图书情报工作

图书情报工作 >

2024 , Vol. 68 >Issue 14: 3 - 13

DOI: https://doi.org/10.13266/j.issn.0252-3116.2024.14.001

理论研究

移动健康应用隐私安全评价体系的构建与实证研究

  • 翟运开 ,
  • 周帆 ,
  • 张坤
展开
  • 1 郑州大学管理学院 郑州 450001;
    2 国家远程医疗中心互联网医疗系统与应用国家工程实验室 郑州 450052;
    3 河南省智能健康信息系统国际联合实验室 郑州 450001
翟运开,院长,教授,博士,博士生导师;周帆,硕士研究生;张坤,副研究员,博士,硕士生导师,通信作者,E-mail:zhangkun_wys@163.com。

收稿日期: 2024-01-02

  修回日期: 2024-03-17

  网络出版日期: 2024-07-30

基金资助

本文系国家社会科学基金资助项目“医疗健康大数据资产管理模式与再利用机制研究”(项目编号:21BTQ053)研究成果之一。

收起

Construction and Empirical Research of Privacy Security Evaluation System for Mobile Health Applications

  • Zhai Yunkai ,
  • Zhou Fan ,
  • Zhang Kun
Expand
  • 1 School of Management, Zhengzhou University, Zhengzhou 450001;
    2 National Telemedicine Center of China·National Engineering Laboratory for Internet Medical Systems and Applications, Zhengzhou 450052;
    3 Henan Province International Joint Laboratory of Intelligent Health Information System, Zhengzhou 450001

Received date: 2024-01-02

  Revised date: 2024-03-17

  Online published: 2024-07-30

Supported by

This work is supported by the National Social Science Fund of China project titled “Research on Medical and Health Big Data Asset Management Model and Reuse Mechanism”(Grant No.21BTQ053).

Fold

摘要

[目的/意义] 旨在构建移动健康应用隐私安全评价体系,为移动健康应用隐私安全评估与提升提供测量工具和决策依据。[方法/过程] 基于系统化研究视角,采用程序化扎根理论方法对用户访谈数据进行编码分析,提炼影响移动健康应用隐私安全的评价指标,并采用模糊层次分析法进行评价指标赋权,确定移动健康应用隐私安全评价体系,在此基础上,参考相关系数检验思想对评价体系进行实证检验。[结果/结论] 构建包含数据治理保障、隐私风险控制、健康应用脆弱风险、隐私政策和隐私安全认知5个准则层指标和20个相应指标层指标的移动健康应用隐私安全评价体系,且实证研究结果证实该评价体系具有可靠性与有效性。最后,识别出关键评价指标,并据此提出针对性的隐私安全提升建议。

关键词: 移动健康应用; 隐私安全; 隐私泄露; 评价体系

本文引用格式

翟运开 , 周帆 , 张坤 . 移动健康应用隐私安全评价体系的构建与实证研究[J]. 图书情报工作, 2024 , 68(14) : 3 -13 . DOI: 10.13266/j.issn.0252-3116.2024.14.001

Abstract

[Purpose/Significance] The purpose of this paper is to construct a privacy security evaluation system for mobile health applications, and to provide measurement tools and decision-making basis for privacy security evaluation and improvement of mobile health applications. [Method/Process] Based on the systematic research perspective, it took the procedural grounded theory method to encode and analyze the user interview data, and extracted the evaluation indicators affecting the privacy security of mobile health applications. It applied the fuzzy analytic hierarchy process to weight the evaluation indicators, and determined the privacy security evaluation system of mobile health applications. On this basis, it conducted an empirical test of the evaluation system with reference to the correlation coefficient test. [Result/Conclusion] This evaluation system includes five first-level indicators which are data governance guarantee, privacy risk control, health application vulnerability risk, privacy policy and privacy security cognition, and 20 corresponding second-level indicators. The empirical research results confirm that the evaluation system is reliable and effective. Finally, it identifies the key evaluation indicators and proposes targeted privacy security improvement suggestions accordingly.

Key words: mobile health applications; privacy security; privacy leakage; evaluation system

参考文献

[1] 李延晖,廖康,徐璐.电商平台与服务提供商的用户隐私信息管理策略研究[J].中国管理科学, 2022, 30(6):157-166.(LI Y H, LIAO K, XU L. Research on user's privacy information management strategies of e-commerce platform and service provider[J]. Chinese journal of management science, 2022, 30(6):157-166.)
[2] KRUPA Y, VERCOUTER L. Handling privacy as contextual integrity in decentralized virtual communities:the privaCIAS framework[J]. Web intelligence and agent systems, 2012, 10(1):105-116.
[3] 田波,郑羽莎,刘鹏远,等.移动APP用户隐私信息泄露风险评价指标及实证研究[J].图书情报工作, 2018, 62(19):101-110.(TIAN B, ZHENG Y S, LIU P Y, et al. The evaluation index and empirical study on risk of privacy information disclosure of mobile app users[J]. Library and information service, 2018, 62(19):101-110.)
[4] 赵杨,严周周,沈棋琦,等.基于机器学习的医疗健康APP隐私政策合规性研究[J].数据分析与知识发现, 2022, 6(5):112-126.(ZHAO Y, YAN Z Z, SHEN Q Q, et al. Evaluating privacy policy for mobile health apps with machine learning[J]. Data analysis and knowledge discovery, 2022, 6(5):112-126.)
[5] 张艳丰,邱怡.硬规则下我国移动阅读APP隐私政策合规性研究[J].现代情报, 2022, 42(1):167-176.(ZHANG Y F, QIU Y. Research on compliance of privacy policy of mobile reading app in China under hard rules[J]. Journal of modern information, 2022, 42(1):167-176.)
[6] 张艳丰,王羽西,彭丽徽.硬规则下移动短视频App隐私政策用户感知测度实证研究[J].情报理论与实践, 2021, 44(7):94-100, 110.(ZHANG Y F, WANG Y X, PENG L H. Empirical research on user perception measure of mobile short video app privacy policy under hard rules[J]. Information studies:theory&application, 2021, 44(7):94-100, 110.)
[7] 杨瑞仙,沈嘉宁,许帆,等.社交媒体APP隐私政策评价指标体系构建及实证研究[J].情报理论与实践, 2023, 46(1):81-89.(YANG R X, SHEN J N, XU F, et al. Construction of privacy policy evaluation index system for social media apps and empirical study[J]. Information studies:theory&application, 2023, 46(1):81-89.)
[8] BENJUMEA J, ROPERO J, RIVERA-ROMERO O, et al. Assessment of the fairness of privacy policies of mobile health apps:scale development and evaluation in cancer apps[J]. JMIR mHealth and uHealth, 2020, 8(7):e17134.
[9] BACHIRI M, IDRI A, FERNÁNDEZ-ALEMÁN J L, et al. Evaluating the privacy policies of mobile personal health records for pregnancy monitoring[J]. Journal of medical systems, 2018, 42(8):1-14.
[10] 赵静,丁一凡,赵旭阳.基于模糊层次分析法的社交媒体隐私安全量化评估研究[J].情报理论与实践, 2022, 45(9):135-141.(ZHAO J, DING Y F, ZHAO X Y. Research on quantitative evaluation of social media privacy security based on the fuzzy AHP[J]. Information studies:theory&application, 2022, 45(9):135-141.)
[11] ROCHA T, SOUTO E, EL-KHATIB K. Functionality-based mobile application recommendation system with security and privacy awareness[J]. Computers&security, 2020, 97(10):101972.
[12] ZAITSEVA E, HOVORUSHCHENKO T, PAVLOVA O, et al. Identifying the mutual correlations and evaluating the weights of factors and consequences of mobile application insecurity[J]. Systems, 2023, 11(5):242.
[13] 张晓娟,徐建光.政务APP个人隐私信息保护评价指标体系研究及实证分析[J].现代情报, 2019, 39(7):133-142.(ZHANG X J, XU J G. Research and empirical analysis on the evaluation system of personal privacy information protection in using government affairs apps[J]. Journal of modern information, 2019, 39(7):133-142.)
[14] 李青,苏明雪,聂含韵.教育类App隐私保护评价指标构建和保护现状研究[J].中国远程教育(综合版), 2022(9):69-77.(LI Q, SU M X, NIE H Y. Privacy protection for educational apps:evaluation indicator construction and the status quo in China[J]. Chinese journal of distance education, 2022(9):69-77.)
[15] 相甍甍,王晰巍,贾若男,等.移动商务中消费者个人隐私信息披露风险评价体系[J].图书情报工作, 2018, 62(18):34-44.(XIANG M M, WANG X W, JIA R N, et al. Research on the risk evaluation of consumers'privacy information disclosure in mobile commerce[J]. Library and information service, 2018, 62(18):34-44.)
[16] MOMENZADEH B, GOPAVARAM S, DAS S, et al. Bayesian evaluation of privacy-preserving risk communication for user android app preferences[J]. Information&computer security, 2021, 29(4):680-693.
[17] 王建亚,张欢,张坤.社交媒体用户隐私素养评价指标体系构建[J].图书馆论坛, 2024, 44(2):123-134.(WANG J Y, ZHANG H, ZHANG K. Construction of evaluation index system on privacy literacy of social media users[J]. Library tribune, 2024, 44(2):123-134.)
[18] 查先进,张坤,严亚兰.数字图书馆智能信息推荐服务满意度影响机理的扎根研究[J].情报学报, 2022, 41(1):83-95.(ZHA X J, ZHANG K, YAN Y L. Grounded research on the impacting mechanism of satisfaction with intelligent information recommendation services by digital libraries[J]. Journal of the China Society for Scientific and Technical Information, 2022, 41(1):83-95.)
[19] ZHAO Y, WU X, LI S. Perceived values to personal digital archives and their relationship to archiving behaviors:an exploratory research based on grounded theory[J]. Journal of librarianship and information science, 2023, 56(2):169063613.
[20] CHEN R, LIU Y. A study on Chinese audience's receptive behavior towards Chinese and Western cultural hybridity films based on grounded theory-taking Disney's animated film Turning Red as an example[J]. Behavioral sciences, 2023, 13(2):135.
[21] 冯姗,熊回香,黄吉桢,等.扎根理论视角下量化自我技术的示能性研究[J].图书情报工作, 2024, 68(3):59-70.(FENG S, XIONG H X, HUANG J Z, et al. Research on affordances of quantified self technology from the perspective of the grounded theory[J]. Library and information service, 2024, 68(3):59-70.)
[22] 赵光辉,李玲玲.大数据时代新型交通服务商业模式的监管--以网约车为例[J].管理世界, 2019, 35(6):109-118.(ZHAO G H, LI L L. The regulation of new traffic service business model in the era of big data:a case study of ride-hailing service[J]. Journal of management world, 2019, 35(6):109-118.)
[23] CULNAN M J, ARMSTRONG P K. Information privacy concerns, procedural fairness, and impersonal trust:an empirical investigation[J]. Organization science (Providence, R.I.), 1999, 10(1):104-115.
[24] XU H, DINEV T, SMITH J, et al. Information privacy concerns:linking individual perceptions with institutional privacy assurances[J]. Journal of the Association for Information Systems, 2011, 12(12):798-824.
[25] LUMINEAU F, WANG W, SCHILKE O. Blockchain governance-a new way of organizing collaborations?[J]. Organization science, 2021, 32(2):500-521.
[26] DINEV T, XU H, SMITH J H, et al. Information privacy and correlates:an empirical attempt to bridge and distinguish privacyrelated concepts[J]. European journal of information systems, 2013, 22(3):295-316.
[27] LIU Q, YAO M Z, YANG M, et al. Predicting users'privacy boundary management strategies on Facebook[J]. Chinese journal of communication, 2017, 10(3):295-311.
[28] KUNER C, CATE F H, MILLARD C, et al. Risk management in data protection[J]. International data privacy law, 2015, 5(2):95-98.
[29] FILATOTCHEV I, ZHANG X, PIESSE J. Multiple agency perspective, family control, and private information abuse in an emerging economy[J]. Asia Pacific journal of management, 2011, 28(1):69-93.
[30] 朱光,丰米宁,陈叶,等.大数据环境下社交网络隐私风险的模糊评估研究[J].情报科学, 2016, 34(9):94-98.(ZHU G, FENG M N, CHEN Y, et al. Research on fuzzy evaluation of privacy risk for social network in big data environment[J]. Journal science, 2016, 34(9):94-98.)
[31] KLARE G. The measurement of readability:useful information for communicators[J]. ACM journal of computer documentation, 2000, 24(3):107-121.
[32] 张明鑫,朱侯.隐私政策"霸王条款"特征及其作用机制的内容分析[J].情报学报, 2023, 42(9):1092-1102.(ZHANG M X, ZHU H. Characteristics of "malicious terms" in privacy policies and their interactive mechanisms based on content analysis[J]. Journal of the China Society for Scientific and Technical Information, 2023, 42(9):1092-1102.)
[33] ANTON A I, EARP J B, HE Q, et al. Financial privacy policies and the need for standardization[J]. IEEE security&privacy, 2004, 2(2):36-45.
[34] LIAO S, WILSON C, CHENG L, et al. Measuring the effectiveness of privacy policies for voice assistant applications[C]//Annual computer security applications conference. New York:Association for Computing Machinery, 2020:856-869.
[35] CHEN H, LI W. Mobile device users'privacy security assurance behavior:a technology threat avoidance perspective[J]. Information and computer security, 2017, 25(3):330-344.
[36] CHRISTOFIDES E, MUISE A, DESMARAIS S. Risky disclosures on Facebook:the effect of having a bad experience on online behavior[J]. Journal of adolescent research, 2012, 27(6):714-731.
[37] 陈昊,李文立,柯育龙.社交媒体持续使用研究:以情感响应为中介[J].管理评论, 2016, 28(9):61-71.(CHEN H, LI W L, KE Y L. Empirical study on continuous usage of social media:the mediating role of affect appeal[J]. Management review, 2016, 28(9):61-71.)
[38] 马骋宇,刘乾坤.移动健康应用程序的隐私政策评价及实证研究[J].图书情报工作, 2020, 64(7):46-55.(MA C Y, LIU Q K. Research on the privacy policy's evaluation and empirical study of mobile health applications[J]. Library and information service, 2020, 64(7):46-55.)
[39] ALTMAN I. Privacy regulation:culturally universal or culturally specific?[J]. Journal of social issues, 1977, 33(3):66-84.
[40] FRANCIS J J, JOHNSTON M, ROBERTSON C, et al. What is an adequate sample size?Operationalising data saturation for theory-based interview studies[J]. Psychology&health, 2010, 25(10):1229-1245.
[41] KELLEY H H, MICHELA J L. Attribution theory and research.[J]. Annual review of psychology, 1980, 31(1):457-501.
[42] BANDURA A. Human agency in social cognitive theory[J]. American psychologist, 1989, 44(9):1175-1184.
Options
文章导航

/