中国互联网医院应用程序中的医疗信息保护:量表开发与内容分析

IF 5.4 2区 医学 Q1 HEALTH CARE SCIENCES & SERVICES JMIR mHealth and uHealth Pub Date : 2024-06-21 DOI:10.2196/55061
Jiayi Jiang, Zexing Zheng
{"title":"中国互联网医院应用程序中的医疗信息保护:量表开发与内容分析","authors":"Jiayi Jiang, Zexing Zheng","doi":"10.2196/55061","DOIUrl":null,"url":null,"abstract":"<p><strong>Background: </strong>Hospital apps are increasingly being adopted in many countries, especially since the start of the COVID-19 pandemic. Web-based hospitals can provide valuable medical services and enhanced accessibility. However, increasing concerns about personal information (PI) and strict legal compliance requirements necessitate privacy assessments for these platforms. Guided by the theory of contextual integrity, this study investigates the regulatory compliance of privacy policies for internet hospital apps in the mainland of China.</p><p><strong>Objective: </strong>In this paper, we aim to evaluate the regulatory compliance of privacy policies of internet hospital apps in the mainland of China and offer recommendations for improvement.</p><p><strong>Methods: </strong>We obtained 59 internet hospital apps on November 7, 2023, and reviewed 52 privacy policies available between November 8 and 23, 2023. We developed a 3-level indicator scale based on the information processing activities, as stipulated in relevant regulations. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 70 level-3 indicators.</p><p><strong>Results: </strong>The mean compliance score of the 52 assessed apps was 73/100 (SD 22.4%), revealing a varied spectrum of compliance. Sensitive PI protection compliance (mean 73.9%, SD 24.2%) lagged behind general PI protection (mean 90.4%, SD 14.7%), with only 12 apps requiring separate consent for processing sensitive PI (mean 73.9%, SD 24.2%). Although most apps (n=41, 79%) committed to supervising subcontractors, only a quarter (n=13, 25%) required users' explicit consent for subcontracting activities. Concerning PI storage security (mean 71.2%, SD 29.3%) and incident management (mean 71.8%, SD 36.6%), half of the assessed apps (n=27, 52%) committed to bear corresponding legal responsibility, whereas fewer than half (n=24, 46%) specified the security level obtained. Most privacy policies stated the PI retention period (n=40, 77%) and instances of PI deletion or anonymization (n=41, 79%), but fewer (n=20, 38.5%) committed to prompt third-party PI deletion. Most apps delineated various individual rights, but only a fraction addressed the rights to obtain copies (n=22, 42%) or to refuse advertisement based on automated decision-making (n=13, 25%). Significant deficiencies remained in regular compliance audits (mean 11.5%, SD 37.8%), impact assessments (mean 13.5%, SD 15.2%), and PI officer disclosure (mean 48.1%, SD 49.3%).</p><p><strong>Conclusions: </strong>Our analysis revealed both strengths and significant shortcomings in the compliance of internet hospital apps' privacy policies with relevant regulations. As China continues to implement internet hospital apps, it should ensure the informed consent of users for PI processing activities, enhance compliance levels of relevant privacy policies, and fortify PI protection enforcement across the information processing stages.</p>","PeriodicalId":14756,"journal":{"name":"JMIR mHealth and uHealth","volume":"12 ","pages":"e55061"},"PeriodicalIF":5.4000,"publicationDate":"2024-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11226934/pdf/","citationCount":"0","resultStr":"{\"title\":\"Medical Information Protection in Internet Hospital Apps in China: Scale Development and Content Analysis.\",\"authors\":\"Jiayi Jiang, Zexing Zheng\",\"doi\":\"10.2196/55061\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><strong>Background: </strong>Hospital apps are increasingly being adopted in many countries, especially since the start of the COVID-19 pandemic. Web-based hospitals can provide valuable medical services and enhanced accessibility. However, increasing concerns about personal information (PI) and strict legal compliance requirements necessitate privacy assessments for these platforms. Guided by the theory of contextual integrity, this study investigates the regulatory compliance of privacy policies for internet hospital apps in the mainland of China.</p><p><strong>Objective: </strong>In this paper, we aim to evaluate the regulatory compliance of privacy policies of internet hospital apps in the mainland of China and offer recommendations for improvement.</p><p><strong>Methods: </strong>We obtained 59 internet hospital apps on November 7, 2023, and reviewed 52 privacy policies available between November 8 and 23, 2023. We developed a 3-level indicator scale based on the information processing activities, as stipulated in relevant regulations. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 70 level-3 indicators.</p><p><strong>Results: </strong>The mean compliance score of the 52 assessed apps was 73/100 (SD 22.4%), revealing a varied spectrum of compliance. Sensitive PI protection compliance (mean 73.9%, SD 24.2%) lagged behind general PI protection (mean 90.4%, SD 14.7%), with only 12 apps requiring separate consent for processing sensitive PI (mean 73.9%, SD 24.2%). Although most apps (n=41, 79%) committed to supervising subcontractors, only a quarter (n=13, 25%) required users' explicit consent for subcontracting activities. Concerning PI storage security (mean 71.2%, SD 29.3%) and incident management (mean 71.8%, SD 36.6%), half of the assessed apps (n=27, 52%) committed to bear corresponding legal responsibility, whereas fewer than half (n=24, 46%) specified the security level obtained. Most privacy policies stated the PI retention period (n=40, 77%) and instances of PI deletion or anonymization (n=41, 79%), but fewer (n=20, 38.5%) committed to prompt third-party PI deletion. Most apps delineated various individual rights, but only a fraction addressed the rights to obtain copies (n=22, 42%) or to refuse advertisement based on automated decision-making (n=13, 25%). Significant deficiencies remained in regular compliance audits (mean 11.5%, SD 37.8%), impact assessments (mean 13.5%, SD 15.2%), and PI officer disclosure (mean 48.1%, SD 49.3%).</p><p><strong>Conclusions: </strong>Our analysis revealed both strengths and significant shortcomings in the compliance of internet hospital apps' privacy policies with relevant regulations. As China continues to implement internet hospital apps, it should ensure the informed consent of users for PI processing activities, enhance compliance levels of relevant privacy policies, and fortify PI protection enforcement across the information processing stages.</p>\",\"PeriodicalId\":14756,\"journal\":{\"name\":\"JMIR mHealth and uHealth\",\"volume\":\"12 \",\"pages\":\"e55061\"},\"PeriodicalIF\":5.4000,\"publicationDate\":\"2024-06-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11226934/pdf/\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"JMIR mHealth and uHealth\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://doi.org/10.2196/55061\",\"RegionNum\":2,\"RegionCategory\":\"医学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"HEALTH CARE SCIENCES & SERVICES\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"JMIR mHealth and uHealth","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.2196/55061","RegionNum":2,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"HEALTH CARE SCIENCES & SERVICES","Score":null,"Total":0}
引用次数: 0

摘要

背景:许多国家越来越多地采用医院应用程序,尤其是在 COVID-19 大流行开始之后。基于网络的医院可以提供有价值的医疗服务并提高可及性。然而,对个人信息(PI)的日益关注和严格的法律合规性要求使得有必要对这些平台进行隐私评估。本研究以情境完整性理论为指导,调查了中国大陆互联网医院应用程序隐私政策的合规性:本文旨在评估中国大陆互联网医院应用程序隐私政策的合规性,并提出改进建议:方法:我们于2023年11月7日获取了59款互联网医院APP,并对其中52款APP在2023年11月8日至23日期间的隐私政策进行了审查。根据相关法规的规定,我们根据信息处理活动制定了一个三级指标量表。该量表包括 7 个一级指标、26 个二级指标和 70 个三级指标:结果:52 个接受评估的应用程序的平均合规分数为 73/100(标准差 22.4%),合规程度参差不齐。敏感个人信息保护合规性(平均 73.9%,标准差 24.2%)落后于一般个人信息保护(平均 90.4%,标准差 14.7%),只有 12 款应用程序在处理敏感个人信息时需要单独征得同意(平均 73.9%,标准差 24.2%)。虽然大多数应用程序(n=41,79%)承诺监督分包商,但只有四分之一(n=13,25%)的分包活动需要用户明确同意。关于个人信息存储安全(平均 71.2%,标定值 29.3%)和事件管理(平均 71.8%,标定值 36.6%),半数受评应用程序(n=27,52%)承诺承担相应的法律责任,但只有不到半数(n=24,46%)明确说明了所获得的安全级别。大多数隐私政策说明了个人信息的保留期限(n=40,77%)和个人信息删除或匿名化的情况(n=41,79%),但承诺及时删除第三方个人信息的应用程序较少(n=20,38.5%)。大多数应用程序规定了各种个人权利,但只有一小部分涉及获取副本的权利(n=22,42%)或拒绝基于自动决策的广告的权利(n=13,25%)。在定期合规性审核(平均 11.5%,标准差 37.8%)、影响评估(平均 13.5%,标准差 15.2%)和 PI 官员披露(平均 48.1%,标准差 49.3%)方面仍存在重大缺陷:我们的分析显示,互联网医院应用程序的隐私政策在遵守相关法规方面既有优势,也存在明显不足。随着中国互联网医院应用程序的不断发展,应确保用户对隐私保护处理活动的知情同意,提高相关隐私政策的合规水平,并在信息处理的各个阶段加强隐私保护的执行力度。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Medical Information Protection in Internet Hospital Apps in China: Scale Development and Content Analysis.

Background: Hospital apps are increasingly being adopted in many countries, especially since the start of the COVID-19 pandemic. Web-based hospitals can provide valuable medical services and enhanced accessibility. However, increasing concerns about personal information (PI) and strict legal compliance requirements necessitate privacy assessments for these platforms. Guided by the theory of contextual integrity, this study investigates the regulatory compliance of privacy policies for internet hospital apps in the mainland of China.

Objective: In this paper, we aim to evaluate the regulatory compliance of privacy policies of internet hospital apps in the mainland of China and offer recommendations for improvement.

Methods: We obtained 59 internet hospital apps on November 7, 2023, and reviewed 52 privacy policies available between November 8 and 23, 2023. We developed a 3-level indicator scale based on the information processing activities, as stipulated in relevant regulations. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 70 level-3 indicators.

Results: The mean compliance score of the 52 assessed apps was 73/100 (SD 22.4%), revealing a varied spectrum of compliance. Sensitive PI protection compliance (mean 73.9%, SD 24.2%) lagged behind general PI protection (mean 90.4%, SD 14.7%), with only 12 apps requiring separate consent for processing sensitive PI (mean 73.9%, SD 24.2%). Although most apps (n=41, 79%) committed to supervising subcontractors, only a quarter (n=13, 25%) required users' explicit consent for subcontracting activities. Concerning PI storage security (mean 71.2%, SD 29.3%) and incident management (mean 71.8%, SD 36.6%), half of the assessed apps (n=27, 52%) committed to bear corresponding legal responsibility, whereas fewer than half (n=24, 46%) specified the security level obtained. Most privacy policies stated the PI retention period (n=40, 77%) and instances of PI deletion or anonymization (n=41, 79%), but fewer (n=20, 38.5%) committed to prompt third-party PI deletion. Most apps delineated various individual rights, but only a fraction addressed the rights to obtain copies (n=22, 42%) or to refuse advertisement based on automated decision-making (n=13, 25%). Significant deficiencies remained in regular compliance audits (mean 11.5%, SD 37.8%), impact assessments (mean 13.5%, SD 15.2%), and PI officer disclosure (mean 48.1%, SD 49.3%).

Conclusions: Our analysis revealed both strengths and significant shortcomings in the compliance of internet hospital apps' privacy policies with relevant regulations. As China continues to implement internet hospital apps, it should ensure the informed consent of users for PI processing activities, enhance compliance levels of relevant privacy policies, and fortify PI protection enforcement across the information processing stages.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
JMIR mHealth and uHealth
JMIR mHealth and uHealth Medicine-Health Informatics
CiteScore
12.60
自引率
4.00%
发文量
159
审稿时长
10 weeks
期刊介绍: JMIR mHealth and uHealth (JMU, ISSN 2291-5222) is a spin-off journal of JMIR, the leading eHealth journal (Impact Factor 2016: 5.175). JMIR mHealth and uHealth is indexed in PubMed, PubMed Central, and Science Citation Index Expanded (SCIE), and in June 2017 received a stunning inaugural Impact Factor of 4.636. The journal focusses on health and biomedical applications in mobile and tablet computing, pervasive and ubiquitous computing, wearable computing and domotics. JMIR mHealth and uHealth publishes since 2013 and was the first mhealth journal in Pubmed. It publishes even faster and has a broader scope with including papers which are more technical or more formative/developmental than what would be published in the Journal of Medical Internet Research.
期刊最新文献
A Remote Patient Monitoring System With Feedback Mechanisms Using a Smartwatch: Concept, Implementation, and Evaluation Based on the activeDCM Randomized Controlled Trial. Implementation of a Technology-Based Mobile Obstetric Referral Emergency System (MORES): Qualitative Assessment of Health Workers in Rural Liberia. Evaluating the Sensitivity of Wearable Devices in Posttranscatheter Aortic Valve Implantation Functional Assessment. Using a Quality-Controlled Dataset From ViSi Mobile Monitoring for Analyzing Posture Patterns of Hospitalized Patients: Retrospective Observational Study. Validity of a Consumer-Based Wearable to Measure Clinical Parameters in Patients With Chronic Obstructive Pulmonary Disease and Healthy Controls: Observational Study.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1