Security and Privacy Policy Assessment in Mobile Health Applications: A Literature Review

Currently, the availability of mobile health (mHealth) applications is growing, implying the development and effectiveness of healthcare facilities. However, the sensitive medical information potentially intrudes into the privacy and security of users which has not been acknowledged by the user. The lack of guidance regarding privacy policy assessment causes concern with the development of privacy policy requirements based on privacy and security dimensions. This study objectives to identify the requirements of the privacy policy in mHealth applications. A narrative review has been conducted using keywords to find related open-source literature published from 2015 to 2022 from Science Direct, PMC, and PubMed databases to identify the privacy and security assessments based on the perspective of mHealth App research. A total of 17 articles were reviewed using the keywords “privacy policy” AND “privacy” AND “security” AND “mobile health”. Three major requirements were found related to privacy and security frameworks namely consistency and transparency, data management and processing, and interconnected-data arrangement. Consistency and transparency involve clear processes, data types, legal safeguards, access provisions, data sharing transparency, and data quality maintenance. Data management and processing require disclosure mechanisms, robust technical security measures, and protocols for vulnerable users. Lastly, an interconnected data arrangement should include data arrangement identification, data sharing policies, and data interconnection procedures.