Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2021 Jan 28;9(1):e23409.
doi: 10.2196/23409.

Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation

Zhenni Ni #  1   2   3 Yiying Wang #  4 Yuxing Qian #  1   2   3
Affiliations

Privacy Policy Compliance of Chronic Disease Management Apps in China: Scale Development and Content Evaluation

Zhenni Ni et al. JMIR Mhealth Uhealth. .

Abstract

Background: With the development of mobile health (mHealth), chronic disease management apps have brought not only the possibility of reducing the burden of chronic diseases but also huge privacy risks to patients' health data.

Objective: The purpose of the study was to analyze the extent to which chronic disease management apps in China comply with the Personal Information Security Specification (PI Specification).

Methods: The compliance of 45 popular chronic disease management apps was evaluated from the perspective of the information life cycle. To conduct a fine-grained evaluation, a scale based on the PI Specification was developed. Finally, 6 level 1 indicators, 22 level 2 indicators, and 61 level 3 indicators were defined.

Results: There were 33/45 apps (73%) with a privacy policy, and the average score of these apps was 40.4 out of 100. Items of level 1 indicators with high scores included general characteristics (mean 51.9% [SD 28.1%]), information collection and use (mean 51.1% [SD 36.7%]), and information sharing and transfer (mean 50.3% [SD 33.5%]). Information storage and protection had the lowest compliance with PI Specification (mean 29.4% [SD 32.4%]). Few personal information (PI) controllers have stated how to handle security incidents, including security incident reporting (7/33, 21%), security incident notification (10/33, 30%), and commitment to bear corresponding legal responsibility for PI security incidents (1/33, 3%). The performance of apps in the stage of information destruction (mean 31.8% [SD 40.0%]) was poor, and only 21% (7/33) apps would notify third parties to promptly delete PI after individuals cancelled their accounts. Moreover, the scoring rate for rights of PI subjects is generally low (mean 31.2% [SD 35.5%]), especially for obtaining copies of PI (15%) and responding to requests (25%).

Conclusions: Although most chronic disease management apps had a privacy policy, the total compliance rate of the policy content was low, especially in the stage of information storage and protection. Thus, the field has a long way to go with regard to compliance around personal privacy protection in China.

Keywords: content analysis; mHealth; noncommunicable diseases.

PubMed Disclaimer

Conflict of interest statement

Conflicts of Interest: None declared.

Figures

Figure 1
Figure 1
Flow chart of the search strategy.
Figure 2
Figure 2
The scoring rate of chronic disease management apps on level 1 indicators. PI: personal information.
Figure 3
Figure 3
Compliance evaluation results of the privacy policies general characteristics. PI: personal information.
Figure 4
Figure 4
Evaluation results in the stage of information collection and use, and the stage of information storage and protection. PI: personal information.
Figure 5
Figure 5
Evaluation results in the stage of information sharing and transfer, and the stage of information destruction. PI: personal information.
Figure 6
Figure 6
Compliance evaluation results of the right of PI subjects. PI: personal information.
See this image and copyright information in PMC

References

    1. World Health Organization Noncommunicable diseases: Secondary Noncommunicable diseases. 2018. Jun 1, [2020-12-21]. https://www.who.int/news-room/fact-sheets/detail/noncommunicable-diseases.
    1. Triantafyllidis A, Kondylakis H, Votis K, Tzovaras D, Maglaveras N, Rahimi K. Features, outcomes, and challenges in mobile health interventions for patients living with chronic diseases: A review of systematic reviews. Int J Med Inform. 2019 Dec;132:103984. doi: 10.1016/j.ijmedinf.2019.103984. - DOI - PubMed
    1. Aubourg T, Demongeot J, Provost H, Vuillerme N. Circadian Rhythms in the Telephone Calls of Older Adults: Observational Descriptive Study. JMIR Mhealth Uhealth. 2020 Feb 25;8(2):e12452. doi: 10.2196/12452. https://mhealth.jmir.org/2020/2/e12452/ - DOI - PMC - PubMed
    1. Huang R, Liu N, Nicdao M, Mikaheal M, Baldacchino T, Albeos A, Petoumenos K, Sud K, Kim J. Emotion sharing in remote patient monitoring of patients with chronic kidney disease. J Am Med Inform Assoc. 2020 Feb 01;27(2):185–193. doi: 10.1093/jamia/ocz183. http://europepmc.org/abstract/MED/31633755 - DOI - PMC - PubMed
    1. Korpershoek YJG, Hermsen S, Schoonhoven L, Schuurmans MJ, Trappenburg JCA. User-Centered Design of a Mobile Health Intervention to Enhance Exacerbation-Related Self-Management in Patients With Chronic Obstructive Pulmonary Disease (Copilot): Mixed Methods Study. J Med Internet Res. 2020 Jun 15;22(6):e15449. doi: 10.2196/15449. https://www.jmir.org/2020/6/e15449/ - DOI - PMC - PubMed

Publication types