Library and Information Service

Library and Information Service >

2024 , Vol. 68 >Issue 14: 3 - 13

DOI: https://doi.org/10.13266/j.issn.0252-3116.2024.14.001

THEORETICAL STUDY

Construction and Empirical Research of Privacy Security Evaluation System for Mobile Health Applications

  • Zhai Yunkai ,
  • Zhou Fan ,
  • Zhang Kun
Expand
  • 1 School of Management, Zhengzhou University, Zhengzhou 450001;
    2 National Telemedicine Center of China·National Engineering Laboratory for Internet Medical Systems and Applications, Zhengzhou 450052;
    3 Henan Province International Joint Laboratory of Intelligent Health Information System, Zhengzhou 450001

Received date: 2024-01-02

  Revised date: 2024-03-17

  Online published: 2024-07-30

Supported by

This work is supported by the National Social Science Fund of China project titled “Research on Medical and Health Big Data Asset Management Model and Reuse Mechanism”(Grant No.21BTQ053).

Fold

Abstract

[Purpose/Significance] The purpose of this paper is to construct a privacy security evaluation system for mobile health applications, and to provide measurement tools and decision-making basis for privacy security evaluation and improvement of mobile health applications. [Method/Process] Based on the systematic research perspective, it took the procedural grounded theory method to encode and analyze the user interview data, and extracted the evaluation indicators affecting the privacy security of mobile health applications. It applied the fuzzy analytic hierarchy process to weight the evaluation indicators, and determined the privacy security evaluation system of mobile health applications. On this basis, it conducted an empirical test of the evaluation system with reference to the correlation coefficient test. [Result/Conclusion] This evaluation system includes five first-level indicators which are data governance guarantee, privacy risk control, health application vulnerability risk, privacy policy and privacy security cognition, and 20 corresponding second-level indicators. The empirical research results confirm that the evaluation system is reliable and effective. Finally, it identifies the key evaluation indicators and proposes targeted privacy security improvement suggestions accordingly.

Key words: mobile health applications; privacy security; privacy leakage; evaluation system

Cite this article

Zhai Yunkai , Zhou Fan , Zhang Kun . Construction and Empirical Research of Privacy Security Evaluation System for Mobile Health Applications[J]. Library and Information Service, 2024 , 68(14) : 3 -13 . DOI: 10.13266/j.issn.0252-3116.2024.14.001

References

[1] 李延晖,廖康,徐璐.电商平台与服务提供商的用户隐私信息管理策略研究[J].中国管理科学, 2022, 30(6):157-166.(LI Y H, LIAO K, XU L. Research on user's privacy information management strategies of e-commerce platform and service provider[J]. Chinese journal of management science, 2022, 30(6):157-166.)
[2] KRUPA Y, VERCOUTER L. Handling privacy as contextual integrity in decentralized virtual communities:the privaCIAS framework[J]. Web intelligence and agent systems, 2012, 10(1):105-116.
[3] 田波,郑羽莎,刘鹏远,等.移动APP用户隐私信息泄露风险评价指标及实证研究[J].图书情报工作, 2018, 62(19):101-110.(TIAN B, ZHENG Y S, LIU P Y, et al. The evaluation index and empirical study on risk of privacy information disclosure of mobile app users[J]. Library and information service, 2018, 62(19):101-110.)
[4] 赵杨,严周周,沈棋琦,等.基于机器学习的医疗健康APP隐私政策合规性研究[J].数据分析与知识发现, 2022, 6(5):112-126.(ZHAO Y, YAN Z Z, SHEN Q Q, et al. Evaluating privacy policy for mobile health apps with machine learning[J]. Data analysis and knowledge discovery, 2022, 6(5):112-126.)
[5] 张艳丰,邱怡.硬规则下我国移动阅读APP隐私政策合规性研究[J].现代情报, 2022, 42(1):167-176.(ZHANG Y F, QIU Y. Research on compliance of privacy policy of mobile reading app in China under hard rules[J]. Journal of modern information, 2022, 42(1):167-176.)
[6] 张艳丰,王羽西,彭丽徽.硬规则下移动短视频App隐私政策用户感知测度实证研究[J].情报理论与实践, 2021, 44(7):94-100, 110.(ZHANG Y F, WANG Y X, PENG L H. Empirical research on user perception measure of mobile short video app privacy policy under hard rules[J]. Information studies:theory&application, 2021, 44(7):94-100, 110.)
[7] 杨瑞仙,沈嘉宁,许帆,等.社交媒体APP隐私政策评价指标体系构建及实证研究[J].情报理论与实践, 2023, 46(1):81-89.(YANG R X, SHEN J N, XU F, et al. Construction of privacy policy evaluation index system for social media apps and empirical study[J]. Information studies:theory&application, 2023, 46(1):81-89.)
[8] BENJUMEA J, ROPERO J, RIVERA-ROMERO O, et al. Assessment of the fairness of privacy policies of mobile health apps:scale development and evaluation in cancer apps[J]. JMIR mHealth and uHealth, 2020, 8(7):e17134.
[9] BACHIRI M, IDRI A, FERNÁNDEZ-ALEMÁN J L, et al. Evaluating the privacy policies of mobile personal health records for pregnancy monitoring[J]. Journal of medical systems, 2018, 42(8):1-14.
[10] 赵静,丁一凡,赵旭阳.基于模糊层次分析法的社交媒体隐私安全量化评估研究[J].情报理论与实践, 2022, 45(9):135-141.(ZHAO J, DING Y F, ZHAO X Y. Research on quantitative evaluation of social media privacy security based on the fuzzy AHP[J]. Information studies:theory&application, 2022, 45(9):135-141.)
[11] ROCHA T, SOUTO E, EL-KHATIB K. Functionality-based mobile application recommendation system with security and privacy awareness[J]. Computers&security, 2020, 97(10):101972.
[12] ZAITSEVA E, HOVORUSHCHENKO T, PAVLOVA O, et al. Identifying the mutual correlations and evaluating the weights of factors and consequences of mobile application insecurity[J]. Systems, 2023, 11(5):242.
[13] 张晓娟,徐建光.政务APP个人隐私信息保护评价指标体系研究及实证分析[J].现代情报, 2019, 39(7):133-142.(ZHANG X J, XU J G. Research and empirical analysis on the evaluation system of personal privacy information protection in using government affairs apps[J]. Journal of modern information, 2019, 39(7):133-142.)
[14] 李青,苏明雪,聂含韵.教育类App隐私保护评价指标构建和保护现状研究[J].中国远程教育(综合版), 2022(9):69-77.(LI Q, SU M X, NIE H Y. Privacy protection for educational apps:evaluation indicator construction and the status quo in China[J]. Chinese journal of distance education, 2022(9):69-77.)
[15] 相甍甍,王晰巍,贾若男,等.移动商务中消费者个人隐私信息披露风险评价体系[J].图书情报工作, 2018, 62(18):34-44.(XIANG M M, WANG X W, JIA R N, et al. Research on the risk evaluation of consumers'privacy information disclosure in mobile commerce[J]. Library and information service, 2018, 62(18):34-44.)
[16] MOMENZADEH B, GOPAVARAM S, DAS S, et al. Bayesian evaluation of privacy-preserving risk communication for user android app preferences[J]. Information&computer security, 2021, 29(4):680-693.
[17] 王建亚,张欢,张坤.社交媒体用户隐私素养评价指标体系构建[J].图书馆论坛, 2024, 44(2):123-134.(WANG J Y, ZHANG H, ZHANG K. Construction of evaluation index system on privacy literacy of social media users[J]. Library tribune, 2024, 44(2):123-134.)
[18] 查先进,张坤,严亚兰.数字图书馆智能信息推荐服务满意度影响机理的扎根研究[J].情报学报, 2022, 41(1):83-95.(ZHA X J, ZHANG K, YAN Y L. Grounded research on the impacting mechanism of satisfaction with intelligent information recommendation services by digital libraries[J]. Journal of the China Society for Scientific and Technical Information, 2022, 41(1):83-95.)
[19] ZHAO Y, WU X, LI S. Perceived values to personal digital archives and their relationship to archiving behaviors:an exploratory research based on grounded theory[J]. Journal of librarianship and information science, 2023, 56(2):169063613.
[20] CHEN R, LIU Y. A study on Chinese audience's receptive behavior towards Chinese and Western cultural hybridity films based on grounded theory-taking Disney's animated film Turning Red as an example[J]. Behavioral sciences, 2023, 13(2):135.
[21] 冯姗,熊回香,黄吉桢,等.扎根理论视角下量化自我技术的示能性研究[J].图书情报工作, 2024, 68(3):59-70.(FENG S, XIONG H X, HUANG J Z, et al. Research on affordances of quantified self technology from the perspective of the grounded theory[J]. Library and information service, 2024, 68(3):59-70.)
[22] 赵光辉,李玲玲.大数据时代新型交通服务商业模式的监管--以网约车为例[J].管理世界, 2019, 35(6):109-118.(ZHAO G H, LI L L. The regulation of new traffic service business model in the era of big data:a case study of ride-hailing service[J]. Journal of management world, 2019, 35(6):109-118.)
[23] CULNAN M J, ARMSTRONG P K. Information privacy concerns, procedural fairness, and impersonal trust:an empirical investigation[J]. Organization science (Providence, R.I.), 1999, 10(1):104-115.
[24] XU H, DINEV T, SMITH J, et al. Information privacy concerns:linking individual perceptions with institutional privacy assurances[J]. Journal of the Association for Information Systems, 2011, 12(12):798-824.
[25] LUMINEAU F, WANG W, SCHILKE O. Blockchain governance-a new way of organizing collaborations?[J]. Organization science, 2021, 32(2):500-521.
[26] DINEV T, XU H, SMITH J H, et al. Information privacy and correlates:an empirical attempt to bridge and distinguish privacyrelated concepts[J]. European journal of information systems, 2013, 22(3):295-316.
[27] LIU Q, YAO M Z, YANG M, et al. Predicting users'privacy boundary management strategies on Facebook[J]. Chinese journal of communication, 2017, 10(3):295-311.
[28] KUNER C, CATE F H, MILLARD C, et al. Risk management in data protection[J]. International data privacy law, 2015, 5(2):95-98.
[29] FILATOTCHEV I, ZHANG X, PIESSE J. Multiple agency perspective, family control, and private information abuse in an emerging economy[J]. Asia Pacific journal of management, 2011, 28(1):69-93.
[30] 朱光,丰米宁,陈叶,等.大数据环境下社交网络隐私风险的模糊评估研究[J].情报科学, 2016, 34(9):94-98.(ZHU G, FENG M N, CHEN Y, et al. Research on fuzzy evaluation of privacy risk for social network in big data environment[J]. Journal science, 2016, 34(9):94-98.)
[31] KLARE G. The measurement of readability:useful information for communicators[J]. ACM journal of computer documentation, 2000, 24(3):107-121.
[32] 张明鑫,朱侯.隐私政策"霸王条款"特征及其作用机制的内容分析[J].情报学报, 2023, 42(9):1092-1102.(ZHANG M X, ZHU H. Characteristics of "malicious terms" in privacy policies and their interactive mechanisms based on content analysis[J]. Journal of the China Society for Scientific and Technical Information, 2023, 42(9):1092-1102.)
[33] ANTON A I, EARP J B, HE Q, et al. Financial privacy policies and the need for standardization[J]. IEEE security&privacy, 2004, 2(2):36-45.
[34] LIAO S, WILSON C, CHENG L, et al. Measuring the effectiveness of privacy policies for voice assistant applications[C]//Annual computer security applications conference. New York:Association for Computing Machinery, 2020:856-869.
[35] CHEN H, LI W. Mobile device users'privacy security assurance behavior:a technology threat avoidance perspective[J]. Information and computer security, 2017, 25(3):330-344.
[36] CHRISTOFIDES E, MUISE A, DESMARAIS S. Risky disclosures on Facebook:the effect of having a bad experience on online behavior[J]. Journal of adolescent research, 2012, 27(6):714-731.
[37] 陈昊,李文立,柯育龙.社交媒体持续使用研究:以情感响应为中介[J].管理评论, 2016, 28(9):61-71.(CHEN H, LI W L, KE Y L. Empirical study on continuous usage of social media:the mediating role of affect appeal[J]. Management review, 2016, 28(9):61-71.)
[38] 马骋宇,刘乾坤.移动健康应用程序的隐私政策评价及实证研究[J].图书情报工作, 2020, 64(7):46-55.(MA C Y, LIU Q K. Research on the privacy policy's evaluation and empirical study of mobile health applications[J]. Library and information service, 2020, 64(7):46-55.)
[39] ALTMAN I. Privacy regulation:culturally universal or culturally specific?[J]. Journal of social issues, 1977, 33(3):66-84.
[40] FRANCIS J J, JOHNSTON M, ROBERTSON C, et al. What is an adequate sample size?Operationalising data saturation for theory-based interview studies[J]. Psychology&health, 2010, 25(10):1229-1245.
[41] KELLEY H H, MICHELA J L. Attribution theory and research.[J]. Annual review of psychology, 1980, 31(1):457-501.
[42] BANDURA A. Human agency in social cognitive theory[J]. American psychologist, 1989, 44(9):1175-1184.
Options
Outlines

/

    Copyrights © LIS Press Co., Ltd. Reproduction is prohibited without permission.