scholarly journals Privacy Practices of Health Information Technologies: Privacy Policy Risk Assessment Study and Proposed Guidelines

10.2196/26317 ◽  
2021 ◽  
Vol 23 (9) ◽  
pp. e26317
Author(s):  
Haley M LaMonica ◽  
Anna E Roberts ◽  
Grace Yeeun Lee ◽  
Tracey A Davenport ◽  
Ian B Hickie
Keyword(s):  
Risk Assessment ◽  
Health Information ◽  
Health Professionals ◽  
Participatory Design ◽  
Assessment Tool ◽  
Service Providers ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Policy Risk ◽  
Privacy Risks

Background Along with the proliferation of health information technologies (HITs), there is a growing need to understand the potential privacy risks associated with using such tools. Although privacy policies are designed to inform consumers, such policies have consistently been found to be confusing and lack transparency. Objective This study aims to present consumer preferences for accessing privacy information; develop and apply a privacy policy risk assessment tool to assess whether existing HITs meet the recommended privacy policy standards; and propose guidelines to assist health professionals and service providers with understanding the privacy risks associated with HITs, so that they can confidently promote their safe use as a part of care. Methods In phase 1, participatory design workshops were conducted with young people who were attending a participating headspace center, their supportive others, and health professionals and service providers from the centers. The findings were knowledge translated to determine participant preferences for the presentation and availability of privacy information and the functionality required to support its delivery. Phase 2 included the development of the 23-item privacy policy risk assessment tool, which incorporated material from international privacy literature and standards. This tool was then used to assess the privacy policies of 34 apps and e-tools. In phase 3, privacy guidelines, which were derived from learnings from a collaborative consultation process with key stakeholders, were developed to assist health professionals and service providers with understanding the privacy risks associated with incorporating HITs as a part of clinical care. Results When considering the use of HITs, the participatory design workshop participants indicated that they wanted privacy information to be easily accessible, transparent, and user-friendly to enable them to clearly understand what personal and health information will be collected and how these data will be shared and stored. The privacy policy review revealed consistently poor readability and transparency, which limited the utility of these documents as a source of information. Therefore, to enable informed consent, the privacy guidelines provided ensure that health professionals and consumers are fully aware of the potential for privacy risks in using HITs to support health and well-being. Conclusions A lack of transparency in privacy policies has the potential to undermine consumers’ ability to trust that the necessary measures are in place to secure and protect the privacy of their personal and health information, thus precluding their willingness to engage with HITs. The application of the privacy guidelines will improve the confidence of health professionals and service providers in the privacy of consumer data, thus enabling them to recommend HITs to provide or support care.

scholarly journals Privacy Practices of Health Information Technologies: Privacy Policy Risk Assessment Study and Proposed Guidelines (Preprint)

2020 ◽  
Author(s):  
Haley M LaMonica ◽  
Anna E Roberts ◽  
Grace Yeeun Lee ◽  
Tracey A Davenport ◽  
Ian B Hickie
Keyword(s):  
Risk Assessment ◽  
Health Information ◽  
Health Professionals ◽  
Participatory Design ◽  
Assessment Tool ◽  
Service Providers ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Policy Risk ◽  
Privacy Risks

BACKGROUND Along with the proliferation of health information technologies (HITs), there is a growing need to understand the potential privacy risks associated with using such tools. Although privacy policies are designed to inform consumers, such policies have consistently been found to be confusing and lack transparency. OBJECTIVE This study aims to present consumer preferences for accessing privacy information; develop and apply a privacy policy risk assessment tool to assess whether existing HITs meet the recommended privacy policy standards; and propose guidelines to assist health professionals and service providers with understanding the privacy risks associated with HITs, so that they can confidently promote their safe use as a part of care. METHODS In phase 1, participatory design workshops were conducted with young people who were attending a participating <i>headspace</i> center, their supportive others, and health professionals and service providers from the centers. The findings were knowledge translated to determine participant preferences for the presentation and availability of privacy information and the functionality required to support its delivery. Phase 2 included the development of the 23-item privacy policy risk assessment tool, which incorporated material from international privacy literature and standards. This tool was then used to assess the privacy policies of 34 apps and e-tools. In phase 3, privacy guidelines, which were derived from learnings from a collaborative consultation process with key stakeholders, were developed to assist health professionals and service providers with understanding the privacy risks associated with incorporating HITs as a part of clinical care. RESULTS When considering the use of HITs, the participatory design workshop participants indicated that they wanted privacy information to be easily accessible, transparent, and user-friendly to enable them to clearly understand what personal and health information will be collected and how these data will be shared and stored. The privacy policy review revealed consistently poor readability and transparency, which limited the utility of these documents as a source of information. Therefore, to enable informed consent, the privacy guidelines provided ensure that health professionals and consumers are fully aware of the potential for privacy risks in using HITs to support health and well-being. CONCLUSIONS A lack of transparency in privacy policies has the potential to undermine consumers’ ability to trust that the necessary measures are in place to secure and protect the privacy of their personal and health information, thus precluding their willingness to engage with HITs. The application of the privacy guidelines will improve the confidence of health professionals and service providers in the privacy of consumer data, thus enabling them to recommend HITs to provide or support care. CLINICALTRIAL

scholarly journals Assessment of privacy policy compliance for chronic disease management applications in China (Preprint)

2020 ◽  
Author(s):  
Zhenni Ni ◽  
Yiying Wang ◽  
Yuxing Qian
Keyword(s):  
Chronic Disease ◽  
Disease Management ◽  
Information Security ◽  
Chronic Disease Management ◽  
Personal Information ◽  
Average Score ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Security Issues ◽  
Privacy Risks

BACKGROUND With the development of mobile health, chronic disease management applications have brought the possibility of reducing the burden of chronic diseases and also brought huge privacy risks to patients' health data. OBJECTIVE The purpose of the study is to analyze the extent to which chronic disease management apps comply with personal information security regulations. METHODS This article analyzed the privacy policies of 39 popular chronic disease management apps, introduced a scale based on personal information security specifications, and analyzed the compliance of privacy policies from various stages of the information life cycle. RESULTS 26 apps (66.7%) have a privacy policy and the average score of these apps is 39 points. CONCLUSIONS It was found that most chronic disease management apps in China have a privacy policy, but the content expression was ambiguous and unclear, and it did not meet the requirements of regulations. Besides, the security issues at the information destruction stage were ignored by most app vendors.

scholarly journals Obtaining P3P Privacy Policies for Composite Services

2014 ◽  
Vol 2014 ◽  
pp. 1-10
Author(s):  
Yi Sun ◽  
Zhiqiu Huang ◽  
Changbo Ke
Keyword(s):  
Web Services ◽  
Privacy Protection ◽  
Service Providers ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Policy Language ◽  
Privacy Preferences ◽  
Composite Services

With the development of web services technology, web services have changed from single to composite services. Privacy protection in composite services is becoming an important issue. P3P (platform for privacy preferences) is a privacy policy language which was designed for single web services. It enables service providers to express how they will deal with the privacy information of service consumers. In order to solve the problem that P3P cannot be applied to composite services directly, we propose a method to obtain P3P privacy policies for composite services. In this method, we present the definitions ofPurpose,Recipient, andRetentionelements as well asOptionalandRequiredattributes for P3P policies of composite services. We also provide an instantiation to illustrate the feasibility of the method.

scholarly journals “What happens there ... follows us here”: Resettled but Still at Risk: Refugee Women and Girls in Australia

Refuge ◽  
2014 ◽  
Vol 30 (2) ◽  
pp. 45-56 ◽  
Author(s):  
Linda Bartolomei ◽  
Rebecca Eckert ◽  
Eileen Pittaway
Keyword(s):  
Risk Assessment ◽  
At Risk ◽  
Assessment Tool ◽  
Service Providers ◽  
Forced Marriage ◽  
Pregnancy And Childbirth ◽  
Survival Sex ◽  
Refugee Women ◽  
Extreme Risk ◽  
Women And Girls

UNHCR’s Women at Risk Program is designed to identify and respond to refugee women at extreme risk in countries of asylum who are in desperate need of resettlement. Many women who have been resettled under this program have been raped or faced forced engagement in survival sex, forced marriage, pregnancy, and childbirth as a result of rape. Drawing on a decade of research undertaken by the authors across 18 international sites, this article explores the experience of refugee women at risk resettled to Australia. It discusses the impacts of sexual violence on their settlement, including those of shame and stigma. It identifies that, while for some women at risk, resettlement offers hoped for safety and protection, for others the abuses they faced prior to resettlement resurface and are compounded by new risks and violations of their rights. It introduces a risk assessment tool designed to assist service providers to identify and respond to these risks.

Sign in / Sign up

Export Citation Format

Share Document