health Developers to Ensure Mobile Health Privacy and Security: Mixed Methods Study %A Rezaee,Rita %A Khashayar,Mahboobeh %A Saeedinezhad,Saeed %A Nasiri,Mahdi %A Zare,Sahar %+ Health Information Management Research Center (HIMRC), Kashan University of Medical Sciences, 5th of Qotb -e Ravandi Blvd Kashan, Kashan, 87159-73449, Iran, 98 31 55548883, zare.sahar89@gmail.com %K telemedicine %K mobile apps %K privacy %K computer security, confidentiality %K mHealth %K mobile health %D 2023 %7 2.3.2023 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Despite the importance of the privacy and confidentiality of patients’ information, mobile health (mHealth) apps can raise the risk of violating users’ privacy and confidentiality. Research has shown that many apps provide an insecure infrastructure and that security is not a priority for developers. Objective: This study aims to develop and validate a comprehensive tool to be considered by developers for assessing the security and privacy of mHealth apps. Methods: A literature search was performed to identify papers on app development, and those papers reporting criteria for the security and privacy of mHealth were assessed. The criteria were extracted using content analysis and presented to experts. An expert panel was held for determining the categories and subcategories of the criteria according to meaning, repetition, and overlap; impact scores were also measured. Quantitative and qualitative methods were used for validating the criteria. The validity and reliability of the instrument were calculated to present an assessment instrument. Results: The search strategy identified 8190 papers, of which 33 (0.4%) were deemed eligible. A total of 218 criteria were extracted based on the literature search; of these, 119 (54.6%) criteria were removed as duplicates and 10 (4.6%) were deemed irrelevant to the security or privacy of mHealth apps. The remaining 89 (40.8%) criteria were presented to the expert panel. After calculating impact scores, the content validity ratio (CVR), and the content validity index (CVI), 63 (70.8%) criteria were confirmed. The mean CVR and CVI of the instrument were 0.72 and 0.86, respectively. The criteria were grouped into 8 categories: authentication and authorization, access management, security, data storage, integrity, encryption and decryption, privacy, and privacy policy content. Conclusions: The proposed comprehensive criteria can be used as a guide for app designers, developers, and even researchers. The criteria and the countermeasures presented in this study can be considered to improve the privacy and security of mHealth apps before releasing the apps into the market. Regulators are recommended to consider an established standard using such criteria for the accreditation process, since the available self-certification of developers is not reliable enough. %M 36862494 %R 10.2196/39055 %U https://mhealth.jmir.org/2023/1/e39055 %U https://doi.org/10.2196/39055 %U http://www.ncbi.nlm.nih.gov/pubmed/36862494 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 24 %N 10 %P e37978 %T Secure Collaborative Platform for Health Care Research in an Open Environment: Perspective on Accountability in Access Control %A Kang,Giluk %A Kim,Young-Gab %+ Department of Computer and Information Security, and Convergence Engineering for Intelligent Drone, Sejong University, 209, Neungdong-ro, Gwangjin-gu, Seoul, 05006, Republic of Korea, 82 0269352424, alwaysgabi@sejong.ac.kr %K blockchain %K attribute-based encryption %K eHealth data %K security %K privacy %K cloud computing %K research platform for health care %K accountability %K Internet of Things %K interoperability %K mobile phone %D 2022 %7 14.10.2022 %9 Original Paper %J J Med Internet Res %G English %X Background: With the recent use of IT in health care, a variety of eHealth data are increasingly being collected and stored by national health agencies. As these eHealth data can advance the modern health care system and make it smarter, many researchers want to use these data in their studies. However, using eHealth data brings about privacy and security concerns. The analytical environment that supports health care research must also consider many requirements. For these reasons, countries generally provide research platforms for health care, but some data providers (eg, patients) are still concerned about the security and privacy of their eHealth data. Thus, a more secure platform for health care research that guarantees the utility of eHealth data while focusing on its security and privacy is needed. Objective: This study aims to implement a research platform for health care called the health care big data platform (HBDP), which is more secure than previous health care research platforms. The HBDP uses attribute-based encryption to achieve fine-grained access control and encryption of stored eHealth data in an open environment. Moreover, in the HBDP, platform administrators can perform the appropriate follow-up (eg, block illegal users) and monitoring through a private blockchain. In other words, the HBDP supports accountability in access control. Methods: We first identified potential security threats in the health care domain. We then defined the security requirements to minimize the identified threats. In particular, the requirements were defined based on the security solutions used in existing health care research platforms. We then proposed the HBDP, which meets defined security requirements (ie, access control, encryption of stored eHealth data, and accountability). Finally, we implemented the HBDP to prove its feasibility. Results: This study carried out case studies for illegal user detection via the implemented HBDP based on specific scenarios related to the threats. As a result, the platform detected illegal users appropriately via the security agent. Furthermore, in the empirical evaluation of massive data encryption (eg, 100,000 rows with 3 sensitive columns within 46 columns) for column-level encryption, full encryption after column-level encryption, and full decryption including column-level decryption, our approach achieved approximately 3 minutes, 1 minute, and 9 minutes, respectively. In the blockchain, average latencies and throughputs in 1Org with 2Peers reached approximately 18 seconds and 49 transactions per second (TPS) in read mode and approximately 4 seconds and 120 TPS in write mode in 300 TPS. Conclusions: The HBDP enables fine-grained access control and secure storage of eHealth data via attribute-based encryption cryptography. It also provides nonrepudiation and accountability through the blockchain. Therefore, we consider that our proposal provides a sufficiently secure environment for the use of eHealth data in health care research. %M 36240003 %R 10.2196/37978 %U https://www.jmir.org/2022/10/e37978 %U https://doi.org/10.2196/37978 %U http://www.ncbi.nlm.nih.gov/pubmed/36240003 %0 Journal Article %@ 2369-2960 %I JMIR Publications %V 8 %N 9 %P e34472 %T Privacy of Study Participants in Open-access Health and Demographic Surveillance System Data: Requirements Analysis for Data Anonymization %A Templ,Matthias %A Kanjala,Chifundo %A Siems,Inken %+ Institute of Data Analysis and Process Design, Zurich University of Applied Sciences, Rosenstrasse 3, Winterthur, 8404, Switzerland, 41 793221578, matthias.templ@zhaw.ch %K longitudinal data and event history data %K low- and middle-income countries %K LMIC %K anonymization %K health and demographic surveillance system %D 2022 %7 2.9.2022 %9 Original Paper %J JMIR Public Health Surveill %G English %X Background: Data anonymization and sharing have become popular topics for individuals, organizations, and countries worldwide. Open-access sharing of anonymized data containing sensitive information about individuals makes the most sense whenever the utility of the data can be preserved and the risk of disclosure can be kept below acceptable levels. In this case, researchers can use the data without access restrictions and limitations. Objective: This study aimed to highlight the requirements and possible solutions for sharing health surveillance event history data. The challenges lie in the anonymization of multiple event dates and time-varying variables. Methods: A sequential approach that adds noise to event dates is proposed. This approach maintains the event order and preserves the average time between events. In addition, a nosy neighbor distance-based matching approach to estimate the risk is proposed. Regarding the key variables that change over time, such as educational level or occupation, we make 2 proposals: one based on limiting the intermediate statuses of the individual and the other to achieve k-anonymity in subsets of the data. The proposed approaches were applied to the Karonga health and demographic surveillance system (HDSS) core residency data set, which contains longitudinal data from 1995 to the end of 2016 and includes 280,381 events with time-varying socioeconomic variables and demographic information. Results: An anonymized version of the event history data, including longitudinal information on individuals over time, with high data utility, was created. Conclusions: The proposed anonymization of event history data comprising static and time-varying variables applied to HDSS data led to acceptable disclosure risk, preserved utility, and being sharable as public use data. It was found that high utility was achieved, even with the highest level of noise added to the core event dates. The details are important to ensure consistency or credibility. Importantly, the sequential noise addition approach presented in this study does not only maintain the event order recorded in the original data but also maintains the time between events. We proposed an approach that preserves the data utility well but limits the number of response categories for the time-varying variables. Furthermore, using distance-based neighborhood matching, we simulated an attack under a nosy neighbor situation and by using a worst-case scenario where attackers have full information on the original data. We showed that the disclosure risk is very low, even when assuming that the attacker’s database and information are optimal. The HDSS and medical science research communities in low- and middle-income country settings will be the primary beneficiaries of the results and methods presented in this paper; however, the results will be useful for anyone working on anonymizing longitudinal event history data with time-varying variables for the purposes of sharing. %M 36053573 %R 10.2196/34472 %U https://publichealth.jmir.org/2022/9/e34472 %U https://doi.org/10.2196/34472 %U http://www.ncbi.nlm.nih.gov/pubmed/36053573 %0 Journal Article %@ 2561-1011 %I JMIR Publications %V 6 %N 2 %P e34959 %T Attitudes of Patients With Chronic Heart Failure Toward Digital Device Data for Self-documentation and Research in Germany: Cross-sectional Survey Study %A Buhr,Lorina %A Kaufmann,Pauline Lucie Martiana %A Jörß,Katharina %+ Department of Medical Ethics and History of Medicine, University Medical Center Göttingen, University of Göttingen, Humboldtallee 36, Göttingen, 37037, Germany, 49 551 3969 006, lorina.buhr@med.uni-goettingen.de %K mobile health %K mHealth %K digital devices %K wearables %K heart failure %K data sharing %K consent %K mobile phone %D 2022 %7 3.8.2022 %9 Original Paper %J JMIR Cardio %G English %X Background: In recent years, the use of digital mobile measurement devices (DMMDs) for self-documentation in cardiovascular care in Western industrialized health care systems has increased. For patients with chronic heart failure (cHF), digital self-documentation plays an increasingly important role in self-management. Data from DMMDs can also be integrated into telemonitoring programs or data-intensive medical research to collect and evaluate patient-reported outcome measures through data sharing. However, the implementation of data-intensive devices and data sharing poses several challenges for doctors and patients as well as for the ethical governance of data-driven medical research. Objective: This study aims to explore the potential and challenges of digital device data in cardiology research from patients’ perspectives. Leading research questions of the study concerned the attitudes of patients with cHF toward health-related data collected in the use of digital devices for self-documentation as well as sharing these data and consenting to data sharing for research purposes. Methods: A cross-sectional survey of patients of a research in cardiology was conducted at a German university medical center (N=159) in 2020 (March to July). Eligible participants were German-speaking adult patients with cHF at that center. A pen-and-pencil questionnaire was sent by mail. Results: Most participants (77/105, 73.3%) approved digital documentation, as they expected the device data to help them observe their body and its functions more objectively. Digital device data were believed to provide cognitive support, both for patients’ self-assessment and doctors’ evaluation of their patients’ current health condition. Interestingly, positive attitudes toward DMMD data providing cognitive support were, in particular, voiced by older patients aged >65 years. However, approximately half of the participants (56/105, 53.3%) also reported difficulty in dealing with self-documented data that lay outside the optimal medical target range. Furthermore, our findings revealed preferences for the self-management of DMMD data disclosed for data-intensive medical research among German patients with cHF, which are best implemented with a dynamic consent model. Conclusions: Our findings provide potentially valuable insights for introducing DMMD in cardiovascular research in the German context. They have several practical implications, such as a high divergence in attitudes among patients with cHF toward different data-receiving organizations as well as a large variance in preferences for the modes of receiving information included in the consenting procedure for data sharing for research. We suggest addressing patients’ multiple views on consenting and data sharing in institutional normative governance frameworks for data-intensive medical research. %M 35921134 %R 10.2196/34959 %U https://cardio.jmir.org/2022/2/e34959 %U https://doi.org/10.2196/34959 %U http://www.ncbi.nlm.nih.gov/pubmed/35921134 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 10 %N 7 %P e35195 %T Data Management and Privacy Policy of COVID-19 Contact-Tracing Apps: Systematic Review and Content Analysis %A Bardus,Marco %A Al Daccache,Melodie %A Maalouf,Noel %A Al Sarih,Rayan %A Elhajj,Imad H %+ Institute of Applied Health Research, College of Medical and Dental Sciences, University of Birmingham, Edgbaston, Birmingham, B15 2TT, United Kingdom, 44 0121 414 3344, marco.bardus@gmail.com %K COVID-19 %K mobile applications %K contact tracing %D 2022 %7 12.7.2022 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: COVID-19 digital contact-tracing apps were created to assist public health authorities in curbing the pandemic. These apps require users’ permission to access specific functions on their mobile phones, such as geolocation, Bluetooth or Wi-Fi connections, or personal data, to work correctly. As these functions have privacy repercussions, it is essential to establish how contact-tracing apps respect users’ privacy. Objective: This study aimed to systematically map existing contact-tracing apps and evaluate the permissions required and their privacy policies. Specifically, we evaluated the type of permissions, the privacy policies’ readability, and the information included in them. Methods: We used custom Google searches and existing lists of contact-tracing apps to identify potentially eligible apps between May 2020 and November 2021. We included contact-tracing or exposure notification apps with a Google Play webpage from which we extracted app characteristics (eg, sponsor, number of installs, and ratings). We used Exodus Privacy to systematically extract the number of permissions and classify them as dangerous or normal. We computed a Permission Accumulated Risk Score representing the threat level to the user’s privacy. We assessed the privacy policies’ readability and evaluated their content using a 13-item checklist, which generated a Privacy Transparency Index. We explored the relationships between app characteristics, Permission Accumulated Risk Score, and Privacy Transparency Index using correlations, chi-square tests, or ANOVAs. Results: We identified 180 contact-tracing apps across 152 countries, states, or territories. We included 85.6% (154/180) of apps with a working Google Play page, most of which (132/154, 85.7%) had a privacy policy document. Most apps were developed by governments (116/154, 75.3%) and totaled 264.5 million installs. The average rating on Google Play was 3.5 (SD 0.7). Across the 154 apps, we identified 94 unique permissions, 18% (17/94) of which were dangerous, and 30 trackers. The average Permission Accumulated Risk Score was 22.7 (SD 17.7; range 4-74, median 16) and the average Privacy Transparency Index was 55.8 (SD 21.7; range 5-95, median 55). Overall, the privacy documents were difficult to read (median grade level 12, range 7-23); 67% (88/132) of these mentioned that the apps collected personal identifiers. The Permission Accumulated Risk Score was negatively associated with the average App Store ratings (r=−0.20; P=.03; 120/154, 77.9%) and Privacy Transparency Index (r=−0.25; P<.001; 132/154, 85.7%), suggesting that the higher the risk to one’s data, the lower the apps’ ratings and transparency index. Conclusions: Many contact-tracing apps were developed covering most of the planet but with a relatively low number of installs. Privacy-preserving apps scored high in transparency and App Store ratings, suggesting that some users appreciate these apps. Nevertheless, privacy policy documents were difficult to read for an average audience. Therefore, we recommend following privacy-preserving and transparency principles to improve contact-tracing uptake while making privacy documents more readable for a wider public. %M 35709334 %R 10.2196/35195 %U https://mhealth.jmir.org/2022/7/e35195 %U https://doi.org/10.2196/35195 %U http://www.ncbi.nlm.nih.gov/pubmed/35709334 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 10 %N 6 %P e32910 %T Conflicting Aims and Values in the Application of Smart Sensors in Geriatric Rehabilitation: Ethical Analysis %A Predel,Christopher %A Timmermann,Cristian %A Ursin,Frank %A Orzechowski,Marcin %A Ropinski,Timo %A Steger,Florian %+ Institute of the History, Philosophy and Ethics of Medicine, Ulm University, Parkstraße 11, Ulm, 89073, Germany, 49 228257273, christopher.predel@uni-ulm.de %K personal data %K wearable %K older adults %K autonomy %K rehabilitation %K smart sensor %K machine learning %K ethics %K access to health care %K justice %D 2022 %7 23.6.2022 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Smart sensors have been developed as diagnostic tools for rehabilitation to cover an increasing number of geriatric patients. They promise to enable an objective assessment of complex movement patterns. Objective: This research aimed to identify and analyze the conflicting ethical values associated with smart sensors in geriatric rehabilitation and provide ethical guidance on the best use of smart sensors to all stakeholders, including technology developers, health professionals, patients, and health authorities. Methods: On the basis of a systematic literature search of the scientific databases PubMed and ScienceDirect, we conducted a qualitative document analysis to identify evidence-based practical implications of ethical relevance. We included 33 articles in the analysis. The practical implications were extracted inductively. Finally, we carried out an ethical analysis based on the 4 principles of biomedical ethics: autonomy, beneficence, nonmaleficence, and justice. The results are reported in categories based on these 4 principles. Results: We identified 8 conflicting aims for using smart sensors. Gains in autonomy come at the cost of patient privacy. Smart sensors at home increase the independence of patients but may reduce social interactions. Independent measurements performed by patients may result in lower diagnostic accuracy. Although smart sensors could provide cost-effective and high-quality diagnostics for most patients, minorities could end up with suboptimal treatment owing to their underrepresentation in training data and studies. This could lead to algorithmic biases that would not be recognized by medical professionals when treating patients. Conclusions: The application of smart sensors has the potential to improve the rehabilitation of geriatric patients in several ways. It is important that patients do not have to choose between autonomy and privacy and are well informed about the insights that can be gained from the data. Smart sensors should support and not replace interactions with medical professionals. Patients and medical professionals should be educated about the correct application and the limitations of smart sensors. Smart sensors should include an adequate representation of minorities in their training data and should be covered by health insurance to guarantee fair access. %M 35737429 %R 10.2196/32910 %U https://mhealth.jmir.org/2022/6/e32910 %U https://doi.org/10.2196/32910 %U http://www.ncbi.nlm.nih.gov/pubmed/35737429 %0 Journal Article %@ 2292-9495 %I JMIR Publications %V 9 %N 2 %P e33951 %T Modeling Trust in COVID-19 Contact-Tracing Apps Using the Human-Computer Trust Scale: Online Survey Study %A Sousa,Sonia %A Kalju,Tiina %+ School of Digital Technologies, Tallinn University, Narva mnt, 29, Tallinn, 10120, Estonia, 372 53921116, scs@tlu.ee %K human-computer interaction %K COVID-19 %K human factors %K trustworthy AI %K contact-tracing %K app %K safety %K trust %K artificial intelligence %K Estonia %K case study %K monitoring %K surveillance %K perspective %K awareness %K design %K covid %K mobile app %K mHealth %K mobile health %D 2022 %7 13.6.2022 %9 Original Paper %J JMIR Hum Factors %G English %X Background: The COVID-19 pandemic has caused changes in technology use worldwide, both socially and economically. This pandemic crisis has brought additional measures such as contact-tracing apps (CTAs) to help fight against spread of the virus. Unfortunately, the low adoption rate of these apps affected their success. There could be many reasons for the low adoption, including concerns of security and privacy, along with reported issues of trust in CTAs. Some concerns are related with how CTAs could be used as surveillance tools or their potential threats to privacy as they involve health data. For example, in Estonia, the CTA named HOIA had approximately 250,000 downloads in the middle of January 2021. However, in 2021, only 4.7% of the population used HOIA as a COVID-19 CTA. The reasons for the low adoption include lack of competency, and privacy and security concerns. This lower adoption and the lack of trustworthiness persist despite efforts of the European Union in building ethics and trustworthy artificial intelligence (AI)-based apps. Objective: The aim of this study was to understand how to measure trust in health technologies. Specifically, we assessed the usefulness of the Human-Computer Trust Scale (HCTS) to measure Estonians’ trust in the HOIA app and the causes for this lack of trust. Methods: The main research question was: Can the HCTS be used to assess citizens’ perception of trust in health technologies? We established four hypotheses that were tested with a survey. We used a convenience sample for data collection, including sharing the questionnaire on social network sites and using the snowball method to reach all potential HOIA users in the Estonian population. Results: Among the 78 respondents, 61 had downloaded the HOIA app with data on usage patterns. However, 20 of those who downloaded the app admitted that it was never opened despite most claiming to regularly use mobile apps. The main reasons included not understanding how it works, and privacy and security concerns. Significant correlations were found between participants’ trust in CTAs in general and their perceived trust in the HOIA app regarding three attributes: competency (P<.001), risk perception (P<.001), and reciprocity (P=.01). Conclusions: This study shows that trust in the HOIA app among Estonian residents did affect their predisposition to use the app. Participants did not generally believe that HOIA could help to control the spread of the virus. The result of this work is limited to HOIA and health apps that use similar contact-tracing methods. However, the findings can contribute to gaining a broader understanding and awareness of the need for designing trustworthy technologies. Moreover, this work can help to provide design recommendations that ensure trustworthiness in CTAs, and the ability of AI to use highly sensitive data and serve society. %M 35699973 %R 10.2196/33951 %U https://humanfactors.jmir.org/2022/2/e33951 %U https://doi.org/10.2196/33951 %U http://www.ncbi.nlm.nih.gov/pubmed/35699973 %0 Journal Article %@ 2561-326X %I JMIR Publications %V 6 %N 6 %P e28025 %T Data Privacy Concerns Using mHealth Apps and Smart Speakers: Comparative Interview Study Among Mature Adults %A Schroeder,Tanja %A Haug,Maximilian %A Gewald,Heiko %+ Centre for Health Systems and Safety Research, Australian Institute of Health Innovation, Macquarie University, 75 Talavera Road, Sydney, NSW 2109, Australia, 61 2 9850 ext 6281, tanja.schroeder@hdr.mq.edu.au %K data privacy concerns %K privacy paradox %K mHealth app %K smart speaker %K mature adults %K smartphone %D 2022 %7 13.6.2022 %9 Original Paper %J JMIR Form Res %G English %X Background: New technologies such as mobile health (mHealth) apps and smart speakers make intensive use of sensitive personal data. Users are typically aware of this and express concerns about their data privacy. However, many people use these technologies although they think their data are not well protected. This raises specific concerns for sensitive health data. Objective: This study aimed to contribute to a better understanding of data privacy concerns of mature adults using new technologies and provide insights into their data privacy expectations and associated risks and the corresponding actions of users in 2 different data contexts: mHealth apps and smart speakers. Methods: This exploratory research adopted a qualitative approach, engaging with 20 mature adults (aged >45 years). In a 6-month test period, 10 (50%) participants used a smart speaker and 10 (50%) participants used an mHealth app. In interviews conducted before and after the test period, we assessed the influence of data privacy concerns on technology acceptance, use behavior, and continued use intention. Results: Our results show that although participants are generally aware of the need to protect their data privacy, they accept the risk of misuse of their private data when using the technology. Surprisingly, the most frequently stated risk was not the misuse of personal health data but the fear of receiving more personalized advertisements. Similarly, surprisingly, our results indicate that participants value recorded verbal data higher than personal health data. Conclusions: Older adults are initially concerned about risks to their data privacy associated with using data-intensive technologies, but those concerns diminish fairly quickly, culminating in resignation. We find that participants do not differentiate between risky behaviors, depending on the type of private data used by different technologies. %M 35699993 %R 10.2196/28025 %U https://formative.jmir.org/2022/6/e28025 %U https://doi.org/10.2196/28025 %U http://www.ncbi.nlm.nih.gov/pubmed/35699993 %0 Journal Article %@ 1929-073X %I JMIR Publications %V 11 %N 1 %P e35062 %T Ethical, Legal, and Sociocultural Issues in the Use of Mobile Technologies and Call Detail Records Data for Public Health in the East African Region: Scoping Review %A Sekandi,Juliet Nabbuye %A Murray,Kenya %A Berryman,Corinne %A Davis-Olwell,Paula %A Hurst,Caroline %A Kakaire,Robert %A Kiwanuka,Noah %A Whalen,Christopher C %A Mwaka,Erisa Sabakaki %+ Global Health Institute, College of Public Health, University of Georgia, Wright Hall, Room 227B, 100 Foster Rd, Athens, GA, 30602, United States, 1 706 542 5257, jsekandi@uga.edu %K mobile health %K public health %K ethics %K privacy %K call detail records %K East Africa %K Africa %K mobile apps %K mHealth %D 2022 %7 2.6.2022 %9 Review %J Interact J Med Res %G English %X Background: The exponential scale and pace of real-time data generated from mobile phones present opportunities for new insights and challenges across multiple sectors, including health care delivery and public health research. However, little attention has been given to the new ethical, social, and legal concerns related to using these mobile technologies and the data they generate in Africa. Objective: The objective of this scoping review was to explore the ethical and related concerns that arise from the use of data from call detail records and mobile technology interventions for public health in the context of East Africa. Methods: We searched the PubMed database for published studies describing ethical challenges while using mobile technologies and related data in public health research between 2000 and 2020. A predefined search strategy was used as inclusion criteria with search terms such as “East Africa,” “mHealth,” “mobile phone data,” “public health,” “ethics,” or “privacy.” We screened studies using prespecified eligibility criteria through a two-stage process by two independent reviewers. Studies were included if they were (1) related to mobile technology use and health, (2) published in English from 2000 to 2020, (3) available in full text, and (4) conducted in the East African region. We excluded articles that (1) were conference proceedings, (2) studies presenting an abstract only, (3) systematic and literature reviews, (4) research protocols, and (5) reports of mobile technology in animal subjects. We followed the five stages of a published framework for scoping reviews recommended by Arksey and O’Malley. Data extracted included title, publication year, target population, geographic region, setting, and relevance to mobile health (mHealth) and ethics. Additionally, we used the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) Extension for Scoping Reviews checklist to guide the presentation of this scoping review. The rationale for focusing on the five countries in East Africa was their geographic proximity, which lends itself to similarities in technology infrastructure development. Results: Of the 94 studies identified from PubMed, 33 met the review inclusion criteria for the final scoping review. The 33 articles retained in the final scoping review represent studies conducted in three out of five East African countries: 14 (42%) from Uganda, 13 (39%) from Kenya, and 5 (16%) from Tanzania. Three main categories of concerns related to the use of mHealth technologies and mobile phone data can be conceptualized as (1) ethical issues (adequate informed consent, privacy and confidentiality, data security and protection), (2) sociocultural issues, and (3) regulatory/legal issues. Conclusions: This scoping review identified major cross-cutting ethical, regulatory, and sociocultural concerns related to using data from mobile technologies in the East African region. A comprehensive framework that accounts for the critical concerns raised would be valuable for guiding the safe use of mobile technology data for public health research purposes. %M 35533323 %R 10.2196/35062 %U https://www.i-jmr.org/2022/1/e35062 %U https://doi.org/10.2196/35062 %U http://www.ncbi.nlm.nih.gov/pubmed/35533323 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 10 %N 5 %P e33735 %T Privacy, Data Sharing, and Data Security Policies of Women’s mHealth Apps: Scoping Review and Content Analysis %A Alfawzan,Najd %A Christen,Markus %A Spitale,Giovanni %A Biller-Andorno,Nikola %+ Institute of Biomedical Ethics and History of Medicine, University of Zurich, Winterthurerstrasse 30, Zurich, 8006, Switzerland, 41 446348370, najd.alfawzan@uzh.ch %K mHealth %K women’s health %K ethics %K privacy policy %K data sharing %K privacy %K data security %K data transparency %K femtech %K mobile apps %K mobile health %D 2022 %7 6.5.2022 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Women’s mobile health (mHealth) is a growing phenomenon in the mobile app global market. An increasing number of women worldwide use apps geared to female audiences (female technology). Given the often private and sensitive nature of the data collected by such apps, an ethical assessment from the perspective of data privacy, sharing, and security policies is warranted. Objective: The purpose of this scoping review and content analysis was to assess the privacy policies, data sharing, and security policies of women’s mHealth apps on the current international market (the App Store on the Apple operating system [iOS] and Google Play on the Android system). Methods: We reviewed the 23 most popular women’s mHealth apps on the market by focusing on publicly available apps on the App Store and Google Play. The 23 downloaded apps were assessed manually by 2 independent reviewers against a variety of user data privacy, data sharing, and security assessment criteria. Results: All 23 apps collected personal health-related data. All apps allowed behavioral tracking, and 61% (14/23) of the apps allowed location tracking. Of the 23 apps, only 16 (70%) displayed a privacy policy, 12 (52%) requested consent from users, and 1 (4%) had a pseudoconsent. In addition, 13% (3/23) of the apps collected data before obtaining consent. Most apps (20/23, 87%) shared user data with third parties, and data sharing information could not be obtained for the 13% (3/23) remaining apps. Of the 23 apps, only 13 (57%) provided users with information on data security. Conclusions: Many of the most popular women’s mHealth apps on the market have poor data privacy, sharing, and security standards. Although regulations exist, such as the European Union General Data Protection Regulation, current practices do not follow them. The failure of the assessed women’s mHealth apps to meet basic data privacy, sharing, and security standards is not ethically or legally acceptable. %M 35522465 %R 10.2196/33735 %U https://mhealth.jmir.org/2022/5/e33735 %U https://doi.org/10.2196/33735 %U http://www.ncbi.nlm.nih.gov/pubmed/35522465 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 10 %N 4 %P e25116 %T Developing a Smart Home Technology Innovation for People With Physical and Mental Health Problems: Considerations and Recommendations %A Forchuk,Cheryl %A Serrato,Jonathan %A Lizotte,Daniel %A Mann,Rupinder %A Taylor,Gavin %A Husni,Sara %+ Mental Health Nursing Research Alliance, Parkwood Institute, Lawson Health Research Institute, 550 Wellington Road S, London, ON, N6C 0A7, Canada, 1 519 685 8500 ext 75802, jonathan.serrato@lhsc.on.ca %K smart home %K smart technology %K mental health %K physical health, eHealth %K comorbidity %K innovation %K communication %K connection %K uHealth %K ubiquitous health %K digital health %D 2022 %7 29.4.2022 %9 Viewpoint %J JMIR Mhealth Uhealth %G English %X Smart home technologies present an unprecedented opportunity to improve health and health care by providing greater communication and connectivity with services and care providers and by supporting the daily activities of people managing both mental and physical health problems. Based on our experience from conducting smart technology health studies, including a smart home intervention, we provide guidance on developing and implementing such interventions. First, we describe the need for an overarching principle of security and privacy that must be attended to in all aspects of such a project. We then describe 4 key steps in developing a successful smart home innovation for people with mental and physical health conditions. These include (1) setting up the digital infrastructure, (2) ensuring the components of the system communicate, (3) ensuring that the system is designed for the intended population, and (4) engaging stakeholders. Recommendations on how to approach each of these steps are provided along with suggested literature that addresses additional considerations, guidelines, and equipment selection in more depth. %M 35486422 %R 10.2196/25116 %U https://mhealth.jmir.org/2022/4/e25116 %U https://doi.org/10.2196/25116 %U http://www.ncbi.nlm.nih.gov/pubmed/35486422 %0 Journal Article %@ 2563-6316 %I JMIR Publications %V 3 %N 2 %P e33502 %T Toward Human Digital Twins for Cybersecurity Simulations on the Metaverse: Ontological and Network Science Approach %A Nguyen,Tam N %+ Department of Management Information Systems, University of Arizona, 1130 E Helen St, PO Box 210108, Tucson, AZ, 85721-0108, United States, 1 970 404 1232, tamn@email.arizona.edu %K human behavior modeling %K cognitive twins %K human digital twins %K cybersecurity %K cognitive systems %K digital twins %K Metaverse %K artificial intelligence %D 2022 %7 20.4.2022 %9 Original Paper %J JMIRx Med %G English %X Background: Cyber defense is reactive and slow. On average, the time-to-remedy is hundreds of times larger than the time-to-compromise. In response, Human Digital Twins (HDTs) offer the capability of running massive simulations across multiple domains on the Metaverse. Simulated results may predict adversaries' behaviors and tactics, leading to more proactive cyber defense strategies. However, current HDTs’ cognitive architectures are underdeveloped for such use. Objective: This paper aims to make a case for extending the current digital cognitive architectures as the first step toward more robust HDTs that are suitable for realistic Metaverse cybersecurity simulations. Methods: This study formally documented 108 psychology constructs and thousands of related paths based on 20 time-tested psychology theories, all of which were packaged as Cybonto—a novel ontology. Then, this study applied 20 network science centrality algorithms in ranking the Cybonto psychology constructs by their influences. Results: Out of 108 psychology constructs, the top 10 are Behavior, Arousal, Goals, Perception, Self-efficacy, Circumstances, Evaluating, Behavior-Controllability, Knowledge, and Intentional Modality. In this list, only Behaviors, Goals, Perception, Evaluating, and Knowledge are parts of existing digital cognitive architectures. Notably, some of the constructs are not explicitly implemented. Early usability tests demonstrate that Cybonto can also be useful for immediate uses such as manual analysis of hackers’ behaviors and automatic analysis of behavioral cybersecurity knowledge texts. Conclusions: The results call for specific extensions of current digital cognitive architectures such as explicitly implementing more refined structures of Long-term Memory and Perception, placing a stronger focus on noncognitive yet influential constructs such as Arousal, and creating new capabilities for simulating, reasoning about, and selecting circumstances. %M 27666280 %R 10.2196/33502 %U https://med.jmirx.org/2022/2/e33502 %U https://doi.org/10.2196/33502 %U http://www.ncbi.nlm.nih.gov/pubmed/27666280 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 24 %N 3 %P e29108 %T Privacy Preservation in Patient Information Exchange Systems Based on Blockchain: System Design Study %A ­Lee,Sejong %A Kim,Jaehyeon %A Kwon,Yongseok %A Kim,Teasung %A Cho,Sunghyun %+ Department of Computer Science and Engineering, Hanyang University, 55, Hanyangdaehak-ro, Sangnok-gu, Ansan-si, Gyeonggi-do, Ansan, KS009, Republic of Korea, 82 31 400 5670, chopro@hanyang.ac.kr %K electronic medical records %K consortium blockchain %K data security %K medical data management %K privacy preservation %K smart contract %K proxy re-encryption %K patient-centered medical system %K InterPlanetary File System %D 2022 %7 22.3.2022 %9 Original Paper %J J Med Internet Res %G English %X Background: With the increasing sophistication of the medical industry, various advanced medical services such as medical artificial intelligence, telemedicine, and personalized health care services have emerged. The demand for medical data is also rapidly increasing today because advanced medical services use medical data such as user data and electronic medical records (EMRs) to provide services. As a result, health care institutions and medical practitioners are researching various mechanisms and tools to feed medical data into their systems seamlessly. However, medical data contain sensitive personal information of patients. Therefore, ensuring security while meeting the demand for medical data is a very important problem in the information age for which a solution is required. Objective: Our goal is to design a blockchain-based decentralized patient information exchange (PIE) system that can safely and efficiently share EMRs. The proposed system preserves patients’ privacy in the EMRs through a medical information exchange process that includes data encryption and access control. Methods: We propose a blockchain-based EMR-sharing system that allows patients to manage their EMRs scattered across multiple hospitals and share them with other users. Our PIE system protects the patient’s EMR from security threats such as counterfeiting and privacy attacks during data sharing. In addition, it provides scalability by using distributed data-sharing methods to quickly share an EMR, regardless of its size or type. We implemented simulation models using Hyperledger Fabric, an open source blockchain framework. Results: We performed a simulation of the EMR-sharing process and compared it with previous works on blockchain-based medical systems to check the proposed system’s performance. During the simulation, we found that it takes an average of 0.01014 (SD 0.0028) seconds to download 1 MB of EMR in our proposed PIE system. Moreover, it has been confirmed that data can be freely shared with other users regardless of the size or format of the data to be transmitted through the distributed data-sharing technique using the InterPlanetary File System. We conducted a security analysis to check whether the proposed security mechanism can effectively protect users of the EMR-sharing system from security threats such as data forgery or unauthorized access, and we found that the distributed ledger structure and re-encryption–based data encryption method can effectively protect users’ EMRs from forgery and privacy leak threats and provide data integrity. Conclusions: Blockchain is a distributed ledger technology that provides data integrity to enable patient-centered health information exchange and access control. PIE systems integrate and manage fragmented patient EMRs through blockchain and protect users from security threats during the data exchange process among users. To increase safety and efficiency in the EMR-sharing process, we used access control using security levels, data encryption based on re-encryption, and a distributed data-sharing scheme. %M 35315778 %R 10.2196/29108 %U https://www.jmir.org/2022/3/e29108 %U https://doi.org/10.2196/29108 %U http://www.ncbi.nlm.nih.gov/pubmed/35315778 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 24 %N 3 %P e30619 %T The Disclosure of Personally Identifiable Information in Studies of Neighborhood Contexts and Patient Outcomes %A Rundle,Andrew Graham %A Bader,Michael David Miller %A Mooney,Stephen John %+ Department of Epidemiology, Mailman School of Public Health, Columbia University, 722 west 168th street, New York, NY, 10032, United States, 1 2123057619, agr3@cumc.columbia.edu %K geocode %K patient privacy %K ethical conduct of research %K disclosure %K privacy %K security %K identification %K health information %K strategy %K outcome %K neighborhood %D 2022 %7 17.3.2022 %9 Viewpoint %J J Med Internet Res %G English %X Clinical epidemiology and patient-oriented health care research that incorporates neighborhood-level data is becoming increasingly common. A key step in conducting this research is converting patient address data to longitude and latitude data, a process known as geocoding. Several commonly used approaches to geocoding (eg, ggmap or the tidygeocoder R package) send patient addresses over the internet to web-based third-party geocoding services. Here, we describe how these approaches to geocoding disclose patients’ personally identifiable information (PII) and how the subsequent publication of the research findings discloses the same patients’ protected health information (PHI). We explain how these disclosures can occur and recommend strategies to maintain patient privacy when studying neighborhood effects on patient outcomes. %M 35103610 %R 10.2196/30619 %U https://www.jmir.org/2022/3/e30619 %U https://doi.org/10.2196/30619 %U http://www.ncbi.nlm.nih.gov/pubmed/35103610 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 24 %N 2 %P e31146 %T An Ethics Checklist for Digital Health Research in Psychiatry: Viewpoint %A Shen,Francis X %A Silverman,Benjamin C %A Monette,Patrick %A Kimble,Sara %A Rauch,Scott L %A Baker,Justin T %+ Harvard Medical School, 641 Huntington Ave, Boston, MA, 02115, United States, 1 617 462 3845, fshen1@mgh.harvard.edu %K digital phenotyping %K computataional psychiatry %K ethics %K law %K privacy %K informed consent %D 2022 %7 9.2.2022 %9 Viewpoint %J J Med Internet Res %G English %X Background: Psychiatry has long needed a better and more scalable way to capture the dynamics of behavior and its disturbances, quantitatively across multiple data channels, at high temporal resolution in real time. By combining 24/7 data—on location, movement, email and text communications, and social media—with brain scans, genetics, genomics, neuropsychological batteries, and clinical interviews, researchers will have an unprecedented amount of objective, individual-level data. Analyzing these data with ever-evolving artificial intelligence could one day include bringing interventions to patients where they are in the real world in a convenient, efficient, effective, and timely way. Yet, the road to this innovative future is fraught with ethical dilemmas as well as ethical, legal, and social implications (ELSI). Objective: The goal of the Ethics Checklist is to promote careful design and execution of research. It is not meant to mandate particular research designs; indeed, at this early stage and without consensus guidance, there are a range of reasonable choices researchers may make. However, the checklist is meant to make those ethical choices explicit, and to require researchers to give reasons for their decisions related to ELSI issues. The Ethics Checklist is primarily focused on procedural safeguards, such as consulting with experts outside the research group and documenting standard operating procedures for clearly actionable data (eg, expressed suicidality) within written research protocols. Methods: We explored the ELSI of digital health research in psychiatry, with a particular focus on what we label “deep phenotyping” psychiatric research, which combines the potential for virtually boundless data collection and increasingly sophisticated techniques to analyze those data. We convened an interdisciplinary expert stakeholder workshop in May 2020, and this checklist emerges out of that dialogue. Results: Consistent with recent ELSI analyses, we find that existing ethical guidance and legal regulations are not sufficient for deep phenotyping research in psychiatry. At present, there are regulatory gaps, inconsistencies across research teams in ethics protocols, and a lack of consensus among institutional review boards on when and how deep phenotyping research should proceed. We thus developed a new instrument, an Ethics Checklist for Digital Health Research in Psychiatry (“the Ethics Checklist”). The Ethics Checklist is composed of 20 key questions, subdivided into 6 interrelated domains: (1) informed consent; (2) equity, diversity, and access; (3) privacy and partnerships; (4) regulation and law; (5) return of results; and (6) duty to warn and duty to report. Conclusions: Deep phenotyping research offers a vision for vastly more effective care for people with, or at risk for, psychiatric disease. The potential perils en route to realizing this vision are significant; however, and researchers must be willing to address the questions in the Ethics Checklist before embarking on each leg of the journey. %M 35138261 %R 10.2196/31146 %U https://www.jmir.org/2022/2/e31146 %U https://doi.org/10.2196/31146 %U http://www.ncbi.nlm.nih.gov/pubmed/35138261 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 10 %N 1 %P e30361 %T Pulse Oximeter App Privacy Policies During COVID-19: Scoping Assessment %A Hendricks-Sturrup,Rachele %+ Future of Privacy Forum, 1400 I St NW, Suite 450, Washington, DC, 20005, United States, 1 202 768 8950, rachele.hendricks.sturrup@duke.edu %K COVID-19 %K pulse oximeters %K mobile apps %K mHealth %K privacy %D 2022 %7 27.1.2022 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Pulse oximeter apps became of interest to consumers during the COVID-19 pandemic, particularly when traditional over-the-counter pulse oximeter devices were in short supply. Yet, no study to date has examined or scoped the state of privacy policies and notices for the top-rated and most downloaded pulse oximeter apps during COVID-19. Objective: The aim of this study was to examine, through a high-level qualitative assessment, the state and nature of privacy policies for the downloaded and top-rated pulse oximeter apps during the COVID-19 pandemic to (1) compare findings against comparable research involving other mobile health (mHealth) apps and (2) begin discussions on opportunities for future research or investigation. Methods: During August-October 2020, privacy policies were reviewed for pulse oximeter apps that had either at least 500 downloads (Google Play Store apps only) or a three out of five-star rating (Apple Store apps only). In addition to determining if the apps had an accessible privacy policy, other key privacy policy–related details that were extracted included, but were not limited to, app developer location (country); whether the app was free or required paid use/subscription; whether an ads disclosure was provided on the app’s site; the scope of personal data collected; proportionality, fundamental rights, and data protection and privacy issues; and privacy safeguards. Results: Six pulse oximeter apps met the inclusion criteria and only 33% (n=2) of the six apps had an accessible privacy policy that was specific to the pulse oximeter app feature (vs the app developer’s website or at all). Variation was found in both the regulatory nature and data privacy protections offered by pulse oximeter apps, with notable privacy protection limitations and gaps, although each app provided at least some information about the scope of personal data collected upon installing the app. Conclusions: Pulse oximeter app developers should invest in offering stronger privacy protections for their app users, and should provide more accessible and transparent privacy policies. This is a necessary first step to ensure that the data privacy of mHealth consumers is not exploited during public health emergency situations such as the COVID-19 pandemic, where over-the-counter personal health monitoring devices could be in short supply and patients and consumers may, as a result, turn to mHealth apps to fill such supply gaps. Future research considerations and recommendations are also suggested for mHealth technology and privacy researchers who are interested in examining privacy implications associated with the use of pulse oximeter apps during and after the COVID-19 pandemic. %M 35084348 %R 10.2196/30361 %U https://mhealth.jmir.org/2022/1/e30361 %U https://doi.org/10.2196/30361 %U http://www.ncbi.nlm.nih.gov/pubmed/35084348 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 10 %N 1 %P e32104 %T User Control of Personal mHealth Data Using a Mobile Blockchain App: Design Science Perspective %A Sengupta,Arijit %A Subramanian,Hemang %+ Department of Information Systems and Business Analytics, College of Business, Florida International University, 11200 Southwest 8th Street, Miami, FL, 33199, United States, 1 3053481427, arijit.sengupta@fiu.edu %K blockchain %K mobile apps %K mining %K HIPAA %K personal health data %K data privacy preservation %K security %K accuracy %K transaction safety %D 2022 %7 20.1.2022 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Integrating pervasive computing with blockchain’s ability to store privacy-protected mobile health (mHealth) data while providing Health Insurance Portability and Accountability Act (HIPAA) compliance is a challenge. Patients use a multitude of devices, apps, and services to collect and store mHealth data. We present the design of an internet of things (IoT)–based configurable blockchain with different mHealth apps on iOS and Android, which collect the same user’s data. We discuss the advantages of using such a blockchain architecture and demonstrate 2 things: the ease with which users can retain full control of their pervasive mHealth data and the ease with which HIPAA compliance can be accomplished by providers who choose to access user data. Objective: The purpose of this paper is to design, evaluate, and test IoT-based mHealth data using wearable devices and an efficient, configurable blockchain, which has been designed and implemented from the first principles to store such data. The purpose of this paper is also to demonstrate the privacy-preserving and HIPAA-compliant nature of pervasive computing-based personalized health care systems that provide users with total control of their own data. Methods: This paper followed the methodical design science approach adapted in information systems, wherein we evaluated prior designs, proposed enhancements with a blockchain design pattern published by the same authors, and used the design to support IoT transactions. We prototyped both the blockchain and IoT-based mHealth apps in different devices and tested all use cases that formed the design goals for such a system. Specifically, we validated the design goals for our system using the HIPAA checklist for businesses and proved the compliance of our architecture for mHealth data on pervasive computing devices. Results: Blockchain-based personalized health care systems provide several advantages over traditional systems. They provide and support extreme privacy protection, provide the ability to share personalized data and delete data upon request, and support the ability to analyze such data. Conclusions: We conclude that blockchains, specifically the consensus, hasher, storer, miner architecture presented in this paper, with configurable modules and software as a service model, provide many advantages for patients using pervasive devices that store mHealth data on the blockchain. Among them is the ability to store, retrieve, and modify ones generated health care data with a single private key across devices. These data are transparent, stored perennially, and provide patients with privacy and pseudoanonymity, in addition to very strong encryption for data access. Firms and device manufacturers would benefit from such an approach wherein they relinquish user data control while giving users the ability to select and offer their own mHealth data on data marketplaces. We show that such an architecture complies with the stringent requirements of HIPAA for patient data access. %M 35049504 %R 10.2196/32104 %U https://mhealth.jmir.org/2022/1/e32104 %U https://doi.org/10.2196/32104 %U http://www.ncbi.nlm.nih.gov/pubmed/35049504 %0 Journal Article %@ 2369-2960 %I JMIR Publications %V 8 %N 1 %P e22113 %T Reasons for Nonuse, Discontinuation of Use, and Acceptance of Additional Functionalities of a COVID-19 Contact Tracing App: Cross-sectional Survey Study %A Walrave,Michel %A Waeterloos,Cato %A Ponnet,Koen %+ MIOS Research Group and GOVTRUST Centre of Excellence, Department of Communication Studies, Faculty of Social Sciences, University of Antwerp, Sint-Jacobstraat 2, Antwerp, 2000, Belgium, 32 475459785, michel.walrave@uantwerp.be %K COVID-19 %K SARS-CoV-2 %K coronavirus %K contact tracing %K proximity tracing %K mHealth %K mobile app %K user acceptability %K surveillance %K privacy %D 2022 %7 14.1.2022 %9 Original Paper %J JMIR Public Health Surveill %G English %X Background: In several countries, contact tracing apps (CTAs) have been introduced to warn users if they have had high-risk contacts that could expose them to SARS-CoV-2 and could, therefore, develop COVID-19 or further transmit the virus. For CTAs to be effective, a sufficient critical mass of users is needed. Until now, adoption of these apps in several countries has been limited, resulting in questions on which factors prevent app uptake or stimulate discontinuation of app use. Objective: The aim of this study was to investigate individuals’ reasons for not using, or stopping use of, a CTA, in particular, the Coronalert app. Users’ and nonusers’ attitudes toward the app’s potential impact was assessed in Belgium. To further stimulate interest and potential use of a CTA, the study also investigated the population’s interest in new functionalities. Methods: An online survey was administered in Belgium to a sample of 1850 respondents aged 18 to 64 years. Data were collected between October 30 and November 2, 2020. Sociodemographic differences were assessed between users and nonusers. We analyzed both groups’ attitudes toward the potential impact of CTAs and their acceptance of new app functionalities. Results: Our data showed that 64.9% (1201/1850) of our respondents were nonusers of the CTA under study; this included individuals who did not install the app, those who downloaded but did not activate the app, and those who uninstalled the app. While we did not find any sociodemographic differences between users and nonusers, attitudes toward the app and its functionalities seemed to differ. The main reasons for not downloading and using the app were a perceived lack of advantages (308/991, 31.1%), worries about privacy (290/991, 29.3%), and, to a lesser extent, not having a smartphone (183/991, 18.5%). Users of the CTA agreed more with the potential of such apps to mitigate the consequences of the pandemic. Overall, nonusers found the possibility of extending the CTA with future functionalities to be less acceptable than users. However, among users, acceptability also tended to differ. Among users, functionalities relating to access and control, such as digital certificates or “green cards” for events, were less accepted (358/649, 55.2%) than functionalities focusing on informing citizens about the spread of the virus (453/649, 69.8%) or making an appointment to get tested (525/649, 80.9%). Conclusions: Our results show that app users were more convinced of the CTA’s utility and more inclined to accept new app features than nonusers. Moreover, nonusers had more CTA-related privacy concerns. Therefore, to further stimulate app adoption and use, its potential advantages and privacy-preserving mechanisms need to be stressed. Building further knowledge on the forms of resistance among nonusers is important for responding to these barriers through the app’s further development and communication campaigns. %M 34794117 %R 10.2196/22113 %U https://publichealth.jmir.org/2022/1/e22113 %U https://doi.org/10.2196/22113 %U http://www.ncbi.nlm.nih.gov/pubmed/34794117 %0 Journal Article %@ 2368-7959 %I JMIR Publications %V 8 %N 12 %P e31633 %T Breaking the Data Value-Privacy Paradox in Mobile Mental Health Systems Through User-Centered Privacy Protection: A Web-Based Survey Study %A Zhang,Dongsong %A Lim,Jaewan %A Zhou,Lina %A Dahl,Alicia A %+ The University of North Carolina at Charlotte, 9201 University City Blvd, Charlotte, NC, 28223-0001, United States, 1 7046871893, dzhang15@uncc.edu %K mobile apps %K mental health %K privacy concerns %K privacy protection %K mobile phone %D 2021 %7 24.12.2021 %9 Original Paper %J JMIR Ment Health %G English %X Background: Mobile mental health systems (MMHS) have been increasingly developed and deployed in support of monitoring, management, and intervention with regard to patients with mental disorders. However, many of these systems rely on patient data collected by smartphones or other wearable devices to infer patients’ mental status, which raises privacy concerns. Such a value-privacy paradox poses significant challenges to patients’ adoption and use of MMHS; yet, there has been limited understanding of it. Objective: To address the significant literature gap, this research aims to investigate both the antecedents of patients’ privacy concerns and the effects of privacy concerns on their continuous usage intention with regard to MMHS. Methods: Using a web-based survey, this research collected data from 170 participants with MMHS experience recruited from online mental health communities and a university community. The data analyses used both repeated analysis of variance and partial least squares regression. Results: The results showed that data type (P=.003), data stage (P<.001), privacy victimization experience (P=.01), and privacy awareness (P=.08) have positive effects on privacy concerns. Specifically, users report higher privacy concerns for social interaction data (P=.007) and self-reported data (P=.001) than for biometrics data; privacy concerns are higher for data transmission (P=.01) and data sharing (P<.001) than for data collection. Our results also reveal that privacy concerns have an effect on attitude toward privacy protection (P=.001), which in turn affects continuous usage intention with regard to MMHS. Conclusions: This study contributes to the literature by deepening our understanding of the data value-privacy paradox in MMHS research. The findings offer practical guidelines for breaking the paradox through the design of user-centered and privacy-preserving MMHS. %M 34951604 %R 10.2196/31633 %U https://mental.jmir.org/2021/12/e31633 %U https://doi.org/10.2196/31633 %U http://www.ncbi.nlm.nih.gov/pubmed/34951604 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 23 %N 12 %P e25414 %T Lessons Learned: Beta-Testing the Digital Health Checklist for Researchers Prompts a Call to Action by Behavioral Scientists %A Bartlett Ellis,Rebecca %A Wright,Julie %A Miller,Lisa Soederberg %A Jake-Schoffman,Danielle %A Hekler,Eric B %A Goldstein,Carly M %A Arigo,Danielle %A Nebeker,Camille %+ Herbert Wertheim School of Public Health and Longevity Science, University of California San Diego, 9500 Gilman Drive, La Jolla, CA, 92093-0811, United States, 1 858 534 7786, nebeker@eng.ucsd.edu %K digital health %K mHealth %K research ethics %K institutional review board %K IRB %K behavioral medicine %K wearable sensors %K social media %K bioethics %K data management %K usability %K privacy %K access %K risks and benefits %K mobile phone %D 2021 %7 22.12.2021 %9 Viewpoint %J J Med Internet Res %G English %X Digital technologies offer unique opportunities for health research. For example, Twitter posts can support public health surveillance to identify outbreaks (eg, influenza and COVID-19), and a wearable fitness tracker can provide real-time data collection to assess the effectiveness of a behavior change intervention. With these opportunities, it is necessary to consider the potential risks and benefits to research participants when using digital tools or strategies. Researchers need to be involved in the risk assessment process, as many tools in the marketplace (eg, wellness apps, fitness sensors) are underregulated. However, there is little guidance to assist researchers and institutional review boards in their evaluation of digital tools for research purposes. To address this gap, the Digital Health Checklist for Researchers (DHC-R) was developed as a decision support tool. A participatory research approach involving a group of behavioral scientists was used to inform DHC-R development. Scientists beta-tested the checklist by retrospectively evaluating the technologies they had chosen for use in their research. This paper describes the lessons learned because of their involvement in the beta-testing process and concludes with recommendations for how the DHC-R could be useful for a variety of digital health stakeholders. Recommendations focus on future research and policy development to support research ethics, including the development of best practices to advance safe and responsible digital health research. %M 34941548 %R 10.2196/25414 %U https://www.jmir.org/2021/12/e25414 %U https://doi.org/10.2196/25414 %U http://www.ncbi.nlm.nih.gov/pubmed/34941548 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 12 %P e29190 %T Willingness to Share Data From Wearable Health and Activity Trackers: Analysis of the 2019 Health Information National Trends Survey Data %A Rising,Camella J %A Gaysynsky,Anna %A Blake,Kelly D %A Jensen,Roxanne E %A Oh,April %+ Behavioral Research Program, Division of Cancer Control and Population Sciences, US National Cancer Institute, 9609 Medical Center Drive, Rockville, MD, 20850, United States, 1 240 276 5262, camella.rising@nih.gov %K mobile health %K population health %K health communication %K survey methodology %K mobile apps %K devices %K online social networking %K mobile phone %D 2021 %7 13.12.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Sharing data from wearable health and activity trackers (wearables) with others may improve the health and behavioral outcomes of wearable users by generating social support and improving their ability to manage their health. Investigating individual factors that influence US adults’ willingness to share wearable data with different types of individuals may provide insights about the population subgroups that are most or least likely to benefit from wearable interventions. Specifically, it is necessary to identify digital health behaviors potentially associated with willingness to share wearable data given that the use of and engagement with various technologies may broadly influence web-based health information–sharing behaviors. Objective: This study aims to identify sociodemographic, health, and digital health behavior correlates of US adults’ willingness to share wearable data with health care providers and family or friends. Methods: Data for the analytic sample (N=1300) were obtained from the 2019 Health Information National Trends Survey of the National Cancer Institute. Digital health behavior measures included frequency of wearable device use, use of smartphones or tablets to help communicate with providers, use of social networking sites to share health information, and participation in a web-based health community. Multivariable logistic regression analysis of weighted data examined the associations between digital health behaviors and willingness to share wearable device data, controlling for sociodemographics and health-related characteristics. Results: Most US adults reported willingness to share wearable data with providers (81.86%) and with family or friends (69.51%). Those who reported higher health self-efficacy (odds ratio [OR] 1.97, 95% CI 1.11-3.51), higher level of trust in providers as a source of health information (OR 1.98, 95% CI 1.12-3.49), and higher level of physical activity (OR 2.00, 95% CI 1.21-3.31) had greater odds of willingness to share data with providers. In addition, those with a higher frequency of wearable use (OR 2.15, 95% CI 1.35-3.43) and those who reported use of smartphones or tablets to help communicate with providers (OR 1.99, 95% CI 1.09-3.63) had greater odds of willingness to share data with providers. Only higher level of physical activity was associated with greater odds of willingness to share wearable data with family or friends (OR 1.70, 95% CI 1.02-2.84). Sociodemographic factors were not significantly associated with willingness to share wearable data. Conclusions: The findings of this study suggest that, among US adult wearable users, behavior-related factors, rather than sociodemographic characteristics, are key drivers of willingness to share health information obtained from wearables with others. Moreover, behavioral correlates of willingness to share wearable data are unique to the type of recipient (ie, providers vs family or friends). Future studies could use these findings to inform the development of interventions that aim to improve the use of patient-generated data from wearable devices in health care settings. %M 34898448 %R 10.2196/29190 %U https://mhealth.jmir.org/2021/12/e29190 %U https://doi.org/10.2196/29190 %U http://www.ncbi.nlm.nih.gov/pubmed/34898448 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 11 %P e25227 %T “A Question of Trust” and “a Leap of Faith”—Study Participants’ Perspectives on Consent, Privacy, and Trust in Smart Home Research: Qualitative Study %A Kennedy,Mari-Rose %A Huxtable,Richard %A Birchley,Giles %A Ives,Jonathan %A Craddock,Ian %+ Centre for Ethics in Medicine, University of Bristol, Bristol Medical School, 39 Whatley Road, Bristol, BS8 2PS, United Kingdom, 44 117 331 4512, mari-rose.kennedy@bristol.ac.uk %K smart homes %K assistive technology %K research ethics %K informed consent %K privacy %K anonymization %K trust %D 2021 %7 26.11.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Ubiquitous, smart technology has the potential to assist humans in numerous ways, including with health and social care. COVID-19 has notably hastened the move to remotely delivering many health services. A variety of stakeholders are involved in the process of developing technology. Where stakeholders are research participants, this poses practical and ethical challenges, particularly if the research is conducted in people’s homes. Researchers must observe prima facie ethical obligations linked to participants’ interests in having their autonomy and privacy respected. Objective: This study aims to explore the ethical considerations around consent, privacy, anonymization, and data sharing with participants involved in SPHERE (Sensor Platform for Healthcare in a Residential Environment), a project for developing smart technology for monitoring health behaviors at home. Participants’ unique insights from being part of this unusual experiment offer valuable perspectives on how to properly approach informed consent for similar smart home research in the future. Methods: Semistructured qualitative interviews were conducted with 7 households (16 individual participants) recruited from SPHERE. Purposive sampling was used to invite participants from a range of household types and ages. Interviews were conducted in participants’ homes or on-site at the University of Bristol. Interviews were digitally recorded, transcribed verbatim, and analyzed using an inductive thematic approach. Results: Four themes were identified—motivation for participating; transparency, understanding, and consent; privacy, anonymity, and data use; and trust in research. Motivations to participate in SPHERE stemmed from an altruistic desire to support research directed toward the public good. Participants were satisfied with the consent process despite reporting some difficulties—recalling and understanding the information received, the timing and amount of information provision, and sometimes finding the information to be abstract. Participants were satisfied that privacy was assured and judged that the goals of the research compensated for threats to privacy. Participants trusted SPHERE. The factors that were relevant to developing and maintaining this trust were the trustworthiness of the research team, the provision of necessary information, participants’ control over their participation, and positive prior experiences of research involvement. Conclusions: This study offers valuable insights into the perspectives of participants in smart home research on important ethical considerations around consent and privacy. The findings may have practical implications for future research regarding the types of information researchers should convey, the extent to which anonymity can be assured, and the long-term duty of care owed to the participants who place trust in researchers not only on the basis of this information but also because of their institutional affiliation. This study highlights important ethical implications. Although autonomy matters, trust appears to matter the most. Therefore, researchers should be alert to the need to foster and maintain trust, particularly as failing to do so might have deleterious effects on future research. %M 34842551 %R 10.2196/25227 %U https://mhealth.jmir.org/2021/11/e25227 %U https://doi.org/10.2196/25227 %U http://www.ncbi.nlm.nih.gov/pubmed/34842551 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 23 %N 11 %P e27880 %T Electronic Monitoring Systems for Hand Hygiene: Systematic Review of Technology %A Wang,Chaofan %A Jiang,Weiwei %A Yang,Kangning %A Yu,Difeng %A Newn,Joshua %A Sarsenbayeva,Zhanna %A Goncalves,Jorge %A Kostakos,Vassilis %+ School of Computing and Information Systems, The University of Melbourne, 700 Swanston Street, Carlton, 3053, Australia, 61 390358966, chaofanw@student.unimelb.edu.au %K hand hygiene %K hand hygiene compliance %K hand hygiene quality %K electronic monitoring systems %K systematic review %K mobile phone %D 2021 %7 24.11.2021 %9 Review %J J Med Internet Res %G English %X Background: Hand hygiene is one of the most effective ways of preventing health care–associated infections and reducing their transmission. Owing to recent advances in sensing technologies, electronic hand hygiene monitoring systems have been integrated into the daily routines of health care workers to measure their hand hygiene compliance and quality. Objective: This review aims to summarize the latest technologies adopted in electronic hand hygiene monitoring systems and discuss the capabilities and limitations of these systems. Methods: A systematic search of PubMed, ACM Digital Library, and IEEE Xplore Digital Library was performed following the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) guidelines. Studies were initially screened and assessed independently by the 2 authors, and disagreements between them were further summarized and resolved by discussion with the senior author. Results: In total, 1035 publications were retrieved by the search queries; of the 1035 papers, 89 (8.60%) fulfilled the eligibility criteria and were retained for review. In summary, 73 studies used electronic monitoring systems to monitor hand hygiene compliance, including application-assisted direct observation (5/73, 7%), camera-assisted observation (10/73, 14%), sensor-assisted observation (29/73, 40%), and real-time locating system (32/73, 44%). A total of 21 studies evaluated hand hygiene quality, consisting of compliance with the World Health Organization 6-step hand hygiene techniques (14/21, 67%) and surface coverage or illumination reduction of fluorescent substances (7/21, 33%). Conclusions: Electronic hand hygiene monitoring systems face issues of accuracy, data integration, privacy and confidentiality, usability, associated costs, and infrastructure improvements. Moreover, this review found that standardized measurement tools to evaluate system performance are lacking; thus, future research is needed to establish standardized metrics to measure system performance differences among electronic hand hygiene monitoring systems. Furthermore, with sensing technologies and algorithms continually advancing, more research is needed on their implementation to improve system performance and address other hand hygiene–related issues. %M 34821565 %R 10.2196/27880 %U https://www.jmir.org/2021/11/e27880 %U https://doi.org/10.2196/27880 %U http://www.ncbi.nlm.nih.gov/pubmed/34821565 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 11 %P e29181 %T To Use or Not to Use a COVID-19 Contact Tracing App: Mixed Methods Survey in Wales %A Jones,Kerina %A Thompson,Rachel %+ Swansea University, Population Data Science, Swansea University Medical School, Singleton Park, Swansea, SA28PP, United Kingdom, 44 01792602764, k.h.jones@swansea.ac.uk %K COVID-19 %K survey %K Wales %K contact tracing %K app %K mHealth %K mobile apps %K digital health %K public health %D 2021 %7 22.11.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Many countries remain in the grip of the COVID-19 global pandemic, with a considerable journey still ahead toward normalcy and free mobility. Contact tracing smartphone apps are among a raft of measures introduced to reduce spread of the virus, but their uptake depends on public choice. Objective: The objective of this study was to ascertain the views of citizens in Wales on their intended use of a COVID-19 contact tracing smartphone app, including self-proposed reasons for or against use and what could lead to a change of decision. Methods: We distributed an anonymous survey among 4000 HealthWise Wales participants in May 2020. We adopted a mixed methods approach: responses to closed questions were analyzed using descriptive and inferential statistics; open question responses were analyzed and grouped into categories. Results: A total of 976 (24.4%) people completed the survey. Smartphone usage was 91.5% overall, but this varied among age groups. In total, 97.1% were aware of contact tracing apps, but only 67.2% felt sufficiently informed. Furthermore, 55.7% intended to use an app, 23.3% refused, and 21.0% were unsure. The top reasons for app use were as follows: controlling the spread of the virus, mitigating risks for others and for oneself, and increasing freedoms. The top reasons against app use were as follows: mistrusting the government, concerns about data security and privacy, and doubts about efficacy. The top response for changing one’s mind about app use from being willing to being unwilling was that nothing would; that is, they felt that nothing would cause them to become unwilling to use a contact tracing app. This was also the top response for changing one’s mind from being unwilling to being willing to use contact tracing apps. Among those who were unsure of using contact tracing apps, the top response was the need for more information. Conclusions: Respondents demonstrated a keenness to help themselves, others, society, and the government to avoid contracting the virus and to control its spread. However, digital inclusion varied among age groups, precluding participation for some people. Nonetheless, unwillingness was significant, and considering the nature of the concerns raised and the perceived lack of information, policy and decision-makers need to do more to act openly, increase communication, and demonstrate trustworthiness if members of the public are to be confident in using an app. %M 34698645 %R 10.2196/29181 %U https://mhealth.jmir.org/2021/11/e29181 %U https://doi.org/10.2196/29181 %U http://www.ncbi.nlm.nih.gov/pubmed/34698645 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 23 %N 11 %P e23059 %T Fitness Tracker Information and Privacy Management: Empirical Study %A Abdelhamid,Mohamed %+ Department of Information Systems, California State University, Long Beach, 1250 N Bellflower Blvd, Long Beach, CA, 90840, United States, 1 5629852361, mohamed.abdelhamid@csulb.edu %K privacy %K information sharing %K fitness trackers %K wearable devices %D 2021 %7 16.11.2021 %9 Original Paper %J J Med Internet Res %G English %X Background: Fitness trackers allow users to collect, manage, track, and monitor fitness-related activities, such as distance walked, calorie intake, sleep quality, and heart rate. Fitness trackers have become increasingly popular in the past decade. One in five Americans use a device or an app to track their fitness-related activities. These devices generate massive and important data that could help physicians make better assessments of their patients’ health if shared with health providers. This ultimately could lead to better health outcomes and perhaps even lower costs for patients. However, sharing personal fitness information with health care providers has drawbacks, mainly related to the risk of privacy loss and information misuse. Objective: This study investigates the influence of granting users granular privacy control on their willingness to share fitness information. Methods: The study used 270 valid responses collected from Mtrurkers through Amazon Mechanical Turk (MTurk). Participants were randomly assigned to one of two groups. The conceptual model was tested using structural equation modeling (SEM). The dependent variable was the intention to share fitness information. The independent variables were perceived risk, perceived benefits, and trust in the system. Results: SEM explained about 60% of the variance in the dependent variable. Three of the four hypotheses were supported. Perceived risk and trust in the system had a significant relationship with the dependent variable, while trust in the system was not significant. Conclusions: The findings show that people are willing to share their fitness information if they have granular privacy control. This study has practical and theoretical implications. It integrates communication privacy management (CPM) theory with the privacy calculus model. %M 34783672 %R 10.2196/23059 %U https://www.jmir.org/2021/11/e23059 %U https://doi.org/10.2196/23059 %U http://www.ncbi.nlm.nih.gov/pubmed/34783672 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 23 %N 11 %P e24460 %T Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review %A Abdullahi Yari,Imrana %A Dehling,Tobias %A Kluge,Felix %A Geck,Juergen %A Sunyaev,Ali %A Eskofier,Bjoern %+ Department of Artificial Intelligence in Biomedical Engineering, Machine Learning and Data Analytics Lab, Friedrich-Alexander University Erlangen-Nuremberg, Carl-Thiersch-Straße 2b, Erlangen, 91052, Germany, 49 9131 85 20288, imrana.yari.abdullahi@fau.de %K patient-centered %K health care %K information infrastructures %K decentralization %K mobile health %K peer-to-peer %K COVID-19 proximity trackers %K edge computing %K security %K vulnerabilities %K attacks %K threats %K mobile phone %D 2021 %7 15.11.2021 %9 Review %J J Med Internet Res %G English %X Background: Patient-centered health care information systems (PHSs) enable patients to take control and become knowledgeable about their own health, preferably in a secure environment. Current and emerging PHSs use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving COVID-19 decentralized Bluetooth-based tracing systems are examples of disease-centric P2P PHSs. Although using P2P technology for the provision of PHSs can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues as users must manage information security largely by themselves. Objective: This study aims to identify the inherent security issues for PHS deployment in P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment. Methods: A systematic literature review was conducted following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) reporting guidelines. Thematic analysis was used for data analysis. We searched the following databases: IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar. The search was conducted on articles published between 2008 and 2020. The Common Vulnerability Scoring System was used as a guide for rating security issues. Results: Our findings are consolidated into 8 key security issues associated with PHS implementation and deployment on P2P networks and 7 factors promoting them. Moreover, we propose a suitable architecture for P2P PHSs and guidelines for the provision of PHSs while maintaining information security. Conclusions: Despite the clear advantages of P2P PHSs, the absence of centralized controls and inconsistent views of the network on some P2P systems have profound adverse impacts in terms of security. The security issues identified in this study need to be addressed to increase patients’ intention to use PHSs on P2P networks by making them safe to use. %M 34779788 %R 10.2196/24460 %U https://www.jmir.org/2021/11/e24460 %U https://doi.org/10.2196/24460 %U http://www.ncbi.nlm.nih.gov/pubmed/34779788 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 10 %P e30871 %T Post-COVID Public Health Surveillance and Privacy Expectations in the United States: Scenario-Based Interview Study %A Seberger,John S %A Patil,Sameer %+ College of Communication Arts & Sciences, Michigan State University, 404 Wilson Rd, East Lansing, MI, 48824, United States, 1 (517) 416 0743, seberge1@msu.edu %K COVID-19 %K pandemic-tracking apps %K privacy concerns %K infrastructure %K health surveillance %K scenario %K interview %K thematic analysis %D 2021 %7 5.10.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Smartphone-based apps designed and deployed to mitigate the COVID-19 pandemic may become infrastructure for postpandemic public health surveillance in the United States. Through the lenses of privacy concerns and user expectations of digital pandemic mitigation techniques, we identified possible long-term sociotechnical implications of such an infrastructure. Objective: We explored how people in the United States perceive the possible routinization of pandemic tracking apps for public health surveillance in general. Our interdisciplinary analysis focused on the interplay between privacy concerns, data practices of surveillance capitalism, and trust in health care providers. We conducted this analysis to achieve a richer understanding of the sociotechnical issues raised by the deployment and use of technology for pandemic mitigation. Methods: We conducted scenario-based, semistructured interviews (n=19) with adults in the United States. The interviews focused on how people perceive the short- and long-term privacy concerns associated with a fictional smart thermometer app deployed to mitigate the “outbreak of a contagious disease.” In order to elicit future-oriented discussions, the scenario indicated that the app would continue functioning “after the disease outbreak has dissipated.” We analyzed interview transcripts using reflexive thematic analysis. Results: In the context of pandemic mitigation technology, including app-based tracking, people perceive a core trade-off between public health and personal privacy. People tend to rationalize this trade-off by invoking the concept of “the greater good.” The interplay between the trade-off and rationalization forms the core of sociotechnical issues that pandemic mitigation technologies raise. Participants routinely expected that data collected through apps related to public health would be shared with unknown third parties for the financial gain of the app makers. This expectation suggests a perceived alignment between an app-based infrastructure for public health surveillance and the broader economics of surveillance capitalism. Our results highlight unintended and unexpected sociotechnical impacts of routinizing app-based tracking on postpandemic life, which are rationalized by invoking a nebulous concept of the greater good. Conclusions: While technologies such as app-based tracking could be useful for pandemic mitigation and preparedness, the routinization of such apps as a form of public health surveillance may have broader, unintentional sociotechnical implications for individuals and the societies in which they live. Although technology has the potential to increase the efficacy of pandemic mitigation, it exists within a broader network of sociotechnical concerns. Therefore, it is necessary to consider the long-term implications of pandemic mitigation technologies beyond the immediate needs of addressing the COVID-19 pandemic. Potential negative consequences include the erosion of patient trust in health care systems and providers, grounded in concerns about privacy violations and overly broad surveillance. %M 34519667 %R 10.2196/30871 %U https://mhealth.jmir.org/2021/10/e30871 %U https://doi.org/10.2196/30871 %U http://www.ncbi.nlm.nih.gov/pubmed/34519667 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 23 %N 9 %P e26317 %T Privacy Practices of Health Information Technologies: Privacy Policy Risk Assessment Study and Proposed Guidelines %A LaMonica,Haley M %A Roberts,Anna E %A Lee,Grace Yeeun %A Davenport,Tracey A %A Hickie,Ian B %+ Brain and Mind Centre, The University of Sydney, 88 Mallett Street, Camperdown, 2050, Australia, 61 0426955658, haley.lamonica@sydney.edu.au %K privacy %K mental health %K technology %K digital tools %K smartphone %K apps %D 2021 %7 16.9.2021 %9 Original Paper %J J Med Internet Res %G English %X Background: Along with the proliferation of health information technologies (HITs), there is a growing need to understand the potential privacy risks associated with using such tools. Although privacy policies are designed to inform consumers, such policies have consistently been found to be confusing and lack transparency. Objective: This study aims to present consumer preferences for accessing privacy information; develop and apply a privacy policy risk assessment tool to assess whether existing HITs meet the recommended privacy policy standards; and propose guidelines to assist health professionals and service providers with understanding the privacy risks associated with HITs, so that they can confidently promote their safe use as a part of care. Methods: In phase 1, participatory design workshops were conducted with young people who were attending a participating headspace center, their supportive others, and health professionals and service providers from the centers. The findings were knowledge translated to determine participant preferences for the presentation and availability of privacy information and the functionality required to support its delivery. Phase 2 included the development of the 23-item privacy policy risk assessment tool, which incorporated material from international privacy literature and standards. This tool was then used to assess the privacy policies of 34 apps and e-tools. In phase 3, privacy guidelines, which were derived from learnings from a collaborative consultation process with key stakeholders, were developed to assist health professionals and service providers with understanding the privacy risks associated with incorporating HITs as a part of clinical care. Results: When considering the use of HITs, the participatory design workshop participants indicated that they wanted privacy information to be easily accessible, transparent, and user-friendly to enable them to clearly understand what personal and health information will be collected and how these data will be shared and stored. The privacy policy review revealed consistently poor readability and transparency, which limited the utility of these documents as a source of information. Therefore, to enable informed consent, the privacy guidelines provided ensure that health professionals and consumers are fully aware of the potential for privacy risks in using HITs to support health and well-being. Conclusions: A lack of transparency in privacy policies has the potential to undermine consumers’ ability to trust that the necessary measures are in place to secure and protect the privacy of their personal and health information, thus precluding their willingness to engage with HITs. The application of the privacy guidelines will improve the confidence of health professionals and service providers in the privacy of consumer data, thus enabling them to recommend HITs to provide or support care. %M 34528895 %R 10.2196/26317 %U https://www.jmir.org/2021/9/e26317 %U https://doi.org/10.2196/26317 %U http://www.ncbi.nlm.nih.gov/pubmed/34528895 %0 Journal Article %@ 2292-9495 %I JMIR Publications %V 8 %N 3 %P e21810 %T Machine Learning–Based Analysis of Encrypted Medical Data in the Cloud: Qualitative Study of Expert Stakeholders’ Perspectives %A Alaqra,Ala Sarah %A Kane,Bridget %A Fischer-Hübner,Simone %+ Computer Science and Information Systems, Karlstad University, Universitetsgatan 2, Karlstad, 65188, Sweden, 46 054 700 2815, as.alaqra@kau.se %K medical data analysis %K encryption %K privacy-enhancing technologies %K machine learning %K stakeholders %K tradeoffs %K perspectives %K eHealth %K interviews %D 2021 %7 16.9.2021 %9 Original Paper %J JMIR Hum Factors %G English %X Background: Third-party cloud-based data analysis applications are proliferating in electronic health (eHealth) because of the expertise offered and their monetary advantage. However, privacy and security are critical concerns when handling sensitive medical data in the cloud. Technical advances based on “crypto magic” in privacy-preserving machine learning (ML) enable data analysis in encrypted form for maintaining confidentiality. Such privacy-enhancing technologies (PETs) could be counterintuitive to relevant stakeholders in eHealth, which could in turn hinder adoption; thus, more attention is needed on human factors for establishing trust and transparency. Objective: The aim of this study was to analyze eHealth expert stakeholders’ perspectives and the perceived tradeoffs in regard to data analysis on encrypted medical data in the cloud, and to derive user requirements for development of a privacy-preserving data analysis tool. Methods: We used semistructured interviews and report on 14 interviews with individuals having medical, technical, or research expertise in eHealth. We used thematic analysis for analyzing interview data. In addition, we conducted a workshop for eliciting requirements. Results: Our results show differences in the understanding of and in trusting the technology; caution is advised by technical experts, whereas patient safety assurances are required by medical experts. Themes were identified with general perspectives on data privacy and practices (eg, acceptance of using external services), as well as themes highlighting specific perspectives (eg, data protection drawbacks and concerns of the data analysis on encrypted data). The latter themes result in requiring assurances and conformance testing for trusting tools such as the proposed ML-based tool. Communicating privacy, and utility benefits and tradeoffs with stakeholders is essential for trust. Furthermore, stakeholders and their organizations share accountability of patient data. Finally, stakeholders stressed the importance of informing patients about the privacy of their data. Conclusions: Understanding the benefits and risks of using eHealth PETs is crucial, and collaboration among diverse stakeholders is essential. Assurances of the tool’s privacy, accuracy, and patient safety should be in place for establishing trust of ML-based PETs, especially if used in the cloud. %M 34528892 %R 10.2196/21810 %U https://humanfactors.jmir.org/2021/3/e21810 %U https://doi.org/10.2196/21810 %U http://www.ncbi.nlm.nih.gov/pubmed/34528892 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 9 %P e26318 %T User Experiences of the NZ COVID Tracer App in New Zealand: Thematic Analysis of Interviews %A Tretiakov,Alexei %A Hunter,Inga %+ School of Management, Massey University, Tennent Drive, Palmerston North, 4474, New Zealand, 64 6 951 7905, A.Tretiakov@massey.ac.nz %K COVID-19 %K contact tracing %K app %K New Zealand %K adoption %K use %K civic responsibility %K privacy %D 2021 %7 8.9.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: For mobile app–based COVID-19 contact tracing to be fully effective, a large majority of the population needs to be using the app on an ongoing basis. However, there is a paucity of studies of users, as opposed to potential adopters, of mobile contact tracing apps and of their experiences. New Zealand, a high-income country with western political culture, was successful in managing the COVID-19 pandemic, and its experience is valuable for informing policy responses in similar contexts. Objective: This study asks the following research questions: (1) How do users experience the app in their everyday contexts? and (2) What drives the use of the app? Methods: Residents of New Zealand’s Auckland region, which encompasses the country’s largest city, were approached via Facebook, and 34 NZ COVID Tracer app users were interviewed. Interview transcripts were analyzed using thematic analysis. Results: Interviews ranged in duration from 15 to 50 minutes. Participants ranged in age from those in their late teens to those in their early sixties. Even though about half of the participants identified as White New Zealanders of European origin, different ethnicities were represented, including New Zealanders of South Pacific, Indian, Middle Eastern, South American, and Southeast Asian descent. Out of 34 participants, 2 (6%) identified as Māori (Indigenous New Zealanders). A broad range of careers were represented, from top-middle management to health support work and charity work. Likewise, educational backgrounds ranged broadly, from high school completion to master’s degrees. Out of 34 participants, 2 (6%) were unemployed, having recently lost their jobs because of the pandemic. The thematic analysis resulted in five major themes: perceived benefits, patterns of use, privacy, social influence, and need for collective action. Benefits of using the app to society in general were more salient to the participants than immediate health benefits to the individual. Use, however, depended on the alert level and tended to decline for many participants at low alert levels. Privacy considerations played a small role in shaping adoption and use, even though the participants were highly aware of privacy discourse around the app. Participants were aware of the need for high levels of adoption and use of the app to control the pandemic. Attempts to encourage others to use the app were common, although not always successful. Conclusions: Appeals to civic responsibility are likely to drive the use of a mobile contact tracing app under the conditions of high threat. Under the likely scenario of COVID-19 remaining endemic and requiring ongoing vigilance over the long term, other mechanisms promoting the use of mobile contact tracing apps may be needed, such as offering incentives. As privacy is not an important concern for many users, flexible privacy settings in mobile contact tracing apps allowing users to set their optimal levels of privacy may be appropriate. %M 34292868 %R 10.2196/26318 %U https://mhealth.jmir.org/2021/9/e26318 %U https://doi.org/10.2196/26318 %U http://www.ncbi.nlm.nih.gov/pubmed/34292868 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 8 %P e29923 %T Prosociality and the Uptake of COVID-19 Contact Tracing Apps: Survey Analysis of Intergenerational Differences in Japan %A Shoji,Masahiro %A Ito,Asei %A Cato,Susumu %A Iida,Takashi %A Ishida,Kenji %A Katsumata,Hiroto %A McElwain,Kenneth Mori %+ Institute of Social Science, University of Tokyo, 7-3-1 Hongo, Bunkyo-ku, Tokyo, 113-0033, Japan, 81 3 5841 4927, shoji@iss.u-tokyo.ac.jp %K COVID-19 %K contact tracing app %K place attachment %K place identity %K contact tracing %K pandemic %K mHealth %K health policy %D 2021 %7 19.8.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: To control the COVID-19 pandemic, it is essential to trace and contain infection chains; for this reason, policymakers have endorsed the usage of contact tracing apps. To date, over 50 countries have released such apps officially or semiofficially, but those that rely on citizens’ voluntary uptake suffer from low adoption rates, reducing their effectiveness. Early studies suggest that the low uptake is driven by citizens’ concerns about security and privacy, as well as low perceptions of infection risk and benefits from the usage. However, these do not explore important generational differences in uptake decision or the association between individuals’ prosociality and uptake. Objective: The objective of our study was to examine the role of individuals’ prosociality and other factors discussed in the literature, such as perceived risk and trust in government, in encouraging the usage of contact tracing apps in Japan. We paid particular attention to generational differences. Methods: A web-based survey was conducted in Japan 6 months after the release of a government-sponsored contact tracing app. Participants were recruited from individuals aged between 20 and 69 years. Exploratory factor analyses were conducted to measure prosociality, risk perception, and trust in government. Logistic regression was used to examine the association between these factors and uptake. Results: There was a total of 7084 respondents, and observations from 5402 respondents were used for analysis, of which 791 respondents (14.6%) had ever used the app. Two factors of prosociality were retained: agreeableness and attachment to the community. Full-sample analysis demonstrated app uptake was determined by agreeableness, attachment to the community, concern about health risks, concern about social risks, and trust in the national government; however, important differences existed. The uptake decision of respondents aged between 20 and 39 years was attributed to their attachment to the community (odds ratio [OR] 1.28, 95% CI 1.11-1.48). Agreeable personality (OR 1.18, 95% CI 1.02-1.35), concern about social risk (OR 1.17, 95% CI 1.02-1.35), and trust in national government (OR 1.16, 95% CI 1.05-1.28) were key determinants for those aged between 40 and 59 years. For those aged over 60 years, concerns about health risks determined the uptake decision (OR 1.49, 95% CI 1.24-1.80). Conclusions: Policymakers should implement different interventions for each generation to increase the adoption rate of contact tracing apps. It may be effective to inform older adults about the health benefits of the apps. For middle-age adults, it is important to mitigate concerns about security and privacy issues, and for younger generations, it is necessary to boost their attachment to their community by utilizing social media and other web-based network tools. %M 34313601 %R 10.2196/29923 %U https://mhealth.jmir.org/2021/8/e29923 %U https://doi.org/10.2196/29923 %U http://www.ncbi.nlm.nih.gov/pubmed/34313601 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 7 %P e27343 %T Ethical Development of Digital Phenotyping Tools for Mental Health Applications: Delphi Study %A Martinez-Martin,Nicole %A Greely,Henry T %A Cho,Mildred K %+ Center for Biomedical Ethics, School of Medicine, Stanford University, 1215 Welch Road, Modular A, Stanford, CA, 94305, United States, 1 7734585750, nicolemz@stanford.edu %K ethics %K neuroethics %K digital phenotyping %K digital mental health %K Delphi study %K mental health %K machine learning %K artificial intelligence %K mobile phone %D 2021 %7 28.7.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Digital phenotyping (also known as personal sensing, intelligent sensing, or body computing) involves the collection of biometric and personal data in situ from digital devices, such as smartphones, wearables, or social media, to measure behavior or other health indicators. The collected data are analyzed to generate moment-by-moment quantification of a person’s mental state and potentially predict future mental states. Digital phenotyping projects incorporate data from multiple sources, such as electronic health records, biometric scans, or genetic testing. As digital phenotyping tools can be used to study and predict behavior, they are of increasing interest for a range of consumer, government, and health care applications. In clinical care, digital phenotyping is expected to improve mental health diagnoses and treatment. At the same time, mental health applications of digital phenotyping present significant areas of ethical concern, particularly in terms of privacy and data protection, consent, bias, and accountability. Objective: This study aims to develop consensus statements regarding key areas of ethical guidance for mental health applications of digital phenotyping in the United States. Methods: We used a modified Delphi technique to identify the emerging ethical challenges posed by digital phenotyping for mental health applications and to formulate guidance for addressing these challenges. Experts in digital phenotyping, data science, mental health, law, and ethics participated as panelists in the study. The panel arrived at consensus recommendations through an iterative process involving interviews and surveys. The panelists focused primarily on clinical applications for digital phenotyping for mental health but also included recommendations regarding transparency and data protection to address potential areas of misuse of digital phenotyping data outside of the health care domain. Results: The findings of this study showed strong agreement related to these ethical issues in the development of mental health applications of digital phenotyping: privacy, transparency, consent, accountability, and fairness. Consensus regarding the recommendation statements was strongest when the guidance was stated broadly enough to accommodate a range of potential applications. The privacy and data protection issues that the Delphi participants found particularly critical to address related to the perceived inadequacies of current regulations and frameworks for protecting sensitive personal information and the potential for sale and analysis of personal data outside of health systems. Conclusions: The Delphi study found agreement on a number of ethical issues to prioritize in the development of digital phenotyping for mental health applications. The Delphi consensus statements identified general recommendations and principles regarding the ethical application of digital phenotyping to mental health. As digital phenotyping for mental health is implemented in clinical care, there remains a need for empirical research and consultation with relevant stakeholders to further understand and address relevant ethical issues. %M 34319252 %R 10.2196/27343 %U https://mhealth.jmir.org/2021/7/e27343 %U https://doi.org/10.2196/27343 %U http://www.ncbi.nlm.nih.gov/pubmed/34319252 %0 Journal Article %@ 2291-9694 %I JMIR Publications %V 9 %N 7 %P e27449 %T Contact Tracing Apps: Lessons Learned on Privacy, Autonomy, and the Need for Detailed and Thoughtful Implementation %A Hogan,Katie %A Macedo,Briana %A Macha,Venkata %A Barman,Arko %A Jiang,Xiaoqian %+ School of Biomedical Informatics, University of Texas Health Science Center at Houston, 7000 Fannin St #600, Houston, TX, 77030, United States, 1 7135003930, xiaoqian.jiang@uth.tmc.edu %K contact tracing %K COVID-19 %K privacy %K smartphone apps %K mobile phone apps %K health information %K electronic health %K eHealth %K pandemic %K app %K mobile health %K mHealth %D 2021 %7 19.7.2021 %9 Viewpoint %J JMIR Med Inform %G English %X The global and national response to the COVID-19 pandemic has been inadequate due to a collective lack of preparation and a shortage of available tools for responding to a large-scale pandemic. By applying lessons learned to create better preventative methods and speedier interventions, the harm of a future pandemic may be dramatically reduced. One potential measure is the widespread use of contact tracing apps. While such apps were designed to combat the COVID-19 pandemic, the time scale in which these apps were deployed proved a significant barrier to efficacy. Many companies and governments sprinted to deploy contact tracing apps that were not properly vetted for performance, privacy, or security issues. The hasty development of incomplete contact tracing apps undermined public trust and negatively influenced perceptions of app efficacy. As a result, many of these apps had poor voluntary public uptake, which greatly decreased the apps’ efficacy. Now, with lessons learned from this pandemic, groups can better design and test apps in preparation for the future. In this viewpoint, we outline common strategies employed for contact tracing apps, detail the successes and shortcomings of several prominent apps, and describe lessons learned that may be used to shape effective contact tracing apps for the present and future. Future app designers can keep these lessons in mind to create a version that is suitable for their local culture, especially with regard to local attitudes toward privacy-utility tradeoffs during public health crises. %M 34254937 %R 10.2196/27449 %U https://medinform.jmir.org/2021/7/e27449 %U https://doi.org/10.2196/27449 %U http://www.ncbi.nlm.nih.gov/pubmed/34254937 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 23 %N 7 %P e26371 %T Privacy-Oriented Technique for COVID-19 Contact Tracing (PROTECT) Using Homomorphic Encryption: Design and Development Study %A An,Yongdae %A Lee,Seungmyung %A Jung,Seungwoo %A Park,Howard %A Song,Yongsoo %A Ko,Taehoon %+ Department of Medical Informatics, College of Medicine, The Catholic University of Korea, 222 Banpo-daero, Seocho-gu, Seoul, 06591, Republic of Korea, 82 2 2258 7947, thko@catholic.ac.kr %K COVID-19 %K homomorphic encryption %K privacy-preserving contact tracing %K PROTECT protocol %K GPS data %K mobile application %K web service %D 2021 %7 12.7.2021 %9 Original Paper %J J Med Internet Res %G English %X Background: Various techniques are used to support contact tracing, which has been shown to be highly effective against the COVID-19 pandemic. To apply the technology, either quarantine authorities should provide the location history of patients with COVID-19, or all users should provide their own location history. This inevitably exposes either the patient’s location history or the personal location history of other users. Thus, a privacy issue arises where the public good (via information release) comes in conflict with privacy exposure risks. Objective: The objective of this study is to develop an effective contact tracing system that does not expose the location information of the patient with COVID-19 to other users of the system, or the location information of the users to the quarantine authorities. Methods: We propose a new protocol called PRivacy Oriented Technique for Epidemic Contact Tracing (PROTECT) that securely shares location information of patients with users by using the Brakerski/Fan-Vercauteren homomorphic encryption scheme, along with a new, secure proximity computation method. Results: We developed a mobile app for the end-user and a web service for the quarantine authorities by applying the proposed method, and we verified their effectiveness. The proposed app and web service compute the existence of intersections between the encrypted location history of patients with COVID-19 released by the quarantine authorities and that of the user saved on the user’s local device. We also found that this contact tracing smartphone app can identify whether the user has been in contact with such patients within a reasonable time. Conclusions: This newly developed method for contact tracing shares location information by using homomorphic encryption, without exposing the location information of patients with COVID-19 and other users. Homomorphic encryption is challenging to apply to practical issues despite its high security value. In this study, however, we have designed a system using the Brakerski/Fan-Vercauteren scheme that is applicable to a reasonable size and developed it to an operable format. The developed app and web service can help contact tracing for not only the COVID-19 pandemic but also other epidemics. %M 33999829 %R 10.2196/26371 %U https://www.jmir.org/2021/7/e26371 %U https://doi.org/10.2196/26371 %U http://www.ncbi.nlm.nih.gov/pubmed/33999829 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 6 %P e15654 %T Challenges With Developing Secure Mobile Health Applications: Systematic Review %A Aljedaani,Bakheet %A Babar,M Ali %+ Centre for Research on Engineering Software Technologies, School of Computer Science, The University of Adelaide, North Terrace, Adelaide, , Australia, 61 883135208, bakheet.aljedaani@adelaide.edu.au %K systematic literature review %K mHealth apps %K secure apps %K developers %K security knowledge %D 2021 %7 21.6.2021 %9 Review %J JMIR Mhealth Uhealth %G English %X Background: Mobile health (mHealth) apps have gained significant popularity over the last few years due to their tremendous benefits, such as lowering health care costs and increasing patient awareness. However, the sensitivity of health care data makes the security of mHealth apps a serious concern. Poor security practices and lack of security knowledge on the developers’ side can cause several vulnerabilities in mHealth apps. Objective: In this review paper, we aimed to identify and analyze the reported challenges concerning security that developers of mHealth apps face. Additionally, our study aimed to develop a conceptual framework with the challenges for developing secure apps faced by mHealth app development organizations. The knowledge of such challenges can help to reduce the risk of developing insecure mHealth apps. Methods: We followed the systematic literature review method for this review. We selected studies that were published between January 2008 and October 2020 since the major app stores launched in 2008. We selected 32 primary studies using predefined criteria and used a thematic analysis method for analyzing the extracted data. Results: Of the 1867 articles obtained, 32 were included in this review based on the predefined criteria. We identified 9 challenges that can affect the development of secure mHealth apps. These challenges include lack of security guidelines and regulations for developing secure mHealth apps (20/32, 63%), developers’ lack of knowledge and expertise for secure mHealth app development (18/32, 56%), lack of stakeholders’ involvement during mHealth app development (6/32, 19%), no/little developer attention towards the security of mHealth apps (5/32, 16%), lack of resources for developing a secure mHealth app (4/32, 13%), project constraints during the mHealth app development process (4/32, 13%), lack of security testing during mHealth app development (4/32, 13%), developers’ lack of motivation and ethical considerations (3/32, 9%), and lack of security experts’ engagement during mHealth app development (2/32, 6%). Based on our analysis, we have presented a conceptual framework that highlights the correlation between the identified challenges. Conclusions: While mHealth app development organizations might overlook security, we conclude that our findings can help them to identify the weaknesses and improve their security practices. Similarly, mHealth app developers can identify the challenges they face to develop mHealth apps that do not pose security risks for users. Our review is a step towards providing insights into the development of secure mHealth apps. Our proposed conceptual framework can act as a practice guideline for practitioners to enhance secure mHealth app development. %M 34152277 %R 10.2196/15654 %U https://mhealth.jmir.org/2021/6/e15654 %U https://doi.org/10.2196/15654 %U http://www.ncbi.nlm.nih.gov/pubmed/34152277 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 23 %N 6 %P e29395 %T Consumer Views on Health Applications of Consumer Digital Data and Health Privacy Among US Adults: Qualitative Interview Study %A Grande,David %A Luna Marti,Xochitl %A Merchant,Raina M %A Asch,David A %A Dolan,Abby %A Sharma,Meghana %A Cannuscio,Carolyn C %+ Division of General Internal Medicine, University of Pennsylvania, 3641 Locust Walk, CPC 407, Philadelphia, PA, 19081, United States, 1 2155733804, dgrande@wharton.upenn.edu %K health privacy %K digital health privacy %K privacy law %K health law %K digital epidemiology %D 2021 %7 9.6.2021 %9 Original Paper %J J Med Internet Res %G English %X Background: In 2020, the number of internet users surpassed 4.6 billion. Individuals who create and share digital data can leave a trail of information about their habits and preferences that collectively generate a digital footprint. Studies have shown that digital footprints can reveal important information regarding an individual’s health status, ranging from diet and exercise to depression. Uses of digital applications have accelerated during the COVID-19 pandemic where public health organizations have utilized technology to reduce the burden of transmission, ultimately leading to policy discussions about digital health privacy. Though US consumers report feeling concerned about the way their personal data is used, they continue to use digital technologies. Objective: This study aimed to understand the extent to which consumers recognize possible health applications of their digital data and identify their most salient concerns around digital health privacy. Methods: We conducted semistructured interviews with a diverse national sample of US adults from November 2018 to January 2019. Participants were recruited from the Ipsos KnowledgePanel, a nationally representative panel. Participants were asked to reflect on their own use of digital technology, rate various sources of digital information, and consider several hypothetical scenarios with varying sources and health-related applications of personal digital information. Results: The final cohort included a diverse national sample of 45 US consumers. Participants were generally unaware what consumer digital data might reveal about their health. They also revealed limited knowledge of current data collection and aggregation practices. When responding to specific scenarios with health-related applications of data, they had difficulty weighing the benefits and harms but expressed a desire for privacy protection. They saw benefits in using digital data to improve health, but wanted limits to health programs’ use of consumer digital data. Conclusions: Current privacy restrictions on health-related data are premised on the notion that these data are derived only from medical encounters. Given that an increasing amount of health-related data is derived from digital footprints in consumer settings, our findings suggest the need for greater transparency of data collection and uses, and broader health privacy protections. %M 34106074 %R 10.2196/29395 %U https://www.jmir.org/2021/6/e29395 %U https://doi.org/10.2196/29395 %U http://www.ncbi.nlm.nih.gov/pubmed/34106074 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 6 %P e27753 %T Best Practice Guidance for Digital Contact Tracing Apps: A Cross-disciplinary Review of the Literature %A O'Connell,James %A Abbas,Manzar %A Beecham,Sarah %A Buckley,Jim %A Chochlov,Muslim %A Fitzgerald,Brian %A Glynn,Liam %A Johnson,Kevin %A Laffey,John %A McNicholas,Bairbre %A Nuseibeh,Bashar %A O'Callaghan,Michael %A O'Keeffe,Ian %A Razzaq,Abdul %A Rekanar,Kaavya %A Richardson,Ita %A Simpkin,Andrew %A Storni,Cristiano %A Tsvyatkova,Damyanka %A Walsh,Jane %A Welsh,Thomas %A O'Keeffe,Derek %+ School of Medicine, National University of Ireland Galway, Clinical Sciences Institute, Costello Road, Galway, H91 V4AY, Ireland, 353 (0)91 495960, derek.okeeffe@nuigalway.ie %K digital contact tracing %K automated contact tracing %K COVID-19 %K SARS-CoV-2 %K mHealth %K mobile app %K app %K tracing %K monitoring %K surveillance %K review %K best practice %K design %D 2021 %7 7.6.2021 %9 Review %J JMIR Mhealth Uhealth %G English %X Background: Digital contact tracing apps have the potential to augment contact tracing systems and disrupt COVID-19 transmission by rapidly identifying secondary cases prior to the onset of infectiousness and linking them into a system of quarantine, testing, and health care worker case management. The international experience of digital contact tracing apps during the COVID-19 pandemic demonstrates how challenging their design and deployment are. Objective: This study aims to derive and summarize best practice guidance for the design of the ideal digital contact tracing app. Methods: A collaborative cross-disciplinary approach was used to derive best practice guidance for designing the ideal digital contact tracing app. A search of the indexed and gray literature was conducted to identify articles describing or evaluating digital contact tracing apps. MEDLINE was searched using a combination of free-text terms and Medical Subject Headings search terms. Gray literature sources searched were the World Health Organization Institutional Repository for Information Sharing, the European Centre for Disease Prevention and Control publications library, and Google, including the websites of many health protection authorities. Articles that were acceptable for inclusion in this evidence synthesis were peer-reviewed publications, cohort studies, randomized trials, modeling studies, technical reports, white papers, and media reports related to digital contact tracing. Results: Ethical, user experience, privacy and data protection, technical, clinical and societal, and evaluation considerations were identified from the literature. The ideal digital contact tracing app should be voluntary and should be equitably available and accessible. User engagement could be enhanced by small financial incentives, enabling users to tailor aspects of the app to their particular needs and integrating digital contact tracing apps into the wider public health information campaign. Adherence to the principles of good data protection and privacy by design is important to convince target populations to download and use digital contact tracing apps. Bluetooth Low Energy is recommended for a digital contact tracing app's contact event detection, but combining it with ultrasound technology may improve a digital contact tracing app's accuracy. A decentralized privacy-preserving protocol should be followed to enable digital contact tracing app users to exchange and record temporary contact numbers during contact events. The ideal digital contact tracing app should define and risk-stratify contact events according to proximity, duration of contact, and the infectiousness of the case at the time of contact. Evaluating digital contact tracing apps requires data to quantify app downloads, use among COVID-19 cases, successful contact alert generation, contact alert receivers, contact alert receivers that adhere to quarantine and testing recommendations, and the number of contact alert receivers who subsequently are tested positive for COVID-19. The outcomes of digital contact tracing apps' evaluations should be openly reported to allow for the wider public to review the evaluation of the app. Conclusions: In conclusion, key considerations and best practice guidance for the design of the ideal digital contact tracing app were derived from the literature. %M 34003764 %R 10.2196/27753 %U https://mhealth.jmir.org/2021/6/e27753 %U https://doi.org/10.2196/27753 %U http://www.ncbi.nlm.nih.gov/pubmed/34003764 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 5 %P e26630 %T Authors’ Reply to: And Justice for All? There Is More to the Interoperability of Contact Tracing Apps Than Legal Barriers. Comment on “COVID-19 Contact Tracing Apps: A Technologic Tower of Babel and the Gap for International Pandemic Control” %A Du,Li %A Raposo,Vera Lúcia %A Wang,Meng %+ Faculty of Law, University of Macau, Avenida da Universidade, Taipa, Macau, 999078, China, 853 88224733, stephendu@um.edu.mo %K COVID-19 %K contact tracing %K data protection %K privacy %K interoperability %K global health %K public health %D 2021 %7 26.5.2021 %9 Letter to the Editor %J JMIR Mhealth Uhealth %G English %X %M 33852409 %R 10.2196/26630 %U https://mhealth.jmir.org/2021/5/e26630 %U https://doi.org/10.2196/26630 %U http://www.ncbi.nlm.nih.gov/pubmed/33852409 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 5 %P e26218 %T And Justice for All? There Is More to the Interoperability of Contact Tracing Apps Than Legal Barriers. Comment on “COVID-19 Contact Tracing Apps: A Technologic Tower of Babel and the Gap for International Pandemic Control” %A Crutzen,Rik %+ Department of Health Promotion, Care and Public Health Research Institute, Maastricht University, PO Box 616, Maastricht, 6200 MD, Netherlands, 31 433882828, rik.crutzen@maastrichtuniversity.nl %K COVID-19 %K contact tracing %K data protection %K privacy %K interoperability %K global health %K public health %D 2021 %7 26.5.2021 %9 Letter to the Editor %J JMIR Mhealth Uhealth %G English %X %M 33848974 %R 10.2196/26218 %U https://mhealth.jmir.org/2021/5/e26218 %U https://doi.org/10.2196/26218 %U http://www.ncbi.nlm.nih.gov/pubmed/33848974 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 4 %P e16518 %T Smartphone Users’ Persuasion Knowledge in the Context of Consumer mHealth Apps: Qualitative Study %A Joo,Eunsin %A Kononova,Anastasia %A Kanthawala,Shaheen %A Peng,Wei %A Cotten,Shelia %+ Department of Public Relations and Advertising, Beijing Normal University-Hong Kong Baptist University United International College, 2000 Jintong Road, Tangjiawan, Zhuhai, 519087, China, 82 1086813554, eunsinjoo@uic.edu.hk %K mHealth app %K personal health information sharing %K mobile phone %K mobile promotion strategy %K persuasion knowledge %D 2021 %7 13.4.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Persuasion knowledge, commonly referred to as advertising literacy, is a cognitive dimension that embraces recognition of advertising, its source and audience, and understanding of advertisers’ persuasive and selling intents as well as tactics. There is little understanding of users’ awareness of organizations that develop or sponsor mobile health (mHealth) apps, especially in light of personal data privacy. Persuasion knowledge or recognition of a supporting organization’s presence, characteristics, competencies, intents, and persuasion tactics are crucial to investigate because app users have the right to know about entities that support apps and make informed decisions about app usage. The abundance of free consumer mHealth apps, especially those in the area of fitness, often makes it difficult for users to identify apps’ dual purposes, which may be related to not only helping the public manage health but also promoting the supporting organization itself and collecting users’ information for further consumer targeting by third parties. Objective: This study aims to investigate smartphone users’ awareness of mHealth apps’ affiliations with 3 different types of supporting organizations (commercial, government, and nonprofit); differences in users’ persuasion knowledge and mHealth app quality and credibility evaluations related to each of the 3 organization types; and users’ coping mechanisms for dealing with personal information management within consumer mHealth apps. Methods: In-depth semistructured interviews were conducted with 25 smartphone users from a local community in midwestern United States. Interviews were thematically analyzed using inductive and deductive approaches. Results: Participants indicated that their awareness of and interest in mHealth app–supporting organizations were secondary to the app’s health management functions. After being probed, participants showed a high level of persuasion knowledge regarding the types of app-supporting organizations and their promotional intents. They thought that commercial companies sponsored mHealth apps mostly as entertainment tools, whereas noncommercial entities sponsored mHealth apps for users’ education. They assigned self-promotional motives to commercial organizations; however, they associated commercial mHealth apps with good quality and functioning. Noncommercial entities were perceived as more credible. Participants were concerned about losing control over personal information within mHealth apps supported by different organizations. They used alternative digital identities to protect themselves from privacy invasion and advertising spam. They were willing to trade some personal information for high-quality commercial mHealth apps. There was a sense of fatalism in discussing privacy risks linked to mHealth app usage, and some participants did not perceive the risks to be serious. Conclusions: The discussion of and recommendations for the safe and ethical use of mHealth apps associated with organizations’ promotional strategies and personal data protection are provided to ensure users’ awareness of and enhanced control over digitalized personal information flows. The theoretical implications are discussed in the context of the Persuasion Knowledge Model and dual-processing theories. %M 33847596 %R 10.2196/16518 %U https://mhealth.jmir.org/2021/4/e16518 %U https://doi.org/10.2196/16518 %U http://www.ncbi.nlm.nih.gov/pubmed/33847596 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 23 %N 4 %P e20996 %T Requirements and Operational Guidelines for Secure and Sustainable Digital Phenotyping: Design and Development Study %A Jagesar,Raj R %A Vorstman,Jacob A %A Kas,Martien J %+ Groningen Institute for Evolutionary Life Sciences, University of Groningen, Nijenborgh 7 9747 AG, PO Box 11103, Groningen, 9700 CC, Netherlands, 31 503632381, m.j.h.kas@rug.nl %K digital phenotyping %K mobile behavioral monitoring %K passive behavioral monitoring %K smartphone-based behavioral monitoring %K research data management %K psychoinformatics %K mobile phone %D 2021 %7 7.4.2021 %9 Original Paper %J J Med Internet Res %G English %X Background: Digital phenotyping, the measurement of human behavioral phenotypes using personal devices, is rapidly gaining popularity. Novel initiatives, ranging from software prototypes to user-ready research platforms, are innovating the field of biomedical research and health care apps. One example is the BEHAPP project, which offers a fully managed digital phenotyping platform as a service. The innovative potential of digital phenotyping strategies resides among others in their capacity to objectively capture measurable and quantitative components of human behavior, such as diurnal rhythm, movement patterns, and communication, in a real-world setting. The rapid development of this field underscores the importance of reliability and safety of the platforms on which these novel tools are operated. Large-scale studies and regulated research spaces (eg, the pharmaceutical industry) have strict requirements for the software-based solutions they use. Security and sustainability are key to ensuring continuity and trust. However, the majority of behavioral monitoring initiatives have not originated primarily in these regulated research spaces, which may be why these components have been somewhat overlooked, impeding the further development and implementation of such platforms in a secure and sustainable way. Objective: This study aims to provide a primer on the requirements and operational guidelines for the development and operation of a secure behavioral monitoring platform. Methods: We draw from disciplines such as privacy law, information, and computer science to identify a set of requirements and operational guidelines focused on security and sustainability. Taken together, the requirements and guidelines form the foundation of the design and implementation of the BEHAPP behavioral monitoring platform. Results: We present the base BEHAPP data collection and analysis flow and explain how the various concepts from security and sustainability are addressed in the design. Conclusions: Digital phenotyping initiatives are steadily maturing. This study helps the field and surrounding stakeholders to reflect upon and progress toward secure and sustainable operation of digital phenotyping–driven research. %M 33825695 %R 10.2196/20996 %U https://www.jmir.org/2021/4/e20996 %U https://doi.org/10.2196/20996 %U http://www.ncbi.nlm.nih.gov/pubmed/33825695 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 3 %P e23728 %T Learning From Others Without Sacrificing Privacy: Simulation Comparing Centralized and Federated Machine Learning on Mobile Health Data %A Liu,Jessica Chia %A Goetz,Jack %A Sen,Srijan %A Tewari,Ambuj %+ Department of Statistics, University of Michigan, 1085 South University Ave, Ann Arbor, MI, 48109, United States, 1 7346474820, liujess@umich.edu %K privacy %K data protection %K machine learning %K mobile health %K wearable electronic devices %D 2021 %7 30.3.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: The use of wearables facilitates data collection at a previously unobtainable scale, enabling the construction of complex predictive models with the potential to improve health. However, the highly personal nature of these data requires strong privacy protection against data breaches and the use of data in a way that users do not intend. One method to protect user privacy while taking advantage of sharing data across users is federated learning, a technique that allows a machine learning model to be trained using data from all users while only storing a user’s data on that user’s device. By keeping data on users’ devices, federated learning protects users’ private data from data leaks and breaches on the researcher’s central server and provides users with more control over how and when their data are used. However, there are few rigorous studies on the effectiveness of federated learning in the mobile health (mHealth) domain. Objective: We review federated learning and assess whether it can be useful in the mHealth field, especially for addressing common mHealth challenges such as privacy concerns and user heterogeneity. The aims of this study are to describe federated learning in an mHealth context, apply a simulation of federated learning to an mHealth data set, and compare the performance of federated learning with the performance of other predictive models. Methods: We applied a simulation of federated learning to predict the affective state of 15 subjects using physiological and motion data collected from a chest-worn device for approximately 36 minutes. We compared the results from this federated model with those from a centralized or server model and with the results from training individual models for each subject. Results: In a 3-class classification problem using physiological and motion data to predict whether the subject was undertaking a neutral, amusing, or stressful task, the federated model achieved 92.8% accuracy on average, the server model achieved 93.2% accuracy on average, and the individual model achieved 90.2% accuracy on average. Conclusions: Our findings support the potential for using federated learning in mHealth. The results showed that the federated model performed better than a model trained separately on each individual and nearly as well as the server model. As federated learning offers more privacy than a server model, it may be a valuable option for designing sensitive data collection methods. %M 33783362 %R 10.2196/23728 %U https://mhealth.jmir.org/2021/3/e23728 %U https://doi.org/10.2196/23728 %U http://www.ncbi.nlm.nih.gov/pubmed/33783362 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 3 %P e27232 %T Analyzing the Essential Attributes of Nationally Issued COVID-19 Contact Tracing Apps: Open-Source Intelligence Approach and Content Analysis %A Weiß,Jan-Patrick %A Esdar,Moritz %A Hübner,Ursula %+ Health Informatics Research Group, Faculty of Business Management and Social Sciences, University of Applied Sciences Osnabrueck, Caprivistraße 30a, Osnabrück, , Germany, 49 5419692012, u.huebner@hs-osnabrueck.de %K COVID-19 %K contact tracing %K app %K protocol %K privacy %K assessment %K review %K surveillance %K monitoring %K design %K framework %K feature %K usage %D 2021 %7 26.3.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Contact tracing apps are potentially useful tools for supporting national COVID-19 containment strategies. Various national apps with different technical design features have been commissioned and issued by governments worldwide. Objective: Our goal was to develop and propose an item set that was suitable for describing and monitoring nationally issued COVID-19 contact tracing apps. This item set could provide a framework for describing the key technical features of such apps and monitoring their use based on widely available information. Methods: We used an open-source intelligence approach (OSINT) to access a multitude of publicly available sources and collect data and information regarding the development and use of contact tracing apps in different countries over several months (from June 2020 to January 2021). The collected documents were then iteratively analyzed via content analysis methods. During this process, an initial set of subject areas were refined into categories for evaluation (ie, coherent topics), which were then examined for individual features. These features were paraphrased as items in the form of questions and applied to information materials from a sample of countries (ie, Brazil, China, Finland, France, Germany, Italy, Singapore, South Korea, Spain, and the United Kingdom [England and Wales]). This sample was purposefully selected; our intention was to include the apps of different countries from around the world and to propose a valid item set that can be relatively easily applied by using an OSINT approach. Results: Our OSINT approach and subsequent analysis of the collected documents resulted in the definition of the following five main categories and associated subcategories: (1) background information (open-source code, public information, and collaborators); (2) purpose and workflow (secondary data use and warning process design); (3) technical information (protocol, tracing technology, exposure notification system, and interoperability); (4) privacy protection (the entity of trust and anonymity); and (5) availability and use (release date and the number of downloads). Based on this structure, a set of items that constituted the evaluation framework were specified. The application of these items to the 10 selected countries revealed differences, especially with regard to the centralization of the entity of trust and the overall transparency of the apps’ technical makeup. Conclusions: We provide a set of criteria for monitoring and evaluating COVID-19 tracing apps that can be easily applied to publicly issued information. The application of these criteria might help governments to identify design features that promote the successful, widespread adoption of COVID-19 tracing apps among target populations and across national boundaries. %M 33724920 %R 10.2196/27232 %U https://mhealth.jmir.org/2021/3/e27232 %U https://doi.org/10.2196/27232 %U http://www.ncbi.nlm.nih.gov/pubmed/33724920 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 23 %N 3 %P e25726 %T Adoption of COVID-19 Contact Tracing Apps: A Balance Between Privacy and Effectiveness %A Seto,Emily %A Challa,Priyanka %A Ware,Patrick %+ Institute of Health Policy, Management and Evaluation, Dalla Lana School of Public Health, University of Toronto, 155 College Street, Suite 425, Toronto, ON, M5T 3M6, Canada, 1 416 669 9295, emily.seto@utoronto.ca %K mobile apps %K COVID-19 %K contact tracing %K exposure notification %K privacy %K effectiveness %K app %K surveillance %K tracing %K transmission %K security %K digital health %D 2021 %7 4.3.2021 %9 Viewpoint %J J Med Internet Res %G English %X With the relative ubiquity of smartphones, contact tracing and exposure notification apps have been looked to as novel methods to help reduce the transmission of COVID-19. Many countries have created apps that lie across a spectrum from privacy-first approaches to those that have very few privacy measures. The level of privacy incorporated into an app is largely based on the societal norms and values of a particular country. Digital health technologies can be highly effective and preserve privacy at the same time, but in the case of contact tracing and exposure notification apps, there is a trade-off between increased privacy measures and the effectiveness of the app. In this article, examples from various countries are used to highlight how characteristics of contract tracing and exposure notification apps contribute to the perceived levels of privacy awarded to citizens and how this impacts an app’s effectiveness. We conclude that finding the right balance between privacy and effectiveness, while critical, is challenging because it is highly context-specific. %M 33617459 %R 10.2196/25726 %U https://www.jmir.org/2021/3/e25726 %U https://doi.org/10.2196/25726 %U http://www.ncbi.nlm.nih.gov/pubmed/33617459 %0 Journal Article %@ 2291-9694 %I JMIR Publications %V 9 %N 2 %P e25245 %T Blockchain-Based Digital Contact Tracing Apps for COVID-19 Pandemic Management: Issues, Challenges, Solutions, and Future Directions %A Idrees,Sheikh Mohammad %A Nowostawski,Mariusz %A Jameel,Roshan %+ Department of Computer Science, Norwegian University of Science and Technology, Teknologivegen 22, Gjovik, 2815, Norway, 47 46248610, sheikh.idrees99@gmail.com %K COVID-19 %K digital contact tracing %K privacy preservation %K security %K blockchain technology %K blockchain %K privacy %K contact tracing %K app %K surveillance %K security %D 2021 %7 9.2.2021 %9 Viewpoint %J JMIR Med Inform %G English %X The COVID-19 pandemic has caused substantial global disturbance by affecting more than 42 million people (as of the end of October 2020). Since there is no medication or vaccine available, the only way to combat it is to minimize transmission. Digital contact tracing is an effective technique that can be utilized for this purpose, as it eliminates the manual contact tracing process and could help in identifying and isolating affected people. However, users are reluctant to share their location and contact details due to concerns related to the privacy and security of their personal information, which affects its implementation and extensive adoption. Blockchain technology has been applied in various domains and has been proven to be an effective approach for handling data transactions securely, which makes it an ideal choice for digital contact tracing apps. The properties of blockchain such as time stamping and immutability of data may facilitate the retrieval of accurate information on the trail of the virus in a transparent manner, while data encryption assures the integrity of the information being provided. Furthermore, the anonymity of the user’s identity alleviates some of the risks related to privacy and confidentiality concerns. In this paper, we provide readers with a detailed discussion on the digital contact tracing mechanism and outline the apps developed so far to combat the COVID-19 pandemic. Moreover, we present the possible risks, issues, and challenges associated with the available contact tracing apps and analyze how the adoption of a blockchain-based decentralized network for handling the app could provide users with privacy-preserving contact tracing without compromising performance and efficiency. %M 33400677 %R 10.2196/25245 %U https://medinform.jmir.org/2021/2/e25245 %U https://doi.org/10.2196/25245 %U http://www.ncbi.nlm.nih.gov/pubmed/33400677 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 23 %N 2 %P e23467 %T Technology, Privacy, and User Opinions of COVID-19 Mobile Apps for Contact Tracing: Systematic Search and Content Analysis %A Elkhodr,Mahmoud %A Mubin,Omar %A Iftikhar,Zainab %A Masood,Maleeha %A Alsinglawi,Belal %A Shahid,Suleman %A Alnajjar,Fady %+ Department of Computer Science and Software Engineering, College of Information Technology, United Arab Emirates University, Alain 15551, Alain, , United Arab Emirates, 971 037135538, fady.alnajjar@uaeu.ac.ae %K contact tracing %K COVID-19 %K digital contact tracing apps %D 2021 %7 9.2.2021 %9 Original Paper %J J Med Internet Res %G English %X Background: Many countries across the globe have released their own COVID-19 contact tracing apps. This has resulted in the proliferation of several apps that used a variety of technologies. With the absence of a standardized approach used by the authorities, policy makers, and developers, many of these apps were unique. Therefore, they varied by function and the underlying technology used for contact tracing and infection reporting. Objective: The goal of this study was to analyze most of the COVID-19 contact tracing apps in use today. Beyond investigating the privacy features, design, and implications of these apps, this research examined the underlying technologies used in contact tracing apps. It also attempted to provide some insights into their level of penetration and to gauge their public reception. This research also investigated the data collection, reporting, retention, and destruction procedures used by each of the apps under review. Methods: This research study evaluated 13 apps corresponding to 10 countries based on the underlying technology used. The inclusion criteria ensured that most COVID-19-declared epicenters (ie, countries) were included in the sample, such as Italy. The evaluated apps also included countries that did relatively well in controlling the outbreak of COVID-19, such as Singapore. Informational and unofficial contact tracing apps were excluded from this study. A total of 30,000 reviews corresponding to the 13 apps were scraped from app store webpages and analyzed. Results: This study identified seven distinct technologies used by COVID-19 tracing apps and 13 distinct apps. The United States was reported to have released the most contact tracing apps, followed by Italy. Bluetooth was the most frequently used underlying technology, employed by seven apps, whereas three apps used GPS. The Norwegian, Singaporean, Georgian, and New Zealand apps were among those that collected the most personal information from users, whereas some apps, such as the Swiss app and the Italian (Immuni) app, did not collect any user information. The observed minimum amount of time implemented for most of the apps with regard to data destruction was 14 days, while the Georgian app retained records for 3 years. No significant battery drainage issue was reported for most of the apps. Interestingly, only about 2% of the reviewers expressed concerns about their privacy across all apps. The number and frequency of technical issues reported on the Apple App Store were significantly more than those reported on Google Play; the highest was with the New Zealand app, with 27% of the reviewers reporting technical difficulties (ie, 10% out of 27% scraped reviews reported that the app did not work). The Norwegian, Swiss, and US (PathCheck) apps had the least reported technical issues, sitting at just below 10%. In terms of usability, many apps, such as those from Singapore, Australia, and Switzerland, did not provide the users with an option to sign out from their apps. Conclusions: This article highlighted the fact that COVID-19 contact tracing apps are still facing many obstacles toward their widespread and public acceptance. The main challenges are related to the technical, usability, and privacy issues or to the requirements reported by some users. %M 33493125 %R 10.2196/23467 %U http://www.jmir.org/2021/2/e23467/ %U https://doi.org/10.2196/23467 %U http://www.ncbi.nlm.nih.gov/pubmed/33493125 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 2 %P e19594 %T Privacy Concerns About Health Information Disclosure in Mobile Health: Questionnaire Study Investigating the Moderation Effect of Social Support %A Dang,Yuanyuan %A Guo,Shanshan %A Guo,Xitong %A Wang,Mohan %A Xie,Kexin %+ School of Business and Management, Shanghai International Studies University, 1550 Wenxiang Road, Songjiang District, Shanghai, 201620, China, 86 18845594033, guoshanshan@shisu.edu.cn %K mobile health %K privacy concern %K disclosure benefit %K health information disclosure intention %D 2021 %7 8.2.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Mobile health (mHealth) provides a new opportunity for disease prediction and patient health self-management. However, privacy problems in mHealth have drawn significant attention to patients’ online health information disclosure and to the possibility that privacy concerns may hinder mHealth development. Objective: Privacy calculus theory (PCT) has been widely used to understand personal information disclosure behaviors with the basic assumption of a rational and linear decision-making process. However, cognitive behavior processes are complex and mutual. In an attempt to gain a fuller understanding of information disclosure behavior, we further optimize a PCT-based information disclosure model by identifying the mutual relationship between costs (privacy concerns) and benefits. Social support, which has been proven to be a distinct and significant disclosure benefit of mHealth, was chosen as the representative benefit of information disclosure. Methods: We examine a structural equation model that incorporates privacy concerns, health information disclosure intention in mHealth, and social support from mHealth, all at the individual level. Results: A validated questionnaire was completed by 253 randomly selected participants. The result indicated that perceived health information sensitivity positively enhances patients’ privacy concern (beta path coefficient 0.505, P<.001), and higher privacy concern levels will decrease their health information disclosure intention (beta path coefficient –0.338, P<.001). Various individual characteristics influence perceived health information sensitivity in different ways. One dimension of social support, informational support, negatively moderates the effect of the relationship between perceived health information sensitivity and privacy concerns (beta path coefficient –0.171, P=.092) and the effect of the relationship between privacy concerns and health information disclosure intention (beta path coefficient –0.105, P=.092). However, another dimension, emotional support, has no direct moderation effect on the relationship between privacy concerns and health information disclosure intention. Conclusions: The results indicate that social support can be regarded as a disutility reducer. That is, on the one hand, it reduces patients’ privacy concerns; on the other hand, it also reduces the negative impact of privacy concerns on information disclosure intention. Moreover, the moderation effect of social support is partially supported. Informational support, one dimension of social support, is significant (beta path coefficient –0.171, P=.092), while the other dimension, emotional support, is not significant (beta path coefficient –0.137, P=.146), in mHealth. Furthermore, the results are different among patients with different individual characteristics. This study also provides specific theoretical and practical implications to enhance the development of mHealth. %M 33555266 %R 10.2196/19594 %U https://mhealth.jmir.org/2021/2/e19594 %U https://doi.org/10.2196/19594 %U http://www.ncbi.nlm.nih.gov/pubmed/33555266 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 9 %N 1 %P e23409 %T Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation %A Ni,Zhenni %A Wang,Yiying %A Qian,Yuxing %+ School of Information Management, Wuhan University, LuoJiaShan, WuChang district, Wuhan, China, 86 13667195159, Jennie_N@whu.edu.cn %K mHealth %K noncommunicable diseases %K content analysis %D 2021 %7 28.1.2021 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: With the development of mobile health (mHealth), chronic disease management apps have brought not only the possibility of reducing the burden of chronic diseases but also huge privacy risks to patients’ health data. Objective: The purpose of the study was to analyze the extent to which chronic disease management apps in China comply with the Personal Information Security Specification (PI Specification). Methods: The compliance of 45 popular chronic disease management apps was evaluated from the perspective of the information life cycle. To conduct a fine-grained evaluation, a scale based on the PI Specification was developed. Finally, 6 level 1 indicators, 22 level 2 indicators, and 61 level 3 indicators were defined. Results: There were 33/45 apps (73%) with a privacy policy, and the average score of these apps was 40.4 out of 100. Items of level 1 indicators with high scores included general characteristics (mean 51.9% [SD 28.1%]), information collection and use (mean 51.1% [SD 36.7%]), and information sharing and transfer (mean 50.3% [SD 33.5%]). Information storage and protection had the lowest compliance with PI Specification (mean 29.4% [SD 32.4%]). Few personal information (PI) controllers have stated how to handle security incidents, including security incident reporting (7/33, 21%), security incident notification (10/33, 30%), and commitment to bear corresponding legal responsibility for PI security incidents (1/33, 3%). The performance of apps in the stage of information destruction (mean 31.8% [SD 40.0%]) was poor, and only 21% (7/33) apps would notify third parties to promptly delete PI after individuals cancelled their accounts. Moreover, the scoring rate for rights of PI subjects is generally low (mean 31.2% [SD 35.5%]), especially for obtaining copies of PI (15%) and responding to requests (25%). Conclusions: Although most chronic disease management apps had a privacy policy, the total compliance rate of the policy content was low, especially in the stage of information storage and protection. Thus, the field has a long way to go with regard to compliance around personal privacy protection in China. %M 33507159 %R 10.2196/23409 %U http://mhealth.jmir.org/2021/1/e23409/ %U https://doi.org/10.2196/23409 %U http://www.ncbi.nlm.nih.gov/pubmed/33507159 %0 Journal Article %@ 2561-326X %I JMIR Publications %V 5 %N 1 %P e23000 %T Attitudes and Perceptions Toward COVID-19 Digital Surveillance: Survey of Young Adults in the United States %A Maytin,Lauren %A Maytin,Jason %A Agarwal,Priya %A Krenitsky,Anna %A Krenitsky,JoAnn %A Epstein,Robert S %+ Epstein Health LLC, 50 Tice Blvd, Suite 340, Woodcliff Lake, NJ, 07677, United States, 1 201 285 5800, repstein@epsteinhealth.com %K attitude %K perception %K young adult %K COVID-19 %K digital surveillance %K population health technologies %K surveillance %K population %K survey %K adolescent %D 2021 %7 8.1.2021 %9 Original Paper %J JMIR Form Res %G English %X Background: COVID-19 is an international health crisis of particular concern in the United States, which saw surges of infections with the lifting of lockdowns and relaxed social distancing. Young adults have proven to be a critical factor for COVID-19 transmission and are an important target of the efforts to contain the pandemic. Scalable digital public health technologies could be deployed to reduce COVID-19 transmission, but their use depends on the willingness of young adults to participate in surveillance. Objective: The aim of this study is to determine the attitudes of young adults regarding COVID-19 digital surveillance, including which aspects they would accept and which they would not, as well as to determine factors that may be associated with their willingness to participate in digital surveillance. Methods: We conducted an anonymous online survey of young adults aged 18-24 years throughout the United States in June 2020. The questionnaire contained predominantly closed-ended response options with one open-ended question. Descriptive statistics were applied to the data. Results: Of 513 young adult respondents, 383 (74.7%) agreed that COVID-19 represents a public health crisis. However, only 231 (45.1%) agreed to actively share their COVID-19 status or symptoms for monitoring and only 171 (33.4%) reported a willingness to allow access to their cell phone for passive location tracking or contact tracing. Conclusions: Despite largely agreeing that COVID-19 represents a serious public health risk, the majority of young adults sampled were reluctant to participate in digital monitoring to manage the pandemic. This was true for both commonly used methods of public health surveillance (such as contact tracing) and novel methods designed to facilitate a return to normal (such as frequent symptom checking through digital apps). This is a potential obstacle to ongoing containment measures (many of which rely on widespread surveillance) and may reflect a need for greater education on the benefits of public health digital surveillance for young adults. %M 33347420 %R 10.2196/23000 %U http://formative.jmir.org/2021/1/e23000/ %U https://doi.org/10.2196/23000 %U http://www.ncbi.nlm.nih.gov/pubmed/33347420 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 22 %N 12 %P e21572 %T COVID-19 Contact-Tracing Apps: Analysis of the Readability of Privacy Policies %A Zhang,Melvyn %A Chow,Aloysius %A Smith,Helen %+ Family Medicine and Primary Care, Lee Kong Chian School of Medicine, Nanyang Technological University Singapore, 11 Mandalay Road Level 18, Clinical Sciences Building, Singapore, 308322, Singapore, 65 63892504, melvynzhangweibin@gmail.com %K COVID-19 %K smartphone apps %K contact tracing %K privacy policy %K readability %K app %K privacy %K surveillance %D 2020 %7 3.12.2020 %9 Viewpoint %J J Med Internet Res %G English %X Apps that enable contact-tracing are instrumental in mitigating the transmission of COVID-19, but there have been concerns among users about the data collected by these apps and their management. Contact tracing is of paramount importance when dealing with a pandemic, as it allows for rapid identification of cases based on the information collected from infected individuals about other individuals they may have had recent contact with. Advances in digital technology have enabled devices such as mobile phones to be used in the contract-tracing process. However, there is a potential risk of users’ personal information and sensitive data being stolen should hackers be in the near vicinity of these devices. Thus, there is a need to develop privacy-preserving apps. Meanwhile, privacy policies that outline the risk associated with the use of contact-tracing apps are needed, in formats that are easily readable and comprehensible by the public. To our knowledge, no previous study has examined the readability of privacy policies of contact-tracings apps. Therefore, we performed a readability analysis to evaluate the comprehensibility of privacy policies of 7 contact-tracing apps currently in use. The contents of the privacy policies of these apps were assessed for readability using Readability Test Tool, a free web-based reliability calculator, which computes scores based on a number of statistics (ie, word count and the number of complex words) and indices (ie, Flesch Reading Ease, Flesch-Kincaid Reading Grade Level, Gunning Fog Index, and Simplified Measure of Gobbledygook index). Our analysis revealed that explanations used in the privacy policies of these apps require a reading grade between 7 and 14, which is considerably higher than the reading ability of the average individual. We believe that improving the readability of privacy policies of apps could be potentially reassuring for users and may help facilitate the increased use of such apps. %M 33170798 %R 10.2196/21572 %U https://www.jmir.org/2020/12/e21572 %U https://doi.org/10.2196/21572 %U http://www.ncbi.nlm.nih.gov/pubmed/33170798 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 8 %N 11 %P e23194 %T COVID-19 Contact Tracing Apps: A Technologic Tower of Babel and the Gap for International Pandemic Control %A Du,Li %A Raposo,Vera Lúcia %A Wang,Meng %+ Faculty of Law, University of Macau, Avenida da Universidade, Taipa, Macau, SAR, 999078, China, 853 88224733, stephendu@um.edu.mo %K COVID-19 %K contact tracing apps %K privacy %K public health %K global health %D 2020 %7 27.11.2020 %9 Viewpoint %J JMIR Mhealth Uhealth %G English %X As the world struggles with the new COVID-19 pandemic, contact tracing apps of various types have been adopted in many jurisdictions for combating the spread of the SARS-CoV-2 virus. However, even if they are successful in containing the virus within national borders, these apps are becoming ineffective as international travel is gradually resumed. The problem rests in the plurality of apps and their inability to operate in a synchronized manner, as well as the absence of an international entity with the power to coordinate and analyze the information collected by the disparate apps. The risk of creating a useless Tower of Babel of COVID-19 contact tracing apps is very real, endangering global health. This paper analyzes legal barriers for realizing the interoperability of contact tracing apps and emphasizes the need for developing coordinated solutions to promote safe international travel and global pandemic control. %M 33156804 %R 10.2196/23194 %U http://mhealth.jmir.org/2020/11/e23194/ %U https://doi.org/10.2196/23194 %U http://www.ncbi.nlm.nih.gov/pubmed/33156804 %0 Journal Article %@ 2291-9694 %I JMIR Publications %V 8 %N 9 %P e20477 %T Applying Blockchain Technology to Address the Crisis of Trust During the COVID-19 Pandemic %A Khurshid,Anjum %+ The University of Texas at Austin, 1701 Trinity Street, Austin, TX, 78712, United States, 1 5124955225, anjum.khurshid@austin.utexas.edu %K blockchain %K privacy %K trust %K contact tracing %K COVID-19 %K coronavirus %D 2020 %7 22.9.2020 %9 Viewpoint %J JMIR Med Inform %G English %X Background: The widespread death and disruption caused by the COVID-19 pandemic has revealed deficiencies of existing institutions regarding the protection of human health and well-being. Both a lack of accurate and timely data and pervasive misinformation are causing increasing harm and growing tension between data privacy and public health concerns. Objective: This aim of this paper is to describe how blockchain, with its distributed trust networks and cryptography-based security, can provide solutions to data-related trust problems. Methods: Blockchain is being applied in innovative ways that are relevant to the current COVID-19 crisis. We describe examples of the challenges faced by existing technologies to track medical supplies and infected patients and how blockchain technology applications may help in these situations. Results: This exploration of existing and potential applications of blockchain technology for medical care shows how the distributed governance structure and privacy-preserving features of blockchain can be used to create “trustless” systems that can help resolve the tension between maintaining privacy and addressing public health needs in the fight against COVID-19. Conclusions: Blockchain relies on a distributed, robust, secure, privacy-preserving, and immutable record framework that can positively transform the nature of trust, value sharing, and transactions. A nationally coordinated effort to explore blockchain to address the deficiencies of existing systems and a partnership of academia, researchers, business, and industry are suggested to expedite the adoption of blockchain in health care. %M 32903197 %R 10.2196/20477 %U http://medinform.jmir.org/2020/9/e20477/ %U https://doi.org/10.2196/20477 %U http://www.ncbi.nlm.nih.gov/pubmed/32903197 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 22 %N 9 %P e19818 %T Doctors Routinely Share Health Data Electronically Under HIPAA, and Sharing With Patients and Patients’ Third-Party Health Apps is Consistent: Interoperability and Privacy Analysis %A Savage,Mark %A Savage,Lucia Clara %+ Center for Digital Health Innovation, University of California, San Francisco, 1700 Owens Street, Suite 541, San Francisco, CA, 94158, United States, 1 415 225 1676, Mark.Savage@ucsf.edu %K digital health %K privacy %K interoperability %K mobile phone, smartphone %K electronic health records %K EHR %K patient access %K patient engagement %K Health Insurance Portability and Accountability Act %K HIPAA %K Health Information Technology for Economic and Clinical Health Act %K HITECH %K covered entity %K business associate %K protected health information %K PHI %K digital health applications %K apps %D 2020 %7 2.9.2020 %9 Viewpoint %J J Med Internet Res %G English %X Since 2000, federal regulations have affirmed that patients have a right to a complete copy of their health records from their physicians and hospitals. Today, providers across the nation use electronic health records and electronic information exchange for health care, and patients are choosing digital health apps to help them manage their own health and health information. Some doctors and health systems have voiced concern about whether they may transmit a patient’s data upon the patient’s request to the patient or the patient’s health app. This hesitation impedes shared information and care coordination with patients. It impairs patients’ ability to use the state-of-the-art digital health tools they choose to track and manage their health. It undermines the ability of patients’ family caregivers to monitor health and to work remotely to provide care by using the nearly unique capabilities of health apps on people’s smartphones. This paper explains that sharing data electronically with patients and patients’ third-party apps is legally consistent under the Health Insurance Portability and Accountability Act (HIPAA) with routine electronic data sharing with other doctors for treatment or with insurers for reimbursement. The paper explains and illustrates basic principles and scenarios around sharing with patients, including patients’ third-party apps. Doctors routinely and legally share health data electronically under HIPAA whether or not their organizations retain HIPAA responsibility. Sharing with patients and patients’ third-party apps is no different and should be just as routine. %M 32876582 %R 10.2196/19818 %U https://www.jmir.org/2020/9/e19818 %U https://doi.org/10.2196/19818 %U http://www.ncbi.nlm.nih.gov/pubmed/32876582 %0 Journal Article %@ 2369-2960 %I JMIR Publications %V 6 %N 3 %P e20572 %T Adoption of a Contact Tracing App for Containing COVID-19: A Health Belief Model Approach %A Walrave,Michel %A Waeterloos,Cato %A Ponnet,Koen %+ Research Group MIOS, Department of Communication Studies, Faculty of Social Sciences, University of Antwerp, Sint-Jacobstraat 2, Antwerp, 2000, Belgium, 32 475459785, michel.walrave@uantwerp.be %K COVID-19 %K SARS-CoV-2 %K health belief model %K contact tracing %K proximity tracing %K privacy %D 2020 %7 1.9.2020 %9 Original Paper %J JMIR Public Health Surveill %G English %X Background: To track and reduce the spread of COVID-19, apps have been developed to identify contact with individuals infected with SARS-CoV-2 and warn those who are at risk of having contracted the virus. However, the effectiveness of these apps depends highly on their uptake by the general population. Objective: The present study investigated factors influencing app use intention, based on the health belief model. In addition, associations with respondents’ level of news consumption and their health condition were investigated. Methods: A survey was administered in Flanders, Belgium, to 1500 respondents, aged 18 to 64 years. Structural equation modeling was used to investigate relationships across the model’s constructs. Results: In total, 48.70% (n=730) of respondents indicated that they intend to use a COVID-19 tracing app. The most important predictor was the perceived benefits of the app, followed by self-efficacy and perceived barriers. Perceived severity and perceived susceptibility were not related to app uptake intention. Moreover, cues to action (ie, individuals’ exposure to [digital] media content) were positively associated with app use intention. As the respondents’ age increased, their perceived benefits and self-efficacy for app usage decreased. Conclusions: Initiatives to stimulate the uptake of contact tracing apps should enhance perceived benefits and self-efficacy. A perceived barrier for some potential users is privacy concerns. Therefore, when developing and launching an app, clarification on how individuals’ privacy will be protected is needed. To sustain perceived benefits in the long run, supplementary options could be integrated to inform and assist users. %M 32755882 %R 10.2196/20572 %U http://publichealth.jmir.org/2020/3/e20572/ %U https://doi.org/10.2196/20572 %U http://www.ncbi.nlm.nih.gov/pubmed/32755882 %0 Journal Article %@ 1929-0748 %I JMIR Publications %V 9 %N 7 %P e16471 %T Developing Effective Methods for Electronic Health Personalization: Protocol for Health Telescope, a Prospective Interventional Study %A Willemse,Bastiaan Johannes Paulus Cornelis %A Kaptein,Maurits Clemens %A Hasaart,Fleur %+ Jheronimus Academy of Data Science, Sint Janssingel 92, 's-Hertogenbosch, 5211 DA, Netherlands, 31 073 614 5515, b.j.p.c.willemse@tilburguniversity.edu %K eHealth %K mHealth %K personalization %K longitudinal study %K wearables %K panel study %K persuasive technology %K gdpr %D 2020 %7 31.7.2020 %9 Protocol %J JMIR Res Protoc %G English %X Background: Existing evaluations of the effects of mobile apps to encourage physical activity have been criticized owing to their common lack of external validity, their short duration, and their inability to explain the drivers of the observed effects. This protocol describes the setup of Health Telescope, a longitudinal panel study in which the long-term effects of mobile electronic health (eHealth) apps are investigated. By setting up Health Telescope, we aim to (1) understand more about the long-term use of eHealth apps in an externally valid setting, (2) understand the relationships between short-term and long-term outcomes of the usage of eHealth apps, and (3) test different ways in which eHealth app allocation can be personalized. Objective: The objectives of this paper are to (1) demonstrate and motivate the validity of the many choices that we made in setting up an intensive longitudinal study, (2) provide a resource for researchers interested in using data generated by our study, and (3) act as a guideline for researchers interested in setting up their own longitudinal data collection using wearable devices. For the third objective, we explicitly discuss the General Data Protection Regulation and ethical requirements that need to be addressed. Methods: In this 4-month study, a group of approximately 450 participants will have their daily step count measured and will be asked daily about their mood using experience sampling. Once per month, participants will receive an intervention containing a recommendation to download an app that focuses on increasing physical activity. The mechanism for assigning recommendations to participants will be personalized over time, using contextual data obtained from previous interventions. Results: The data collection software has been developed, and all the legal and ethical checks are in place. Recruitment will start in Q4 of 2020. The initial results will be published in 2021. Conclusions: The aim of Health Telescope is to investigate how different individuals respond to different ways of being encouraged to increase their physical activity. In this paper, we detail the setup, methods, and analysis plan that will enable us to reach this aim. International Registered Report Identifier (IRRID): PRR1-10.2196/16471 %M 32734930 %R 10.2196/16471 %U http://www.researchprotocols.org/2020/7/e16471/ %U https://doi.org/10.2196/16471 %U http://www.ncbi.nlm.nih.gov/pubmed/32734930 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 8 %N 7 %P e17134 %T Assessment of the Fairness of Privacy Policies of Mobile Health Apps: Scale Development and Evaluation in Cancer Apps %A Benjumea,Jaime %A Ropero,Jorge %A Rivera-Romero,Octavio %A Dorronzoro-Zubiete,Enrique %A Carrasco,Alejandro %+ Department of Electronic Technology, Universidad de Sevilla, Escuela Técnica Superior de Ingeniería Informática, Avda Reina Mercedes s/n, Sevilla, Spain, 34 6306 29719, jaimebm@us.es %K privacy %K mhealth apps %K fairness assessment scale %K cancer apps %K GDPR %D 2020 %7 28.7.2020 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Cancer patients are increasingly using mobile health (mHealth) apps to take control of their health. Many studies have explored their efficiency, content, usability, and adherence; however, these apps have created a new set of privacy challenges, as they store personal and sensitive data. Objective: The purpose of this study was to refine and evaluate a scale based on the General Data Protection Regulation and assess the fairness of privacy policies of mHealth apps. Methods: Based on the experience gained from our previous work, we redefined some of the items and scores of our privacy scale. Using the new version of our scale, we conducted a case study in which we analyzed the privacy policies of cancer Android apps. A systematic search of cancer mobile apps was performed in the Spanish version of the Google Play website. Results: The redefinition of certain items reduced discrepancies between reviewers. Thus, use of the scale was made easier, not only for the reviewers but also for any other potential users of our scale. Assessment of the privacy policies revealed that 29% (9/31) of the apps included in the study did not have a privacy policy, 32% (10/31) had a score over 50 out of a maximum of 100 points, and 39% (12/31) scored fewer than 50 points. Conclusions: In this paper, we present a scale for the assessment of mHealth apps that is an improved version of our previous scale with adjusted scores. The results showed a lack of fairness in the mHealth app privacy policies that we examined, and the scale provides developers with a tool to evaluate their privacy policies. %M 32720913 %R 10.2196/17134 %U http://mhealth.jmir.org/2020/7/e17134/ %U https://doi.org/10.2196/17134 %U http://www.ncbi.nlm.nih.gov/pubmed/32720913 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 8 %N 7 %P e16753 %T Need for the Development of a Specific Regulatory Framework for Evaluation of Mobile Health Apps in Peru: Systematic Search on App Stores and Content Analysis %A Rojas Mezarina,Leonardo %A Silva-Valencia,Javier %A Escobar-Agreda,Stefan %A Espinoza Herrera,Daniel Hector %A Egoavil,Miguel S %A Maceda Kuljich,Mirko %A Inga-Berrospi,Fiorella %A Ronceros,Sergio %+ Unidad de Telesalud, School of Medicine, Universidad Nacional Mayor de San Marcos, Av Grau 755, Cercado de Lima, Lima, Peru, 51 978978368, javier.silva@unmsm.edu.pe %K mhealth apps %K mHealth %K regulatory framework %K Peru, eHealth %D 2020 %7 10.7.2020 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: In Peru, there is an increase in the creation of mobile health (mHealth) apps; however, this situation could present problems related to the quality of information these apps share, data security and privacy, usability, and effectiveness, as there is no specific local regulation about their creation and use. Objective: The objective of this study was to review mHealth apps created, uploaded, or used in Peru, and perform an analysis of the national regulatory framework that could be applied to evaluate whether there is a need to develop and implement a specific regulation to these apps. Methods: A total of 3 reviews were performed. First, we reviewed information about Peruvian mHealth apps created up to May 2019 from scientific publications, news, government communications, and virtual stores, and evaluated their purpose, creator, and the available evidence of their usability and effectiveness. The second review was carried out by taking a sample of the 10 most commonly used mHealth apps in Peru (regardless of the country of creation), to evaluate the information they collect and classify them according to the possible risks that they could present in terms of security and privacy. In addition, we evaluated whether they refer to or endorse the information they provided. Finally, in the third review, we searched for Peruvian standards related to electronic health (eHealth) that involve information technology that can be applied to regulate these apps. Results: A total of 66 apps meeting our inclusion criteria were identified; of these, 47% (n=31) belonged to government agencies and 47% (n=31) were designed for administrative purposes (private and government agencies). There was no evidence about the usability or effectiveness of any of these apps. Concerning the 10 most commonly used mHealth apps in Peru, about the half of them gathered user information that could be leaked, changed, or lost, thus posing a great harm to their users or to their related patients. In addition, 6/10 (60%) of these apps did not mention the source of the information they provided. Among the Peruvian norms, the Law on the Protection of Personal Data, Law on Medical Devices, and administrative directives on standards and criteria for health information systems have some regulations that could be applied to these apps; however, these do not fully cover all aspects concerning the evaluation of security and privacy of data, quality of provided information, and evidence of an app’s usability and effectiveness. Conclusions: Because many Peruvian mHealth apps have issues related to security and privacy of data, quality of information provided, and lack of available evidence of their usability and effectiveness, there is an urgent need to develop a regulatory framework based on existing medical device and health information system norms in order to promote the evaluation and regulation of all the aforesaid aspects, including the creation of a national repository for these apps that describes all these characteristics. %M 32352926 %R 10.2196/16753 %U https://mhealth.jmir.org/2020/7/e16753 %U https://doi.org/10.2196/16753 %U http://www.ncbi.nlm.nih.gov/pubmed/32352926 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 8 %N 7 %P e18868 %T Privacy Assessment in Mobile Health Apps: Scoping Review %A Benjumea,Jaime %A Ropero,Jorge %A Rivera-Romero,Octavio %A Dorronzoro-Zubiete,Enrique %A Carrasco,Alejandro %+ Department of Electronic Technology, Universidad de Sevilla, ETS Ing Informática, Avda Reina Mercedes s/n, Seville, 41012, Spain, 34 954559960, jaimebm@us.es %K privacy %K mHealth %K apps %K privacy assessment %K data privacy %K review %K security %K mobile phone %D 2020 %7 2.7.2020 %9 Review %J JMIR Mhealth Uhealth %G English %X Background: Privacy has always been a concern, especially in the health domain. The proliferation of mobile health (mHealth) apps has led to a large amount of sensitive data being generated. Some authors have performed privacy assessments of mHealth apps. They have evaluated diverse privacy components; however, different authors have used different criteria for their assessments. Objective: This scoping review aims to understand how privacy is assessed for mHealth apps, focusing on the components, scales, criteria, and scoring methods used. A simple taxonomy to categorize the privacy assessments of mHealth apps based on component evaluation is also proposed. Methods: We followed the methodology defined by Arksey and O’Malley to conduct a scoping review. Included studies were categorized based on the privacy component, which was assessed using the proposed taxonomy. Results: The database searches retrieved a total of 710 citations—24 of them met the defined selection criteria, and data were extracted from them. Even though the inclusion criteria considered articles published since 2009, all the studies that were ultimately included were published from 2014 onward. Although 12 papers out of 24 (50%) analyzed only privacy, 8 (33%) analyzed both privacy and security. Moreover, 4 papers (17%) analyzed full apps, with privacy being just part of the assessment. The evaluation criteria used by authors were heterogeneous and were based on their experience, the literature, and/or existing legal frameworks. Regarding the set of items used for the assessments, each article defined a different one. Items included app permissions, analysis of the destination, analysis of the content of communications, study of the privacy policy, use of remote storage, and existence of a password to access the app, among many others. Most of the included studies provided a scoring method that enables the comparison of privacy among apps. Conclusions: The privacy assessment of mHealth apps is a complex task, as the criteria used by different authors for their evaluations are very heterogeneous. Although some studies about privacy assessment have been conducted, a very large set of items to evaluate privacy has been used up until now. In-app information and privacy policies are primarily utilized by the scientific community to extract privacy information from mHealth apps. The creation of a scale based on more objective criteria is a desirable step forward for privacy assessment in the future. %M 32459640 %R 10.2196/18868 %U https://mhealth.jmir.org/2020/7/e18868 %U https://doi.org/10.2196/18868 %U http://www.ncbi.nlm.nih.gov/pubmed/32459640 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 8 %N 6 %P e17567 %T Medical Device Apps: An Introduction to Regulatory Affairs for Developers %A Keutzer,Lina %A Simonsson,Ulrika SH %+ Department of Pharmaceutical Biosciences, Uppsala University, Box 591, Uppsala, 75124, Sweden, 46 18 471 4000, Ulrika.Simonsson@farmbio.uu.se %K MDR %K medical device regulation %K medical devices, medical device software %K mHealth %K eHealth %K mobile apps %K smartphone apps %D 2020 %7 26.6.2020 %9 Viewpoint %J JMIR Mhealth Uhealth %G English %X The Poly Implant Prothèse (PIP) scandal in France prompted a revision of the regulations regarding the marketing of medical devices. The new Medical Device Regulation (MDR [EU]) 2017/745 was developed and entered into force on May 25, 2017. After a transition period of 3 years, the regulations must be implemented in all EU and European Economic Area member states. The implementation of this regulation bears many changes for medical device development and marketing, including medical device software and mobile apps. Medical device development and marketing is a complex process by which manufacturers must keep many regulatory requirements and obligations in mind. The objective of this paper is to provide an introduction and overview of regulatory affairs for manufacturers that are new to the field of medical device software and apps with a specific focus on the new MDR, accompanying harmonized standards, and guidance documents from the European Commission. This work provides a concise overview of the qualification and classification of medical device software and apps, conformity assessment routes, technical documentation, clinical evaluation, the involvement of notified bodies, and the unique device identifier. Compared to the previous Medical Device Directive (MDD) 93/42/EEC, the MDR provides greater detail about the requirements for software qualification and classification. In particular, rule 11 sets specific rules for the classification of medical device software and will be described in this paper. In comparison to the previous MDD, the MDR is more stringent, especially regarding the classification of health apps and software. The implementation of the MDR in May 2020 and its interpretation by the authorities will demonstrate how app and software manufacturers as well as patients will be affected by the regulation. %M 32589154 %R 10.2196/17567 %U http://mhealth.jmir.org/2020/6/e17567/ %U https://doi.org/10.2196/17567 %U http://www.ncbi.nlm.nih.gov/pubmed/32589154 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 8 %N 6 %P e18175 %T Hospital Bring-Your-Own-Device Security Challenges and Solutions: Systematic Review of Gray Literature %A Wani,Tafheem Ahmad %A Mendoza,Antonette %A Gray,Kathleen %+ School of Computing and Information Systems, The University of Melbourne, Level 6, Doug McDonell Building, Parkville, Melbourne, 3010, Australia, 61 451906170, twani@student.unimelb.edu.au %K BYOD %K bring-your-own-device %K health care facilities %K mhealth %K mobile phone %K confidentiality %K computer security %D 2020 %7 18.6.2020 %9 Review %J JMIR Mhealth Uhealth %G English %X Background: As familiarity with and convenience of using personal devices in hospitals help improve the productivity, efficiency, and workflow of hospital staff, the health care bring-your-own-device (BYOD) market is growing consistently. However, security concerns owing to the lack of control over the personal mobile devices of staff, which may contain sensitive data such as personal health information of patients, make it one of the biggest health care information technology (IT) challenges for hospital administrations. Objective: Given that the hospital BYOD security has not been adequately addressed in peer-reviewed literature, the aim of this paper was to identify key security challenges associated with hospital BYOD usage as well as relevant solutions that can cater to the identified issues by reviewing gray literature. Therefore, this research will provide additional practical insights from current BYOD practices. Methods: A comprehensive gray literature review was conducted, which followed the stepwise guidelines and quality assessment criteria set out by Garousi et al. The searched literature included tier 1 sources such as health care cybersecurity market reports, white papers, guidelines, policies, and frameworks as well as tier 2 sources such as credible and reputed health IT magazines, databases, and news articles. Moreover, a deductive thematic analysis was conducted to organize the findings based on Schlarman’s People Policy Technology model, promoting a holistic understanding of hospitals’ BYOD security issues and solutions. Results: A total of 51 sources were found to match the designed eligibility criteria. From these studies, several sociotechnical issues were identified. The major challenges identified were the use of devices with insufficient security controls by hospital staff, lack of control or visibility for the management to maintain security requirements, lack of awareness among hospital staff, lack of direction or guidance for BYOD usage, poor user experience, maintenance of legal requirements, shortage of cybersecurity skills, and loss of devices. Although technologies such as mobile device management, unified endpoint management, containerization, and virtual private network allow better BYOD security management in hospitals, policies and people management measures such as strong security culture and staff awareness and training improve staff commitment in protecting hospital data. Conclusions: The findings suggest that to optimize BYOD security management in hospitals, all 3 dimensions of the security process (people, policy, and technology) need to be given equal emphasis. As the nature of cybersecurity attacks is becoming more complex, all dimensions should work in close alignment with each other. This means that with the modernization of BYOD technology, BYOD strategy, governance, education, and relevant policies and procedures also need to adapt accordingly. %M 32554388 %R 10.2196/18175 %U https://mhealth.jmir.org/2020/6/e18175 %U https://doi.org/10.2196/18175 %U http://www.ncbi.nlm.nih.gov/pubmed/32554388 %0 Journal Article %@ 2291-9694 %I JMIR Publications %V 8 %N 4 %P e14604 %T Impact of the European General Data Protection Regulation (GDPR) on Health Data Management in a European Union Candidate Country: A Case Study of Serbia %A Marovic,Branko %A Curcin,Vasa %+ Computer Centre, University of Belgrade, Kumanovska 7, Belgrade, 11000, Serbia, 381 113031257, branko.marovic@rcub.bg.ac.rs %K privacy act %K patient data privacy %K data sharing %K information disclosure %K ethical issues %K medical tourists %K health care systems %K public policy %K policy compliance %K legal aspects %K international aspects %D 2020 %7 17.4.2020 %9 Commentary %J JMIR Med Inform %G English %X As of May 2018, all relevant institutions within member countries of the European Economic Area are required to comply with the European General Data Protection Regulation (GDPR) or face significant fines. This regulation has also had a notable effect on the European Union (EU) candidate countries, which are undergoing the process of harmonizing their legislature with the EU as part of the accession process. The Republic of Serbia is an example of such a candidate country, and its 2018 Personal Data Protection Act mirrors the majority of provisions in the GDPR. This paper presents the impact of the GDPR on health data management and Serbia’s capability to conduct international health data research projects. Data protection incidents reported in Serbia are explored to identify common underlying causes using a novel taxonomy of contributing factors across aspects and health system levels. The GDPR has an extraterritorial application for the non-EU data controllers who process the data of EU citizens and residents, which mainly affects private practices used by medical tourists from the EU, public health care institutions frequented by foreigners, as well as expatriates, dual citizens, tourists, and other visitors. Serbia generally does not have well-established procedures to support international research collaborations around its health data. For smaller projects, contractual arrangements can be made with health data providers and their ethics committees. Even then, organizations that have not previously participated in similar ventures may require approval or support from health authorities. Extensive studies that involve multisite data typically require the support of central health system institutions and relevant research data aggregators or electronic health record vendors. The lack of a framework for preparation, anonymization, and assurance of privacy preservation forces researchers to rely heavily on local expertise and support. Given the current limitation and potential issues with the legislation, it remains to be seen whether the move toward the GDPR will be beneficial for the Serbian health system, medical research, protection of personal data and privacy rights, and research capacity. Although significant progress has been made so far, a strategic approach is needed at the national level to address insufficient resources in the area of data protection and develop the personal data protection environment further. This will also require a targeted educational effort among health workers and decision makers, aiming to improve awareness and develop skills and knowledge necessary for the workforce. %M 32301736 %R 10.2196/14604 %U http://medinform.jmir.org/2020/4/e14604/ %U https://doi.org/10.2196/14604 %U http://www.ncbi.nlm.nih.gov/pubmed/32301736 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 8 %N 1 %P e15329 %T Quality Assurance of Health Wearables Data: Participatory Workshop on Barriers, Solutions, and Expectations %A Abdolkhani,Robab %A Gray,Kathleen %A Borda,Ann %A DeSouza,Ruth %+ Health and Biomedical Informatics Centre, The University of Melbourne, Level 13, 305 Grattan St, Melbourne, Victoria, 3000, Australia, 61 390358703, rabdolkhani@student.unimelb.edu.au %K remote sensing technology %K data quality assurance %K patient-generated health data %K wearable devices %K participatory research %D 2020 %7 22.1.2020 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: The ubiquity of health wearables and the consequent production of patient-generated health data (PGHD) are rapidly escalating. However, the utilization of PGHD in routine clinical practices is still low because of data quality issues. There is no agreed approach to PGHD quality assurance; therefore, realizing the promise of PGHD requires in-depth discussion among diverse stakeholders to identify the data quality assurance challenges they face and understand their needs for PGHD quality assurance. Objective: This paper reports findings from a workshop aimed to explore stakeholders’ data quality challenges, identify their needs and expectations, and offer practical solutions. Methods: A qualitative multi-stakeholder workshop was conducted as a half-day event on the campus of an Australian University located in a major health care precinct, namely the Melbourne Parkville Precinct. The 18 participants had experience of PGHD use in clinical care, including people who identified as health care consumers, clinical care providers, wearables suppliers, and health information specialists. Data collection was done by facilitators capturing written notes of the proceedings as attendees engaged in participatory design activities in written and oral formats, using a range of whole-group and small-group interactive methods. The collected data were analyzed thematically, using deductive and inductive coding. Results: The participants’ discussions revealed a range of technical, behavioral, operational, and organizational challenges surrounding PGHD, from the time when data are collected by patients to the time data are used by health care providers for clinical decision making. PGHD stakeholders found consensus on training and engagement needs, continuous collaboration among stakeholders, and development of technical and policy standards to assure PGHD quality. Conclusions: Assuring PGHD quality is a complex process that requires the contribution of all PGHD stakeholders. The variety and depth of inputs in our workshop highlighted the importance of co-designing guidance for PGHD quality guidance. %M 32012090 %R 10.2196/15329 %U https://mhealth.jmir.org/2020/1/e15329 %U https://doi.org/10.2196/15329 %U http://www.ncbi.nlm.nih.gov/pubmed/32012090 %0 Journal Article %@ 2561-326X %I JMIR Publications %V 3 %N 3 %P e14329 %T Psychiatry Outpatients’ Willingness to Share Social Media Posts and Smartphone Data for Research and Clinical Purposes: Survey Study %A Rieger,Agnes %A Gaines,Averi %A Barnett,Ian %A Baldassano,Claudia Frances %A Connolly Gibbons,Mary Beth %A Crits-Christoph,Paul %+ University of Pennsylvania, Suite 650, 3535 Market Street, Philadelphia, PA, 19104, United States, 1 215 662 7993, crits@pennmedicine.upenn.edu %K social media %K smartphone %K outpatients %K psychiatry %K psychotherapy %K digital health %K mhealth %K digital phenotyping %K privacy %K user preferences %D 2019 %7 29.8.2019 %9 Original Paper %J JMIR Form Res %G English %X Background: Psychiatry research has begun to leverage data collected from patients’ social media and smartphone use. However, information regarding the feasibility of utilizing such data in an outpatient setting and the acceptability of such data in research and practice is limited. Objective: This study aimed at understanding the outpatients’ willingness to have information from their social media posts and their smartphones used for clinical or research purposes. Methods: In this survey study, we surveyed patients (N=238) in an outpatient clinic waiting room. Willingness to share social media and passive smartphone data was summarized for the sample as a whole and broken down by sex, age, and race. Results: Most patients who had a social media account and who were receiving talk therapy treatment (74.4%, 99/133) indicated that they would be willing to share their social media posts with their therapists. The percentage of patients willing to share passive smartphone data with researchers varied from 40.8% (82/201) to 60.7% (122/201) depending on the parameter, with sleep duration being the parameter with the highest percentage of patients willing to share. A total of 30.4% of patients indicated that media stories of social media privacy breaches made them more hesitant about sharing passive smartphone data with researchers. Sex and race were associated with willingness to share smartphone data, with men and whites being the most willing to share. Conclusions: Our results indicate that most patients in a psychiatric outpatient setting would share social media and passive smartphone data and that further research elucidating patterns of willingness to share passive data is needed. %M 31493326 %R 10.2196/14329 %U http://formative.jmir.org/2019/3/e14329/ %U https://doi.org/10.2196/14329 %U http://www.ncbi.nlm.nih.gov/pubmed/31493326 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 21 %N 5 %P e13385 %T Secure and Scalable mHealth Data Management Using Blockchain Combined With Client Hashchain: System Design and Validation %A Motohashi,Tomomitsu %A Hirano,Tomonobu %A Okumura,Kosuke %A Kashiyama,Makiko %A Ichikawa,Daisuke %A Ueno,Taro %+ SUSMED, Inc, Nihonbashi Life Science Bldg 2, 3-11-5, Honcho, Nihonbashi, Chuo-ku, Tokyo, 103-0023, Japan, 81 335273593, t-ueno@umin.ac.jp %K mobile health %K electronic health records %K blockchain %K client hashchain %K clinical trial %D 2019 %7 16.05.2019 %9 Original Paper %J J Med Internet Res %G English %X Background: Blockchain is emerging as an innovative technology for secure data management in many areas, including medical practice. A distributed blockchain network is tolerant against network fault, and the registered data are resistant to tampering and revision. The technology has a high affinity with digital medicine like mobile health (mHealth) and provides reliability to the medical data without labor-intensive third-party contributions. On the other hand, the reliability of the medical data is not insured before registration to the blockchain network. Furthermore, there are issues with regard to how the clients' mobile devices should be dealt with and authenticated in the blockchain network in order to avoid impersonation. Objective: The aim of the study was to design and validate an mHealth system that enables the compatibility of the security and scalability of the medical data using blockchain technology. Methods: We designed an mHealth system that sends medical data to the blockchain network via relay servers. The architecture provides scalability and convenience of operation of the system. In order to ensure the reliability of the data from clients' mobile devices, hash values with chain structure (client hashchain) were calculated in the clients' devices and the results were registered on the blockchain network. Results: The system was applied and deployed in mHealth for insomnia treatment. Clinical trials for mHealth were conducted with insomnia patients. Medical data of the recruited patients were successfully registered with the blockchain network via relay servers along with the hashchain calculated on the clients' mobile devices. The correctness of the data was validated by identifying illegal data, which were made by simulating fraudulent access. Conclusions: Our proposed mHealth system, blockchain combined with client hashchain, ensures compatibility of security and scalability in the data management of mHealth medical practice. Trial Registration: UMIN Clinical Trials Registry UMIN000032951; https://upload.umin.ac.jp/cgi-open- bin/ctr_e/ctr_view.cgi?recptno=R000037564 (Archived by WebCite at http://www.webcitation.org/78HP5iFIw) %M 31099337 %R 10.2196/13385 %U http://www.jmir.org/2019/5/e13385/ %U https://doi.org/10.2196/13385 %U http://www.ncbi.nlm.nih.gov/pubmed/31099337 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 7 %N 4 %P e11223 %T Barriers to and Facilitators of the Use of Mobile Health Apps From a Security Perspective: Mixed-Methods Study %A Zhou,Leming %A Bao,Jie %A Watzlaf,Valerie %A Parmanto,Bambang %+ Department of Health Information Management, University of Pittsburgh, 6021 Forbes Tower, 3600 Forbes Ave at Meyran Ave, Pittsburgh, PA, 15260, United States, 1 412 383 6653, lmzhou@gmail.com %K confidentiality %K privacy %K mobile apps %K questionnaire %D 2019 %7 16.04.2019 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: A large number of mobile health (mHealth) apps have been created to help users to manage their health or receive health care services. Many of these mHealth apps have proven to be helpful for maintaining or improving their users’ health. However, many people still choose not to use mHealth apps or only use them for a short period. One of the reasons behind this lack of use is the concern for their health information security and privacy. Objective: The goal of this study was to determine the relationship between users’ characteristics and their security and privacy concerns and to identify desired security features in mHealth apps, which could reduce these concerns. Methods: A questionnaire was designed and validated by the research team. This questionnaire was then used to determine mobile app users’ security and privacy concerns regarding personal health data in mHealth apps as well as the security features most users’ desire. A semistructured interview was used to identify barriers to and facilitators of adopting mHealth apps. Results: In total, 117 randomly selected study participants from a large pool took part in this study and provided responses to the validated questionnaire and the semistructured interview questions. The results indicate that most study participants did have concerns about their privacy when using mHealth apps. They also expressed their preferences regarding several security features in mHealth apps, such as regular password updates, remote wipe, user consent, and access control. An association between their demographic characteristics and their concerns and preferences in security and privacy was identified; however, in most cases, the differences among the different demographic groups were not statistically significant, except for a few very specific aspects. These study participants also indicated that the cost of apps and lack of security features in mHealth apps were barriers for adoption, whereas having free apps, strong but easy-to-use security features, and clear user protection privacy policies might encourage them to use mHealth apps in their health management. Conclusions: This questionnaire and interview study verified the security and privacy concerns of mHealth app users, identified the desired security and privacy features, and determined specific barriers to and facilitators of users adopting mHealth apps. The results can be used to guide mHealth app developers to create apps that would be welcomed by users. %M 30990458 %R 10.2196/11223 %U http://mhealth.jmir.org/2019/4/e11223/ %U https://doi.org/10.2196/11223 %U http://www.ncbi.nlm.nih.gov/pubmed/30990458 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 7 %N 4 %P e12578 %T The Role of Data Type and Recipient in Individuals’ Perspectives on Sharing Passively Collected Smartphone Data for Mental Health: Cross-Sectional Questionnaire Study %A Nicholas,Jennifer %A Shilton,Katie %A Schueller,Stephen M %A Gray,Elizabeth L %A Kwasny,Mary J %A Mohr,David C %+ Center for Behavioral Intervention Technologies, Department of Preventive Medicine, Feinberg School of Medicine, Northwestern University, 750 N Lake Shore Drive, 10th Floor, CBITs, Chicago, IL, 60611, United States, 1 3125034156, j.nicholas@northwestern.edu %K mHealth %K privacy %K personal sensing %K digital mental health %K depression %K anxiety %K mobile phone %D 2019 %7 05.04.2019 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: The growing field of personal sensing harnesses sensor data collected from individuals’ smartphones to understand their behaviors and experiences. Such data could be a powerful tool within mental health care. However, it is important to note that the nature of these data differs from the information usually available to, or discussed with, health care professionals. To design digital mental health tools that are acceptable to users, understanding how personal sensing data can be used and shared is critical. Objective: This study aimed to investigate individuals’ perspectives about sharing different types of sensor data beyond the research context, specifically with doctors, electronic health record (EHR) systems, and family members. Methods: A questionnaire assessed participants’ comfort with sharing six types of sensed data: physical activity, mood, sleep, communication logs, location, and social activity. Participants were asked about their comfort with sharing these data with three different recipients: doctors, EHR systems, and family members. A series of principal component analyses (one for each data recipient) was performed to identify clusters of sensor data types according to participants’ comfort with sharing them. Relationships between recipients and sensor clusters were then explored using generalized estimating equation logistic regression models. Results: A total of 211 participants completed the questionnaire. The majority were female (171/211, 81.0%), and the mean age was 38 years (SD 10.32). Principal component analyses consistently identified two clusters of sensed data across the three data recipients: “health information,” including sleep, mood, and physical activity, and “personal data,” including communication logs, location, and social activity. Overall, participants were significantly more comfortable sharing any type of sensed data with their doctor than with the EHR system or family members (P<.001) and more comfortable sharing “health information” than “personal data” (P<.001). Participant characteristics such as age or presence of depression or anxiety did not influence participants’ comfort with sharing sensed data. Conclusions: The comfort level in sharing sensed data was dependent on both data type and recipient, but not individual characteristics. Given the identified differences in comfort with sensed data sharing, contextual factors of data type and recipient appear to be critically important as we design systems that harness sensor data for mental health treatment and support. %M 30950799 %R 10.2196/12578 %U http://mhealth.jmir.org/2019/4/e12578/ %U https://doi.org/10.2196/12578 %U http://www.ncbi.nlm.nih.gov/pubmed/30950799 %0 Journal Article %@ 2291-9694 %I JMIR Publications %V 7 %N 1 %P e11211 %T European Hospitals’ Transition Toward Fully Electronic-Based Systems: Do Information Technology Security and Privacy Practices Follow? %A Uwizeyemungu,Sylvestre %A Poba-Nzaou,Placide %A Cantinotti,Michael %+ Accounting Department, Université du Québec à Trois-Rivières, 3351 Boul. des Forges, Trois-Rivières, QC, G9A 5H7, Canada, 1 819 376 5011 ext 3164, sylvestre.uwizeyemungu@uqtr.ca %K health information technology %K data security %K patient data privacy %K health services %K electronic health records %D 2019 %7 25.03.2019 %9 Original Paper %J JMIR Med Inform %G English %X Background: Traditionally, health information has been mainly kept in paper-based records. This has deeply changed throughout approximately the last three decades with the widespread use of multiple health information technologies. The digitization of health care systems contributes to improving health care delivery. However, it also exposes health records to security and privacy breaches inherently related to information technology (IT). Thus, health care organizations willing to leverage IT for improved health care delivery need to put in place IT security and privacy measures consistent with their use of IT resources. Objective: In this study, 2 main objectives are pursued: (1) to assess the state of the implementation of IT security and privacy practices in European hospitals and (2) to assess to what extent these hospitals enhance their IT security and privacy practices as they move from paper-based systems toward fully electronic-based systems. Methods: Drawing on data from the European Commission electronic health survey, we performed a cluster analysis based on IT security and privacy practices implemented in 1723 European hospitals. We also developed an IT security index, a compounded measure of implemented IT security and privacy practices, and compared it with the hospitals’ level in their transition from a paper-based system toward a fully electronic-based system. Results: A total of 3 clearly distinct patterns of health IT–related security and privacy practices were unveiled. These patterns, as well as the IT security index, indicate that most of the sampled hospitals (70.2%) failed to implement basic security and privacy measures consistent with their digitization level. Conclusions: Even though, on average, the most electronically advanced hospitals display a higher IT security index than hospitals where the paper system still dominates, surprisingly, it appears that the enhancement of IT security and privacy practices as the health information digitization advances in European hospitals is neither systematic nor strong enough regarding the IT-security requirements. This study will contribute to raising awareness among hospitals’ managers as to the importance of enhancing their IT security and privacy measures so that they can keep up with the security threats inherently related to the digitization of health care organizations. %M 30907732 %R 10.2196/11211 %U http://medinform.jmir.org/2019/1/e11211/ %U https://doi.org/10.2196/11211 %U http://www.ncbi.nlm.nih.gov/pubmed/30907732 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 7 %N 3 %P e11969 %T Toward an Ethically Founded Framework for the Use of Mobile Phone Call Detail Records in Health Research %A Jones,Kerina Helen %A Daniels,Helen %A Heys,Sharon %A Ford,David Vincent %+ Population Data Science, Swansea University Medical School, Swansea University, Singleton Park, Swansea, SA2 8PP, United Kingdom, 44 01792 602764, k.h.jones@swansea.ac.uk %K mobile phone data %K ethical framework %D 2019 %7 22.03.2019 %9 Viewpoint %J JMIR Mhealth Uhealth %G English %X Data derived from the plethora of networked digital devices hold great potential for public benefit. Among these, mobile phone call detail records (CDRs) present novel opportunities for research and are being used in a variety of health geography studies. Research suggests that the public is amenable to the use of anonymized CDRs for research; however, further work is needed to show that such data can be used appropriately. This study works toward an ethically founded data governance framework with social acceptability. Using a multifaceted approach, this study draws upon data governance arrangements in published health research using CDRs, with a consideration of public views and the public’s information expectations from mobile network operators, and data use scenarios of CDRs in health research. The findings were considered against a backdrop of legislative and regulatory requirements. CDRs can be used at various levels of data and geographic granularity and may be integrated with additional, publicly available or restricted datasets. As such, there may be a significant risk of identity disclosure, which must be mitigated with proportionate control measures. An indicative relative risk of the disclosure model is proposed to aid this process. Subsequently, a set of recommendations is presented, including the need for greater transparency, accountability, and incorporation of public views for social acceptability. This study addresses the need for greater clarity and consistency in data governance for CDRs in health research. While recognizing the need to protect commercial interests, we propose that these recommendations be used to contribute toward an ethically founded practical framework to promote the safe, socially acceptable use of CDR data for public benefit. This pattern needs to be repeated for the appropriate use of new and emerging data types from other networking devices and the wider internet of things. %M 30900996 %R 10.2196/11969 %U http://mhealth.jmir.org/2019/3/e11969/ %U https://doi.org/10.2196/11969 %U http://www.ncbi.nlm.nih.gov/pubmed/30900996 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 7 %N 3 %P e11642 %T Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats %A Iwaya,Leonardo Horn %A Fischer-Hübner,Simone %A Åhlfeldt,Rose-Mharie %A Martucci,Leonardo A %+ Privacy and Security (PriSec), Department of Mathematics and Computer Science, Karlstad University, Universitetsgatan 2, Karlstad, 651 88, Sweden, 46 709225016, leonardo.horn.iwaya@hotmail.com %K mobile health %K mHealth %K data security %K privacy %K data protection %K privacy impact assessment %K public health %D 2019 %7 20.03.2019 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Community-based primary care focuses on health promotion, awareness raising, and illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs, helping to bridge the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth apps, known as mHealth Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal health data of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection. Objective: In this paper, a Privacy Impact Assessment (PIA) for MDCSs is presented, providing a systematic identification and evaluation of potential privacy risks, particularly emphasizing controls and mitigation strategies to handle negative privacy impacts. Methods: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy, the Brazilian program for delivering community-based primary care. All the PIA steps were taken on the basis of discussions among the researchers (privacy and security experts). The identification of threats and controls was decided particularly on the basis of literature reviews and working group meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs in Brazil. Results: The GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation. Associated with that, 22 threat groups with a total of 97 subthreats and 41 recommended controls were identified. Among the main findings, we observed that privacy principles can be enhanced on existing MDCSs with controls for managing consent, transparency, intervenability, and data minimization. Conclusions: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new and upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions. %M 30892275 %R 10.2196/11642 %U http://mhealth.jmir.org/2019/3/e11642/ %U https://doi.org/10.2196/11642 %U http://www.ncbi.nlm.nih.gov/pubmed/30892275 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 21 %N 3 %P e12568 %T The Case for a Hippocratic Oath for Connected Medical Devices: Viewpoint %A Woods,Beau %A Coravos,Andrea %A Corman,Joshua David %+ Elektra Labs, Harvard Innovation Labs, 125 Western Ave, Boston, MA, 02163, United States, 1 9788421240, andrea@elektralabs.com %K ethics %K cybersecurity %K information technology %K delivery of health care %K connected devices %D 2019 %7 19.03.2019 %9 Viewpoint %J J Med Internet Res %G English %X Prior to graduating from medical school, soon-to-be physicians take the Hippocratic Oath, a symbolic declaration to provide care in the best interest of patients. As the medical community increasingly deploys connected devices to deliver patient care, a critical question emerges: should the manufacturers and adopters of these connected technologies be governed by the symbolic spirit of the Hippocratic Oath? In 2016, I Am The Cavalry, a grassroots initiative from the cybersecurity research community, published the first Hippocratic Oath for Connected Medical Devices (HOCMD), containing 5 principles. Over the past three years, the HOCMD has gained broad support and influenced regulatory policy. We introduce 5 case studies of the HOCMD in practice, illustrating how the 5 principles can lead to a safer and more effective adoption of connected medical technologies. %M 30888323 %R 10.2196/12568 %U http://www.jmir.org/2019/3/e12568/ %U https://doi.org/10.2196/12568 %U http://www.ncbi.nlm.nih.gov/pubmed/30888323 %0 Journal Article %@ 1438-8871 %I JMIR Publications %V 21 %N 1 %P e9818 %T Server-Focused Security Assessment of Mobile Health Apps for Popular Mobile Platforms %A Müthing,Jannis %A Brüngel,Raphael %A Friedrich,Christoph M %+ University of Applied Sciences and Arts Dortmund, Department of Computer Science, Emil-Figge-Straße 42, Dortmund, 44227, Germany, 49 231 9112 ext 6796, christoph.friedrich@fh-dortmund.de %K mobile health %K mobile apps %K data security %K computer security %K confidentiality %K health information technology %K servers %K data protection %D 2019 %7 23.01.2019 %9 Original Paper %J J Med Internet Res %G English %X Background: The importance of mobile health (mHealth) apps is growing. Independent of the technologies used, mHealth apps bring more functionality into the hands of users. In the health context, mHealth apps play an important role in providing information and services to patients, offering health care professionals ways to monitor vital parameters or consult patients remotely. The importance of confidentiality in health care and the opaqueness of transport security in apps make the latter an important research subject. Objective: This study aimed to (1) identify relevant security concerns on the server side of mHealth apps, (2) test a subset of mHealth apps regarding their vulnerability to those concerns, and (3) compare the servers used by mHealth apps with servers used in all domains. Methods: Server security characteristics relevant to the security of mHealth apps were assessed, presented, and discussed. To evaluate servers, appropriate tools were selected. Apps from the Android and iOS app stores were selected and tested, and the results for functional and other backend servers were evaluated. Results: The 60 apps tested communicate with 823 servers. Of these, 291 were categorized as functional backend servers, and 44 (44/291, 15.1%) of these received a rating below the A range (A+, A, and A−) by Qualys SSL Labs. A chi-square test was conducted against the number of servers receiving such ratings from SSL Pulse by Qualys SSL Labs. It was found that the tested servers from mHealth apps received significantly fewer ratings below the A range (P<.001). The internationally available apps from the test set performed significantly better than those only available in the German stores (alpha=.05; P=.03). Of the 60 apps, 28 (28/60, 47%) were found using at least one functional backend server that received a rating below the A range from Qualys SSL Labs, endangering confidentiality, authenticity, and integrity of the data displayed. The number of apps that used at least one entirely unsecured connection was 20 (20/60, 33%) when communicating with functional backend servers. It was also found that a majority of apps used advertising, tracking, or external content provider servers. When looking at all nonfunctional backend servers, 48 (48/60, 80%) apps used at least one server that received a rating below the A range. Conclusions: The results show that although servers in the mHealth domain perform significantly better regarding their security, there are still problems with the configuration of some. The most severe problems observed can expose patient communication with health care professionals, be exploited to display false or harmful information, or used to send data to an app facilitating further damage on the device. Following the recommendations for mHealth app developers, the most regularly observed security issues can be avoided or mitigated. %M 30672738 %R 10.2196/jmir.9818 %U https://www.jmir.org/2019/1/e9818/ %U https://doi.org/10.2196/jmir.9818 %U http://www.ncbi.nlm.nih.gov/pubmed/30672738 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 7 %N 1 %P e11730 %T Public Views on Using Mobile Phone Call Detail Records in Health Research: Qualitative Study %A Jones,Kerina Helen %A Daniels,Helen %A Heys,Sharon %A Ford,David Vincent %+ Population Data Science, School of Medicine, Swansea University, , Swansea,, United Kingdom, 44 1792602764, k.h.jones@swansea.ac.uk %K qualitative research %K mobile phone use %D 2019 %7 16.01.2019 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Mobile phone call detail records (CDRs) are increasingly being used in health research. The location element in CDRs is used in various health geographic studies, for example, to track population movement and infectious disease transmission. Vast volumes of CDRs are held by multinational organizations, which may make them available for research under various data governance regimes. However, there is an identified lack of public engagement on using CDRs for health research to contribute to an ethically founded framework. Objective: This study aimed to explore public views on the use of call detail records in health research. Methods: Views on using CDRs in health research were gained via a series of three public workshops (N=61) informed by a pilot workshop of 25 people. The workshops included an initial questionnaire to gauge participants’ prior views, discussion on health research using CDRs, and a final questionnaire to record workshop outcome views. The resulting data were analyzed for frequencies and emerging themes. Results: At the outset, most participants (66%, 40/61) knew that location data were collected by operators, but only 3% (2/61) knew they were being used for health research. Initially, the majority of the participants (62%, 38/61) was content for their anonymous CDRs to be used, and this increased (80%, 49/61) after the discussion explained that safeguards were in place. Participants highlighted that terms and conditions should be clearer, as should information to phone users on data collection, privacy safeguards, sharing, and uses in research. Conclusions: This is the first known study exploring public views of using mobile phone CDRs in health research. It revealed a lack of knowledge among the public on uses of CDRs and indicated that people are generally amenable to the use of anonymized data for research, but they want to be properly informed and safeguarded. We recommend that public views be incorporated into an ethically founded framework for the use of CDRs in health research to promote awareness and social acceptability in data use. %M 30664467 %R 10.2196/11730 %U https://mhealth.jmir.org/2019/1/e11730/ %U https://doi.org/10.2196/11730 %U http://www.ncbi.nlm.nih.gov/pubmed/30664467 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 6 %N 12 %P e201 %T Technology Adoption, Motivational Aspects, and Privacy Concerns of Wearables in the German Running Community: Field Study %A Wiesner,Martin %A Zowalla,Richard %A Suleder,Julian %A Westers,Maximilian %A Pobiruchin,Monika %+ Department of Medical Informatics, Heilbronn University, Max-Planck-Straße 39, Heilbronn, D-74081, Germany, 49 71315046947, martin.wiesner@hs-heilbronn.de %K athlete %K wearables %K mobile phones %K physical activity %K activity monitoring %D 2018 %7 14.12.2018 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Despite the availability of a great variety of consumer-oriented wearable devices, perceived usefulness, user satisfaction, and privacy concerns have not been fully investigated in the field of wearable applications. It is not clear why healthy, active citizens equip themselves with wearable technology for running activities, and what privacy and data sharing features might influence their individual decisions. Objective: The primary aim of the study was to shed light on motivational and privacy aspects of wearable technology used by healthy, active citizens. A secondary aim was to reevaluate smart technology adoption within the running community in Germany in 2017 and to compare it with the results of other studies and our own study from 2016. Methods: A questionnaire was designed to assess what wearable technology is used by runners of different ages and sex. Data on motivational factors were also collected. The survey was conducted at a regional road race event in May 2017, paperless via a self-implemented app. The demographic parameters of the sample cohort were compared with the event’s official starter list. In addition, the validation included comparison with demographic parameters of the largest German running events in Berlin, Hamburg, and Frankfurt/Main. Binary logistic regression analysis was used to investigate whether age, sex, or course distance were associated with device use. The same method was applied to analyze whether a runner’s age was predictive of privacy concerns, openness to voluntary data sharing, and level of trust in one’s own body for runners not using wearables (ie, technological assistance considered unnecessary in this group). Results: A total of 845 questionnaires were collected. Use of technology for activity monitoring during events or training was prevalent (73.0%, 617/845) in this group. Male long-distance runners and runners in younger age groups (30-39 years: odds ratio [OR] 2.357, 95% CI 1.378-4.115; 40-49 years: OR 1.485, 95% CI 0.920-2.403) were more likely to use tracking devices, with ages 16 to 29 years as the reference group (OR 1). Where wearable technology was used, 42.0% (259/617) stated that they were not concerned if data might be shared by a device vendor without their consent. By contrast, 35.0% (216/617) of the participants would not accept this. In the case of voluntary sharing, runners preferred to exchange tracked data with friends (51.7%, 319/617), family members (43.4%, 268/617), or a physician (32.3%, 199/617). A large proportion (68.0%, 155/228) of runners not using technology stated that they preferred to trust what their own body was telling them rather than trust a device or an app (50-59 years: P<.001; 60-69 years: P=.008). Conclusions: A total of 136 distinct devices by 23 vendors or manufacturers and 17 running apps were identified. Out of 4, 3 runners (76.8%, 474/617) always trusted in the data tracked by their personal device. Data privacy concerns do, however, exist in the German running community, especially for older age groups (30-39 years: OR 1.041, 95% CI 0.371-0.905; 40-49 years: OR 1.421, 95% CI 0.813-2.506; 50-59 years: OR 2.076, 95% CI 1.813-3.686; 60-69 years: OR 2.394, 95% CI 0.957-6.183). %M 30552085 %R 10.2196/mhealth.9623 %U http://mhealth.jmir.org/2018/12/e201/ %U https://doi.org/10.2196/mhealth.9623 %U http://www.ncbi.nlm.nih.gov/pubmed/30552085 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 6 %N 12 %P e11210 %T A Mobile App for Assisting Users to Make Informed Selections in Security Settings for Protecting Personal Health Data: Development and Feasibility Study %A Zhou,Leming %A Parmanto,Bambang %A Alfikri,Zakiy %A Bao,Jie %+ Department of Health Information Management, University of Pittsburgh, 6021 Forbes Tower, 3600 Forbes Avenue, Pittsburgh, PA, 15260, United States, 1 412 383 6653, lmzhou@gmail.com %K data security %K mobile app %K education %K feasibility studies %D 2018 %7 11.12.2018 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: On many websites and mobile apps for personal health data collection and management, there are security features and privacy policies available for users. Users sometimes are given an opportunity to make selections in a security setting page; however, it is challenging to make informed selections in these settings for users who do not have much education in information security as they may not precisely know the meaning of certain terms mentioned in the privacy policy or understand the consequences of their selections in the security and privacy settings. Objective: The aim of this study was to demonstrate several commonly used security features such as encryption, user authentication, and access control in a mobile app and to determine whether this brief security education is effective in encouraging users to choose stronger security measures to protect their personal health data. Methods: A mobile app named SecSim (Security Simulator) was created to demonstrate the consequences of choosing different options in security settings. A group of study participants was recruited to conduct the study. These participants were asked to make selections in the security settings before and after they viewed the consequences of security features. At the end of the study, a brief interview was conducted to determine the reason for their selections in the security settings. Their selections before and after the security education were compared in order to determine the effectiveness of the security education. The usability of the app was also evaluated. Results: In total, 66 participants finished the study and provided their answers in the app and during a brief interview. The comparison between the pre- and postsecurity education selection in security settings indicated that 21% (14/66) to 32% (21/66) participants chose a stronger security measure in text encryption, access control, and image encryption; 0% (0/66) to 2% (1/66) participants chose a weaker measure in these 3 security features; and the remainder kept their original selections. Several demographic characteristics such as marital status, years of experience using mobile devices, income, employment, and health status showed an impact on the setting changes. The usability of the app was good. Conclusions: The study results indicate that a significant percentage of users (21%-32%) need guidance to make informed selection in security settings. If websites and mobile apps can provide embedded security education for users to understand the consequences of their security feature selection and the meaning of commonly used security features, it may help users to make the best choices in terms of security settings. Our mobile app, SecSim, offers a unique approach for mobile app users to understand commonly used security features. This app may be incorporated into other apps or be used before users make selections in their security settings. %M 30538088 %R 10.2196/11210 %U https://mhealth.jmir.org/2018/12/e11210/ %U https://doi.org/10.2196/11210 %U http://www.ncbi.nlm.nih.gov/pubmed/30538088 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 6 %N 10 %P e185 %T Assessing the Privacy of mHealth Apps for Self-Tracking: Heuristic Evaluation Approach %A Hutton,Luke %A Price,Blaine A %A Kelly,Ryan %A McCormick,Ciaran %A Bandara,Arosha K %A Hatzakis,Tally %A Meadows,Maureen %A Nuseibeh,Bashar %+ Software Engineering and Design Group, School of Computing and Communications, The Open University, Jenny Lee Building, Milton Keynes, MK7 6AA, United Kingdom, 44 1908653701, b.a.price@open.ac.uk %K privacy %K usable security and privacy %K mHealth apps %K mobile phone %D 2018 %7 22.10.2018 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: The recent proliferation of self-tracking technologies has allowed individuals to generate significant quantities of data about their lifestyle. These data can be used to support health interventions and monitor outcomes. However, these data are often stored and processed by vendors who have commercial motivations, and thus, they may not be treated with the sensitivity with which other medical data are treated. As sensors and apps that enable self-tracking continue to become more sophisticated, the privacy implications become more severe in turn. However, methods for systematically identifying privacy issues in such apps are currently lacking. Objective: The objective of our study was to understand how current mass-market apps perform with respect to privacy. We did this by introducing a set of heuristics for evaluating privacy characteristics of self-tracking services. Methods: Using our heuristics, we conducted an analysis of 64 popular self-tracking services to determine the extent to which the services satisfy various dimensions of privacy. We then used descriptive statistics and statistical models to explore whether any particular categories of an app perform better than others in terms of privacy. Results: We found that the majority of services examined failed to provide users with full access to their own data, did not acquire sufficient consent for the use of the data, or inadequately extended controls over disclosures to third parties. Furthermore, the type of app, in terms of the category of data collected, was not a useful predictor of its privacy. However, we found that apps that collected health-related data (eg, exercise and weight) performed worse for privacy than those designed for other types of self-tracking. Conclusions: Our study draws attention to the poor performance of current self-tracking technologies in terms of privacy, motivating the need for standards that can ensure that future self-tracking apps are stronger with respect to upholding users’ privacy. Our heuristic evaluation method supports the retrospective evaluation of privacy in self-tracking apps and can be used as a prescriptive framework to achieve privacy-by-design in future apps. %M 30348623 %R 10.2196/mhealth.9217 %U http://mhealth.jmir.org/2018/10/e185/ %U https://doi.org/10.2196/mhealth.9217 %U http://www.ncbi.nlm.nih.gov/pubmed/30348623 %0 Journal Article %@ 2368-7959 %I JMIR Publications %V 5 %N 3 %P e56 %T Patient Willingness to Consent to Mobile Phone Data Collection for Mental Health Apps: Structured Questionnaire %A Di Matteo,Daniel %A Fine,Alexa %A Fotinos,Kathryn %A Rose,Jonathan %A Katzman,Martin %+ The Centre for Automation of Medicine, The Edward S Rogers Sr Department of Electrical and Computer Engineering, University of Toronto, DL Pratt Building, 6 King's College Road, Toronto, ON,, Canada, 1 416 978 6992, dandm@ece.utoronto.ca %K passive sensing %K mobile phone sensing %K psychiatric assessment %K mood and anxiety disorders %K digital privacy %K mobile apps %K mobile phone %K consent %D 2018 %7 29.08.2018 %9 Original Paper %J JMIR Ment Health %G English %X Background: It has become possible to use data from a patient’s mobile phone as an adjunct or alternative to the traditional self-report and interview methods of symptom assessment in psychiatry. Mobile data–based assessment is possible because of the large amounts of diverse information available from a modern mobile phone, including geolocation, screen activity, physical motion, and communication activity. This data may offer much more fine-grained insight into mental state than traditional methods, and so we are motivated to pursue research in this direction. However, passive data retrieval could be an unwelcome invasion of privacy, and some may not consent to such observation. It is therefore important to measure patients’ willingness to consent to such observation if this approach is to be considered for general use. Objective: The aim of this study was to measure the ownership rates of mobile phones within the patient population, measure the patient population’s willingness to have their mobile phone used as an experimental assessment tool for their mental health disorder, and, finally, to determine how likely patients would be to provide consent for each individual source of mobile phone–collectible data across the variety of potential data sources. Methods: New patients referred to a tertiary care mood and anxiety disorder clinic from August 2016 to October 2017 completed a survey designed to measure their mobile phone ownership, use, and willingness to install a mental health monitoring app and provide relevant data through the app. Results: Of the 82 respondents, 70 (85%) reported owning an internet-connected mobile phone. When asked about installing a hypothetical mobile phone app to assess their mental health disorder, 41% (33/80) responded with complete willingness to install with another 43% (34/80) indicating potential willingness to install such an app. Willingness to give permissions for specific types of data varied by data source, with respondents least willing to consent to audio recording and analysis (19% [15/80] willing respondents, 31% [25/80] potentially willing) and most willing to consent to observation of the mobile phone screen being on or off (46% [36/79] willing respondents and 23% [18/79] potentially willing). Conclusions: The patients surveyed had a high incidence of ownership of internet-connected mobile phones, which suggests some plausibility for the general approach of mental health state inference through mobile phone data. Patients were also relatively willing to consent to data collection from sources that were less personal but expressed less willingness for the most personal communication and location data. %M 30158102 %R 10.2196/mental.9539 %U http://mental.jmir.org/2018/3/e56/ %U https://doi.org/10.2196/mental.9539 %U http://www.ncbi.nlm.nih.gov/pubmed/30158102 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 6 %N 7 %P e158 %T The Complexity of Mental Health App Privacy Policies: A Potential Barrier to Privacy %A Powell,Adam C %A Singh,Preeti %A Torous,John %+ Payer+Provider Syndicate, 111 Beach Street Suite 4e, Boston, MA 02111, United States, 1 617 939 9168, powell@payerprovider.com %K apps %K privacy %K ethics %K mobile phone %D 2018 %7 30.7.2018 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: In 2017, the Supreme Court of India ruled that privacy is a fundamental right of every citizen. Although mobile phone apps have the potential to help people with noncommunicable diseases, such as diabetes and mental illness, they often contain complex privacy policies, which consumers may not understand. This complexity may impede the ability of consumers to make decisions regarding privacy, a critical issue due to the stigma of mental illness. Objective: Our objective is to determine whether mental health apps have more complex privacy policies than diabetes apps. Methods: The study used privacy policies extracted from apps. The apps pertained to diabetes or mental health, and were all of Indian origin. Privacy policy reading complexity was compared between the two types of apps using a series of 15 readability measures. The universe of applicable apps on the Google Play store, as viewed between May and June 2017, was considered. The measures of readability were compared using chi-square tests. Results: No significant difference was found between the privacy policy readability of the diabetes apps versus the mental health apps for each of the measures considered. The mean Flesch-Kincaid Grade Level was 13.9 for diabetes apps and 13.6 for mental health apps; therefore, the mean policy grade level for both types of apps was written at a college level. Privacy policies in the 25th percentile of complexity were also written at a college level for both types of apps. Conclusions: Privacy policy complexity may be a barrier for informed decision making. %M 30061090 %R 10.2196/mhealth.9871 %U http://mhealth.jmir.org/2018/7/e158/ %U https://doi.org/10.2196/mhealth.9871 %U http://www.ncbi.nlm.nih.gov/pubmed/30061090 %0 Journal Article %@ 1929-0748 %I JMIR Publications %V 7 %N 6 %P e158 %T Workshop on Emerging Technology and Data Analytics for Behavioral Health %A Kotz,David %A Lord,Sarah E %A O'Malley,A James %A Stark,Luke %A Marsch,Lisa A %+ Department of Computer Science, Dartmouth College, 6211 Sudikoff, Hanover, NH, 03755, United States, 1 603 646 1439, David.F.Kotz@dartmouth.edu %K behavioral health %K mobile technology %K wearable devices %K data analytics %K mHealth %D 2018 %7 20.06.2018 %9 Viewpoint %J JMIR Res Protoc %G English %X Wearable and portable digital devices can support self-monitoring for patients with chronic medical conditions, individuals seeking to reduce stress, and people seeking to modify health-related behaviors such as substance use or overeating. The resulting data may be used directly by a consumer, or shared with a clinician for treatment, a caregiver for assistance, or a health coach for support. The data can also be used by researchers to develop and evaluate just-in-time interventions that leverage mobile technology to help individuals manage their symptoms and behavior in real time and as needed. Such wearable systems have huge potential for promoting delivery of anywhere-anytime health care, improving public health, and enhancing the quality of life for many people. The Center for Technology and Behavioral Health at Dartmouth College, a P30 “Center of Excellence” supported by the National Institute on Drug Abuse at the National Institutes of Health, conducted a workshop in February 2017 on innovations in emerging technology, user-centered design, and data analytics for behavioral health, with presentations by a diverse range of experts in the field. The workshop focused on wearable and mobile technologies being used in clinical and research contexts, with an emphasis on applications in mental health, addiction, and health behavior change. In this paper, we summarize the workshop panels on mobile sensing, user experience design, statistics and machine learning, and privacy and security, and conclude with suggested research directions for this important and emerging field of applying digital approaches to behavioral health. Workshop insights yielded four key directions for future research: (1) a need for behavioral health researchers to work iteratively with experts in emerging technology and data analytics, (2) a need for research into optimal user-interface design for behavioral health technologies, (3) a need for privacy-oriented design from the beginning of a novel technology, and (4) the need to develop new analytical methods that can scale to thousands of individuals and billions of data points. %M 29925493 %R 10.2196/resprot.9589 %U http://www.researchprotocols.org/2018/6/e158/ %U https://doi.org/10.2196/resprot.9589 %U http://www.ncbi.nlm.nih.gov/pubmed/29925493 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 6 %N 3 %P e53 %T Quality of Publicly Available Physical Activity Apps: Review and Content Analysis %A Bondaronek,Paulina %A Alkhaldi,Ghadah %A Slee,April %A Hamilton,Fiona L %A Murray,Elizabeth %+ eHealth Unit, Research Department of Primary Care and Population Health, University College London, Upper 3rd Floor, Royal Free Hospital, Rowland Hill Street, London, NW3 2PF, United Kingdom, 44 20 3002 878, p.bondaronek@ucl.ac.uk %K exercise %K health behavior %K mobile applications %K health promotion %K mHealth %K eHealth review %D 2018 %7 21.03.2018 %9 Review %J JMIR Mhealth Uhealth %G English %X Background: Within the new digital health landscape, the rise of health apps creates novel prospects for health promotion. The market is saturated with apps that aim to increase physical activity (PA). Despite the wide distribution and popularity of PA apps, there are limited data on their effectiveness, user experience, and safety of personal data. Objective: The purpose of this review and content analysis was to evaluate the quality of the most popular PA apps on the market using health care quality indicators. Methods: The top-ranked 400 free and paid apps from iTunes and Google Play stores were screened. Apps were included if the primary behavior targeted was PA, targeted users were adults, and the apps had stand-alone functionality. The apps were downloaded on mobile phones and assessed by 2 reviewers against the following quality assessment criteria: (1) users’ data privacy and security, (2) presence of behavior change techniques (BCTs) and quality of the development and evaluation processes, and (3) user ratings and usability. Results: Out of 400 apps, 156 met the inclusion criteria, of which 65 apps were randomly selected to be downloaded and assessed. Almost 30% apps (19/65) did not have privacy policy. Every app contained at least one BCT, with an average number of 7 and a maximum of 13 BCTs. All but one app had commercial affiliation, 12 consulted an expert, and none reported involving users in the app development. Only 12 of 65 apps had a peer-reviewed study connected to the app. User ratings were high, with only a quarter of the ratings falling below 4 stars. The median usability score was excellent—86.3 out of 100. Conclusions: Despite the popularity of PA apps available on the commercial market, there were substantial shortcomings in the areas of data safety and likelihood of effectiveness of the apps assessed. The limited quality of the apps may represent a missed opportunity for PA promotion. %M 29563080 %R 10.2196/mhealth.9069 %U http://mhealth.jmir.org/2018/3/e53/ %U https://doi.org/10.2196/mhealth.9069 %U http://www.ncbi.nlm.nih.gov/pubmed/29563080 %0 Journal Article %@ 2291-9694 %I JMIR Publications %V 6 %N 1 %P e14 %T Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation %A Sadat,Md Nazmus %A Jiang,Xiaoqian %A Aziz,Md Momin Al %A Wang,Shuang %A Mohammed,Noman %+ Department of Computer Science, University of Manitoba, E2 EITC, Winnipeg, MB, R3T2N2, Canada, 1 858 375 6047, sadat@cs.umanitoba.ca %K privacy-preserving regression analysis %K Intel SGX %K somewhat homomorphic encryption %D 2018 %7 05.03.2018 %9 Original Paper %J JMIR Med Inform %G English %X Background: Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Objective: Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Methods: Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Results: Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. Conclusions: To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. %M 29506966 %R 10.2196/medinform.8286 %U http://medinform.jmir.org/2018/1/e14/ %U https://doi.org/10.2196/medinform.8286 %U http://www.ncbi.nlm.nih.gov/pubmed/29506966 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 6 %N 1 %P e3 %T Privacy Policies for Apps Targeted Toward Youth: Descriptive Analysis of Readability %A Das,Gitanjali %A Cheung,Cynthia %A Nebeker,Camille %A Bietz,Matthew %A Bloss,Cinnamon %+ Department of Psychiatry, University of California San Diego, 9500 Gilman Drive, Atkinson Hall, La Jolla, CA, 92093-0811, United States, 1 858 534 9595, cbloss@ucsd.edu %K privacy %K comprehension %K mobile applications %K adolescent %D 2018 %7 04.01.2018 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Due to the growing availability of consumer information, the protection of personal data is of increasing concern. Objective: We assessed readability metrics of privacy policies for apps that are either available to or targeted toward youth to inform strategies to educate and protect youth from unintentional sharing of personal data. Methods: We reviewed the 1200 highest ranked apps from the Apple and Google Play Stores and systematically selected apps geared toward youth. After applying exclusion criteria, 99 highly ranked apps geared toward minors remained, 64 of which had a privacy policy. We obtained and analyzed these privacy policies using reading grade level (RGL) as a metric. Policies were further compared as a function of app category (free vs paid; entertainment vs social networking vs utility). Results: Analysis of privacy policies for these 64 apps revealed an average RGL of 12.78, which is well above the average reading level (8.0) of adults in the United States. There was also a small but statistically significant difference in word count as a function of app category (entertainment: 2546 words, social networking: 3493 words, and utility: 1038 words; P=.02). Conclusions: Although users must agree to privacy policies to access digital tools and products, readability analyses suggest that these agreements are not comprehensible to most adults, let alone youth. We propose that stakeholders, including pediatricians and other health care professionals, play a role in educating youth and their guardians about the use of Web-based services and potential privacy risks, including the unintentional sharing of personal data. %M 29301737 %R 10.2196/mhealth.7626 %U http://mhealth.jmir.org/2018/1/e3/ %U https://doi.org/10.2196/mhealth.7626 %U http://www.ncbi.nlm.nih.gov/pubmed/29301737 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 5 %N 10 %P e147 %T Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues %A Müthing,Jannis %A Jäschke,Thomas %A Friedrich,Christoph M %+ Department of Computer Science, University of Applied Sciences and Arts Dortmund, Emil-Figge Str. 42, Dortmund, 44227, Germany, 49 231755 ext 6796, christoph.friedrich@fh-dortmund.de %K mobile health %K mobile apps %K data security %K computer security %K confidentiality %K health information technology %D 2017 %7 18.10.2017 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Mobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps. Objective: The objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them. Methods: Security characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested. Results: Out of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy. Conclusions: The tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks, leaving all other traffic vulnerable. %M 29046271 %R 10.2196/mhealth.7791 %U https://mhealth.jmir.org/2017/10/e147/ %U https://doi.org/10.2196/mhealth.7791 %U http://www.ncbi.nlm.nih.gov/pubmed/29046271 %0 Journal Article %@ 2291-5222 %I JMIR Publications %V 5 %N 7 %P e111 %T Tamper-Resistant Mobile Health Using Blockchain Technology %A Ichikawa,Daisuke %A Kashiyama,Makiko %A Ueno,Taro %+ Sustainable Medicine, Inc., Nihonbashi Life Science Bldg 2, 3-11-5, Honcho, Nihonbashi, Chuo-ku, Tokyo, 103-0023, Japan, 81 3 3527 3593, t-ueno@umin.ac.jp %K telemedicine %K electronic health records %K sleep %K cognitive therapy %K computer security %D 2017 %7 26.07.2017 %9 Original Paper %J JMIR Mhealth Uhealth %G English %X Background: Digital health technologies, including telemedicine, mobile health (mHealth), and remote monitoring, are playing a greater role in medical practice. Safe and accurate management of medical information leads to the advancement of digital health, which in turn results in a number of beneficial effects. Furthermore, mHealth can help lower costs by facilitating the delivery of care and connecting people to their health care providers. Mobile apps help empower patients and health care providers to proactively address medical conditions through near real-time monitoring and treatment, regardless of the location of the patient or the health care provider. Additionally, mHealth data are stored in servers, and consequently, data management that prevents all forms of manipulation is crucial for both medical practice and clinical trials. Objective: The aim of this study was to develop and evaluate a tamper-resistant mHealth system using blockchain technology, which enables trusted and auditable computing using a decentralized network. Methods: We developed an mHealth system for cognitive behavioral therapy for insomnia using a smartphone app. The volunteer data collected with the app were stored in JavaScript Object Notation format and sent to the blockchain network. Thereafter, we evaluated the tamper resistance of the data against the inconsistencies caused by artificial faults. Results: Electronic medical records collected using smartphones were successfully sent to a private Hyperledger Fabric blockchain network. We verified the data update process under conditions where all the validating peers were running normally. The mHealth data were successfully updated under network faults. We further ensured that any electronic health record registered to the blockchain network was resistant to tampering and revision. The mHealth data update was compatible with tamper resistance in the blockchain network. Conclusions: Blockchain serves as a tamperproof system for mHealth. Combining mHealth with blockchain technology may provide a novel solution that enables both accessibility and data transparency without a third party such as a contract research organization. %M 28747296 %R 10.2196/mhealth.7938 %U http://mhealth.jmir.org/2017/7/e111/ %U https://doi.org/10.2196/mhealth.7938 %U http://www.ncbi.nlm.nih.gov/pubmed/28747296 %0 Journal Article %@ 2291-9694 %I Gunther Eysenbach %V 4 %N 2 %P e15 %T Facilitating Secure Sharing of Personal Health Data in the Cloud %A Thilakanathan,Danan %A Calvo,Rafael A %A Chen,Shiping %A Nepal,Surya %A Glozier,Nick %+ Software Engineering Lab, School of Electrical and Information Engineering, The University of Sydney, Level 5, Bldg J03 (Electrical Engineering Building), Maze Crescent, Sydney, 2006, Australia, 61 02 9351 8171, Danan.Thilakanathan@sydney.edu.au %K self care %K telemedicine %K privacy %K computer security %K information dissemination %D 2016 %7 27.05.2016 %9 Original Paper %J JMIR Med Inform %G English %X Background: Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. Objective: This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. Methods: We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). Results: We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. Conclusions: We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors. %M 27234691 %R 10.2196/medinform.4756 %U http://medinform.jmir.org/2016/2/e15/ %U https://doi.org/10.2196/medinform.4756 %U http://www.ncbi.nlm.nih.gov/pubmed/27234691 %0 Journal Article %@ 2291-5222 %I JMIR Publications Inc. %V 4 %N 2 %P e50 %T A Mobile App Development Guideline for Hospital Settings: Maximizing the Use of and Minimizing the Security Risks of "Bring Your Own Devices" Policies %A Al Ayubi,Soleh U %A Pelletier,Alexandra %A Sunthara,Gajen %A Gujral,Nitin %A Mittal,Vandna %A Bourgeois,Fabienne C %+ Innovation & Digital Health Accelerator, Boston Children's Hospital, Landmark Center, 7th Floor, 7399.2, 300 Longwood Ave, Boston, MA, 02115, United States, 1 8572183242, soleh.alayubi@childrens.harvard.edu %K BYOD %K guideline %K safeguard %K custom application %K hospital settings %K security %K privacy %K mobile application %K electronic medical records %D 2016 %7 11.05.2016 %9 Original Paper %J JMIR mHealth uHealth %G English %X Background: Hospitals today are introducing new mobile apps to improve patient care and workflow processes. Mobile device adoption by hospitals fits with present day technology behavior; however, requires a deeper look into hospital device policies and the impact on patients, staff, and technology development. Should hospitals spend thousands to millions of dollars to equip all personnel with a mobile device that is only used in a hospital environment? Allowing health care professionals to use personal mobile devices at work, known as bring-your-own-device (BYOD), has the potential to support both the hospital and its employees to deliver effective and efficient care. Objective: The objectives of this research were to create a mobile app development guideline for a BYOD hospital environment, apply the guideline to the development of an in-house mobile app called TaskList, pilot the TaskList app within Boston Children’s Hospital (BCH), and refine the guideline based on the app pilot. TaskList is an Apple operating system (iOS)-based app designed for medical residents to monitor, create, capture, and share daily collaborative tasks associated with patients. Methods: To create the BYOD guidelines, we developed TaskList that required the use of mobile devices among medical resident. The TaskList app was designed in four phases: (1) mobile app guideline development, (2) requirements gathering and developing of TaskList fitting the guideline, (3) deployment of TaskList using BYOD with end-users, and (4) refinement of the guideline based on the TaskList pilot. Phase 1 included understanding the existing hospital BYOD policies and conducting Web searches to find best practices in software development for a BYOD environment. Phase 1 also included gathering subject matter input from the Information Services Department (ISD) at BCH. Phase 2 involved the collaboration between the Innovation Acceleration Program at BCH, the ISD Department and the TaskList Clinical team in understanding what features should be built into the app. Phase 3 involved deployment of TaskList on a clinical floor at BCH. Lastly, Phase 4 gathered the lessons learned from the pilot to refine the guideline. Results: Fourteen practical recommendations were identified to create the BCH Mobile Application Development Guideline to safeguard custom applications in hospital BYOD settings. The recommendations were grouped into four categories: (1) authentication and authorization, (2) data management, (3) safeguarding app environment, and (4) remote enforcement. Following the guideline, the TaskList app was developed and then was piloted with an inpatient ward team. Conclusions: The Mobile Application Development guideline was created and used in the development of TaskList. The guideline is intended for use by developers when addressing integration with hospital information systems, deploying apps in BYOD health care settings, and meeting compliance standards, such as Health Insurance Portability and Accountability Act (HIPAA) regulations. %M 27169345 %R 10.2196/mhealth.4424 %U http://mhealth.jmir.org/2016/2/e50/ %U https://doi.org/10.2196/mhealth.4424 %U http://www.ncbi.nlm.nih.gov/pubmed/27169345 %0 Journal Article %@ 2291-9694 %I Gunther Eysenbach %V 3 %N 4 %P e37 %T Resident Use of Text Messaging for Patient Care: Ease of Use or Breach of Privacy? %A Prochaska,Micah T %A Bird,Amber-Nicole %A Chadaga,Amar %A Arora,Vineet M %+ Section of Hospital Medicine, Department of Medicine, University of Chicago, 5841 South Maryland Avenue, MC 5000, Chicago, IL, 60637, United States, 1 773 702 6988, mprochas@medicine.bsd.uchicago.edu %K in-hospital communication %K SMS text messaging %K mobile technology %D 2015 %7 26.11.2015 %9 Short Paper %J JMIR Med Inform %G English %X Background: Short message service (SMS) text messaging is an efficient form of communication and pervasive in health care, but may not securely protect patient information. It is unclear if resident providers are aware of the security concerns of SMS text messaging when communicating about patient care. Objective: We sought to compare residents’ preferences for SMS text messaging compared with other forms of in-hospital communication when considering security versus ease of use. Methods: This study was a cross-sectional multi-institutional survey of internal medicine residents. Residents ranked different communication modalities based on efficiency, ease of use, and security using a Likert scale. Communication options included telephone, email, hospital paging, and SMS text messaging. Respondents also reported whether they had received confidential patient identifiers through any of these modalities. Results: SMS text messaging was preferred by 71.7% (94/131) of respondents because of its efficiency and by 79.8% (103/129) of respondents because of its ease of use. For security, 82.5% (104/126) of respondents preferred the hospital paging system, whereas only 20.6% (26/126) of respondents preferred SMS text messaging for secure communication. In all, 70.9% (93/131) of respondents reported having received patient identifiers (first and/or last name), 81.7% (107/131) reported receiving patient initials, and 50.4% (66/131) reported receiving a patient’s medical record number through SMS text messages. Conclusions: Residents prefer in-hospital communication through SMS text messaging because of its ease of use and efficiency. Despite security concerns, the majority of residents reported receiving confidential patient information through SMS text messaging. For providers, it is possible that the benefits of improved in-hospital communication with SMS text messaging and the presumed improvement in the coordination and delivery of patient care outweigh security concerns they may have. The tension between the security and convenience of SMS text messaging may represent an educational opportunity to ensure the compliance of mobile technology in the health care setting. %M 26611620 %R 10.2196/medinform.4797 %U http://medinform.jmir.org/2015/4/e37/ %U https://doi.org/10.2196/medinform.4797 %U http://www.ncbi.nlm.nih.gov/pubmed/26611620 %0 Journal Article %@ 2291-5222 %I JMIR Publications Inc. %V 3 %N 4 %P e95 %T Mobile Phones in Research and Treatment: Ethical Guidelines and Future Directions %A Carter,Adrian %A Liddle,Jacki %A Hall,Wayne %A Chenery,Helen %+ School of Psychological Sciences, Monash University, Monash Biomedical Imaging, 770 Blackburn Road, Melbourne, 3800, Australia, 61 (0)3 9902 9431, adrian.carter@monash.edu %K ethics %K informed consent %K mHealth %K mobile phones %K Parkinson’s disease %K privacy %K regulation %D 2015 %7 16.10.2015 %9 Viewpoint %J JMIR mHealth uHealth %G English %X Mobile phones and other remote monitoring devices, collectively referred to as "mHealth," promise to transform the treatment of a range of conditions, including movement disorders, such as Parkinson’s disease. In this viewpoint paper, we use Parkinson’s disease as an example, although most considerations discussed below are valid for a wide variety of conditions. The ability to easily collect vast arrays of personal data over long periods will give clinicians and researchers unique insights into disease treatment and progression. These capabilities also pose new ethical challenges that health care professionals will need to manage if this promise is to be realized with minimal risk of harm. These challenges include privacy protection when anonymity is not always possible, minimization of third-party uses of mHealth data, informing patients of complex risks when obtaining consent, managing data in ways that maximize benefit while minimizing the potential for disclosure to third parties, careful communication of clinically relevant information gleaned via mHealth technologies, and rigorous evaluation and regulation of mHealth products before widespread use. Given the complex array of symptoms and differences in comfort and literacy with technology, it is likely that these solutions will need to be individualized. It is therefore critical that developers of mHealth apps engage with patients throughout the development process to ensure that the technology meets their needs. These challenges will be best met through early and ongoing engagement with patients and other relevant stakeholders. %M 26474545 %R 10.2196/mhealth.4538 %U http://mhealth.jmir.org/2015/4/e95/ %U https://doi.org/10.2196/mhealth.4538 %U http://www.ncbi.nlm.nih.gov/pubmed/26474545 %0 Journal Article %@ 2291-5222 %I JMIR Publications Inc. %V 3 %N 2 %P e64 %T Can Standards and Regulations Keep Up With Health Technology? %A Vincent,Christopher James %A Niezen,Gerrit %A O'Kane,Aisling Ann %A Stawarz,Katarzyna %+ UCL Interaction Centre, University College London, Gower Street, London, WC1E 6BT, United Kingdom, 44 (0)203 108 7057 ext 57057, c.vincent@ucl.ac.uk %K governmental regulations %K health services %K medical devices %K mHealth %K mobile phones %K open source initiative %K software %K standards %K technology %D 2015 %7 03.06.2015 %9 Viewpoint %J JMIR mHealth uHealth %G English %X Technology is changing at a rapid rate, opening up new possibilities within the health care domain. Advances such as open source hardware, personal medical devices, and mobile phone apps are creating opportunities for custom-made medical devices and personalized care. However, they also introduce new challenges in balancing the need for regulation (ensuring safety and performance) with the need to innovate flexibly and efficiently. Compared with the emergence of new technologies, health technology design standards and regulations evolve slowly, and therefore, it can be difficult to apply these standards to the latest developments. For example, current regulations may not be suitable for approaches involving open source hardware, an increasingly popular way to create medical devices in the maker community. Medical device standards may not be flexible enough when evaluating the usability of mobile medical devices that can be used in a multitude of different ways, outside of clinical settings. Similarly, while regulatory guidance has been updated to address the proliferation of health-related mobile phone apps, it can be hard to know if and when these regulations apply. In this viewpoint, we present three examples of novel medical technologies to illustrate the types of regulatory issues that arise in the current environment. We also suggest opportunities for support, such as advances in the way we review and monitor medical technologies. %M 26041730 %R 10.2196/mhealth.3918 %U http://mhealth.jmir.org/2015/2/e64/ %U https://doi.org/10.2196/mhealth.3918 %U http://www.ncbi.nlm.nih.gov/pubmed/26041730 %0 Journal Article %@ 2291-5222 %I JMIR Publications Inc. %V 3 %N 1 %P e8 %T Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android %A Dehling,Tobias %A Gao,Fangjian %A Schneider,Stephan %A Sunyaev,Ali %+ Department of Information Systems, Faculty of Management, Economics and Social Sciences, University of Cologne, Albertus-Magnus-Platz, Cologne, D-50923, Germany, 49 221 4705397, sunyaev@wiso.uni-koeln.de %K mobile health %K mobile apps %K data security %K software and application security %K patient privacy %K health information technology %D 2015 %7 19.01.2015 %9 Original Paper %J JMIR mHealth uHealth %G English %X Background: Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective: The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods: We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results: We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Conclusions: Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements. %M 25599627 %R 10.2196/mhealth.3672 %U http://mhealth.jmir.org/2015/1/e8/ %U https://doi.org/10.2196/mhealth.3672 %U http://www.ncbi.nlm.nih.gov/pubmed/25599627