Article Preview
Top1. Introduction
Health applications can be helpful for maintaining its users in a good health condition. However, they may also put their privacy at risk. In a survey published by Grundy et al. 2019 “79% of sampled apps shared user data” (Grundy et al. 2019 p.1). Oftentimes this data was analysed to customise advertisement and spread to other parties (business partners and even business partners of business partners) while users were re-identifiable which pose risks to user privacy (Grundy et al 2019). In particular, data-sharing behaviour was not transparent for users (Grundy et al. 2019). “Clinicians should be conscious of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy” (Grundy et al. 2019). Although there are media reports covering privacy risks of health apps, it seems that there is no awareness of these risks (Gerber et al. 2019). While it is widely known that business models of service providers that offer free services are based on the processing of used data, and concerns about the handling of private data are frequently expressed in the public, a lack in the understanding of the consequences of fraudulent behaviour can be observed (this is oftentimes also referred to as the privacy paradox; Gerber et al. 2019). Therefore, users are not able to identify the risks inherent in medical applications but are rather focused on the benefits that are promised. Hence, “health apps are a booming market at both patients and health professionals” (Grundy et al. 2019 p.1). This can also be seen in the sheer amount of different health applications dealing with wellness, fitness, diet but also diagnosis and management of severe health conditions (Evers-Wölk et al. 2018). Furthermore, health related applications gain in popularity (Robillard et al. 2019).
When dealing with privacy concerns related to health data, a distinction between medical devices and devices with medical functionality should be made. This differentiation is essential, as health data gained by devices with medical functionality (like most health applications for smartphones) are not subject of the strict data protection laws of medical records while medical devices (e.g. applications for the remote access of cardiac implantable electronic device) are subject to these regulations (Shah 2019). Furthermore, the applications and the hardware of devices with medical functionality are not addressed by international standards for ensuring security of medical devices (Shah 2019). Thus, there needs to be a special focus on the processes which shall ensure data privacy. Additionally, differences between the core factors of informational security and safety (confidentiality, integrity and availability) are considered.
Although there was intensive research on privacy concerns related to the use of medical devices as well as to the usage of devices with medical functionality to our best knowledge, there was no study that compared privacy concerns between users of these devices (figure 1). However, this promises to be an interesting research question for discussing the efficiency of legal protection of health data considering that both devices generate similar data but are not covered by the same regulations.
Figure 1. Research on privacy in the area of digital health
The main objective of the study is to investigate if there are differences between citizens’ awareness of risks to privacy when using devices with medical functionality and medical devices. It is assumed that there are differences as medical devices are strongly regulated while most devices with medical functionality are weaker regulated. For answering the research question, a survey is presented. The remainder of this paper is structured as follows. Chapter 2 introduces to the core theoretical foundations. Chapter 3 presents the methodology used to investigate user perceptions of privacy risks. Chapter 4 presents the results of the study. In chapter 5, we discuss the key implications and chapter 6 draws the main conclusions.