Despite the importance of the privacy and confidentiality of patients’ information, mobile health (mHealth) apps can raise the risk of violating users’ privacy and confidentiality. Research has shown that many apps provide an insecure infrastructure and that security is not a priority for developers.
This study aims to develop and validate a comprehensive tool to be considered by developers for assessing the security and privacy of mHealth apps.
A literature search was performed to identify papers on app development, and those papers reporting criteria for the security and privacy of mHealth were assessed. The criteria were extracted using content analysis and presented to experts. An expert panel was held for determining the categories and subcategories of the criteria according to meaning, repetition, and overlap; impact scores were also measured. Quantitative and qualitative methods were used for validating the criteria. The validity and reliability of the instrument were calculated to present an assessment instrument.
The proposed comprehensive criteria can be used as a guide for app designers, developers, and even researchers. The criteria and the countermeasures presented in this study can be considered to improve the privacy and security of mHealth apps before releasing the apps into the market. Regulators are recommended to consider an established standard using such criteria for the accreditation process, since the available self-certification of developers is not reliable enough.