Reviewing the data security and privacy policies of mobile apps for depression

O’Loughlin, Kristen; Neary, Martha; Adkins, Elizabeth C; Schueller, Stephen M.

doi:10.1016/j.invent.2018.12.001

Cited by 137 publications

(101 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A further concern relates to the inadequate data protection and privacy declarations revealed in many apps in this study. This finding is consistent with the results of prior investigations (O'Loughlin, Neary, Adkins, & Schueller, 2019;Sucala et al, 2017;Terhorst et al, 2018). Even more concerning is the fact that many apps transmit data to commercial entities without disclosing this (Huckvale, Torous, & Larsen, 2019).…”

Section: Discussionsupporting

confidence: 94%

‘Help for trauma from the app stores?’ A systematic review and standardised rating of apps for Post-Traumatic Stress Disorder (PTSD)

Sander

Schorndanner

Terhorst

et al. 2020

European Journal of Psychotraumatology

View full text Add to dashboard Cite

Background: Mobile health applications (apps) are considered to complement traditional psychological treatments for Post-Traumatic Stress Disorder (PTSD). However, the use for clinical practice and quality of available apps is unknown. Objective: To assess the general characteristics, therapeutic background, content, and quality of apps for PTSD and to examine their concordance with established PTSD treatment and self-help methods. Method: A web crawler systematically searched for apps targeting PTSD in the British Google Play and Apple iTunes stores. Two independent researchers rated the apps using the Mobile App Rating Scale (MARS). The content of high-quality apps was checked for concordance with psychological treatment and self-help methods extracted from current literature on PTSD treatment. Results: Out of 555 identified apps, 69 met the inclusion criteria. The overall app quality based on the MARS was medium (M = 3.36, SD = 0.65). Most apps (50.7%) were based on cognitive behavioural therapy and offered a wide range of content, including established psychological PTSD treatment methods such as processing of trauma-related emotions and beliefs, relaxation exercises, and psychoeducation. Notably, data protection and privacy standards were poor in most apps and only one app (1.4%) was scientifically evaluated in a randomized controlled trial. Conclusions: High-quality apps based on established psychological treatment techniques for PTSD are available in commercial app stores. However, users are confronted with great difficulties in identifying useful high-quality apps and most apps lack an evidence-base. Commercial distribution channels do not exploit the potential of apps to complement the psychological treatment of PTSD.

show abstract

Section: Discussionsupporting

confidence: 94%

‘Help for trauma from the app stores?’ A systematic review and standardised rating of apps for Post-Traumatic Stress Disorder (PTSD)

Sander

Schorndanner

Terhorst

et al. 2020

European Journal of Psychotraumatology

View full text Add to dashboard Cite

show abstract

“…Transparency, therefore, is of the utmost importance. However, the literature is consistent in its illustration of the mHealth industry as being poorly compliant with the provision of appropriate privacy policies or Terms of Service agreements to users [84,89,90,[105][106][107][108][109][110][111][112][113]. Where privacy policies do exist, they are often non-specific to the app in question, may not inform users if the policy is being updated or if their data is to be shared, and may not provide users the right to access their personal data or be otherwise HIPAA-noncompliant [107,108,110,[114][115][116].…”

Section: Informed Consent Privacy Policies and Access Controlmentioning

confidence: 96%

Developments in Privacy and Data Ownership in Mobile Health Technologies, 2016-2019

Galvin

DeMuro²

2020

Yearb Med Inform

View full text Add to dashboard Cite

Objectives: To survey international regulatory frameworks that serve to protect privacy of personal data as a human right as well as to review the literature regarding privacy protections and data ownership in mobile health (mHealth) technologies between January 1, 2016 and June 1, 2019 in order to identify common themes. Methods: We performed a review of relevant literature available in English published between January 1, 2016 and June 1, 2019 from databases including PubMed, Google Scholar, and Web of Science, as well as relevant legislative background material. Articles out of scope (as detailed below) were eliminated. We categorized the remaining pool of articles and discrete themes were identified, specifically: concerns around data transmission and storage, including data ownership and the ability to re-identify previously de-identified data; issues with user consent (including the availability of appropriate privacy policies) and access control; and the changing culture and variable global attitudes toward privacy of health data. Results: Recent literature demonstrates that the security of mHealth data storage and transmission remains of wide concern, and aggregated data that were previously considered “de-identified” have now been demonstrated to be re-identifiable. Consumer-informed consent may be lacking with regard to mHealth applications due to the absence of a privacy policy and/or to text that is too complex and lengthy for most users to comprehend. The literature surveyed emphasizes improved access control strategies. This survey also illustrates a wide variety of global user perceptions regarding health data privacy. Conclusion: The international regulatory framework that serves to protect privacy of personal data as a human right is diverse. Given the challenges legislators face to keep up with rapidly advancing technology, we introduce the concept of a “healthcare fiduciary” to serve the best interest of data subjects in the current environment.

show abstract

“…These are considered separately due to the growing importance of compliance in the mHealth industry [65]. [24], [41], [69], [73], [75], [76], [80], [82], [83] General security and privacy evaluation focus 6 studies [6], [8], [54], [60], [62], [68] Compliance…”

Section: Iv3 Security And/or Privacy Evaluation Techniquesmentioning

confidence: 99%

“…On a more detailed level, Table 6 includes the categories and subcategories of evaluation artefacts and the numbers of papers that covered them. Healthcare expert evaluation [69], user evaluation [21], [72] [2], [6], [8], [17], [21], [22], [24], [27], [41], [68]- [70], [72], [75], [77]- [79], [81]- [83] Privacy policy (PP) and Terms of Agreement (ToA) content evaluation Readability assessment [17], [23], [56], [116] [1], [6], [17], [22]- [24], [41], [55], [56], [58], [60], [68], [71], [74], [75], [77], [78], [83], [116] Technical security mechanisms evaluation…”

Section: ) Evaluation Objectives and Artefactsmentioning

confidence: 99%

Security and Privacy of mHealth Applications: A Scoping Review

2020

View full text Add to dashboard Cite

While digital health or mHealth applications (apps) have become accessible resources for the support of personal health, the privacy and security of users' data have been the subject of concern and controversy. As large numbers of mHealth apps are created and are increasingly widely used by people with various health conditions, it is crucial to have clear and valid methods for evaluating the data practices within them. Recent regulatory initiatives such as the European Union's General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) have had the effect of raising awareness and establishing a minimal set of expectations. However, they do not in themselves address the issue of the development of systems which meet privacy and security requirements. There is a growing body of research on evaluation techniques and frameworks to support the assessment of the privacy and security of health apps, and guidelines to support their design. However, it can be challenging to navigate this space and choose appropriate techniques for a given context. Addressing this issue, this paper examines the recent literature on security and privacy of m-Health applications, using a scoping review methodology. It analyses data security and privacy evaluation techniques and frameworks that have been proposed for mHealth applications, as well as relevant research-based design recommendations. This work consolidates recent research on the topic to support researchers, app designers, end users, and healthcare professionals in designing, evaluating, recommending and adopting mHealth applications.

show abstract

Reviewing the data security and privacy policies of mobile apps for depression

Cited by 137 publications

References 19 publications

‘Help for trauma from the app stores?’ A systematic review and standardised rating of apps for Post-Traumatic Stress Disorder (PTSD)

‘Help for trauma from the app stores?’ A systematic review and standardised rating of apps for Post-Traumatic Stress Disorder (PTSD)

Developments in Privacy and Data Ownership in Mobile Health Technologies, 2016-2019

Security and Privacy of mHealth Applications: A Scoping Review

Contact Info

Product

Resources

About