Towards a contextual theory of Mobile Health Data Protection (MHDP): A realist perspective
Introduction
In the digital health era, traditional models of care delivery have been transformed thanks to information technology-enabled services and business models [[1], [2], [3]]. A prominent ecosystem for effective care delivery is mobile health (mHealth) [4,5]. Internet-connected mHealth devices provide ubiquitous access to care providers to obtain personal health data. Meanwhile, patients can easily share their health information and receive health advice [6]. However, adoption and effective use of mHealth is tempered by data protection concerns [7,8]. From the perspective of both patients and providers, failures in the protection of personal health data are highly controversial and consequential [2,9]. This concern also is reflected in the World Health Organization (WHO) reports on mHealth and digital intervention, which highlighted calls for actions, policy and legal attention to ensure effective data protection [10,11].
Researchers have also documented several cases in mHealth context where mobile app developers are not transparent about data protection and also introduce intentional or by-product risks to effective data protection [12]. Furthermore, technical assessments of mHealth apps have revealed that several supposedly secure apps in healthcare did not adequately protect patient data. For example, a recent study on data sharing of top-rated mHealth apps in four developed countries found that the majority of the included apps for analysis shared personal data with third parties, ranging from birthday and email to medical conditions, and symptoms [13]. A similar study on 79 certified clinical apps showed security vulnerabilities and breaches such as sending sensitive information without encryption and authorized access to user data [14].
Effective data protection in mHealth is a technical and social phenomenon. Apart from technical elements such as a system’s privacy and security safeguards, social elements such as patients’ trust and clinicians’ practices in using the system play important roles in mHealth data protection failure and success [[15], [16], [17]]. As evident in our literature review, there is a paucity of theories that address the context-specific social and technical aspects of mHealth data protection. To advance the knowledge in this highly important context and embarking on the realist review approach, we aim to provide a theoretical model of failures and successes in mHealth data protection that is grounded in emerging evidence. By applying this approach, we sought to answer the following overarching research questions:
- 1
In what circumstances (contexts and mechanisms) is mHealth data protection most likely to be failed or successful?
- 2
What are the potential outcomes of mHealth data protection failures or successes?
Answering these questions can enhance our understanding of health data protection and more importantly facilitates theorizing the phenomena of mHealth data protection. Thereby, we move toward theorizing the phenomena by unpacking the context-mechanism-outcome (CMO) relationships and explaining the impacts of mHealth data protection failures and successes.
The rest of this paper is organized as follows: First, we describe our methodological approach in conducting the realist review. Next, we demonstrate our results in two sections: study characteristics and main findings, followed by a discussion of the mechanisms and outcome in the mHealth context. Finally, the conclusions are presented.
Section snippets
Methods
As our research aimed to provide a contextualized explanation of failures and successes of mHealth data protection, we adopted a realist review approach. Particular assumptions that realist review has about the nature of reality and causation make this theory-driven approach different from other types of reviews [18,19]. In this perspective, causal associations are influenced by the setting and context [20].
In conducting this review, we followed systematic steps recommended by Templier and Paré
Results
Fig. 1 shows the selection process. Our electronic search returned a total of 606 records from three databases. Also, five more articles were identified through other sources (e.g., reference check), making the initial set of 611 identified records. After removing duplicates, we screened 460 records at the title/abstract level. Of these, 372 articles were excluded for various reasons, leaving 88 potentially eligible articles. We then obtained and inspected the full-text of the articles based on
Discussion
Our realist review revealed nine mechanisms as the fundamental drivers of mHealth data protection failures and success. In this section, we discuss the details of these key mechanisms and their outcomes. Building on a realist perspective, we demonstrate how mechanisms of mHealth data protection failure and success are invoked and consequently generate specific outcomes.
Conclusion
mHealth systems are designed to support caregivers and healthcare organizations, and enable patients to receive high-quality health services. It is important to use the system in a way that increases medical task performance. However, with neglecting data protection aspects, success in health service excellence simply cannot be achieved. To make an effective mHealth intervention, the dark side of system use (data breaches) must be mitigated and remediated. This requires an understanding of the
Authors' contributions
JP, SA and FF conceptualized and designed the study. JP conducted the literature search and reviewed the identified records based on inclusion/exclusion criteria. JP synthesized the included articles and formulated the initial theoretical model. JP and SA developed the final model. JP wrote a first draft of the manuscript with intellectual input from SA and FF. All authors contributed to the final version.
Declaration of Competing Interest
The authors have no competing interests to declare.
References (56)
- et al.
Explaining how unexploded ordnance clearance enhances livelihoods in the Lao PDR
Eval. Program Plann.
(2016) - et al.
Google glass in pediatric surgery: an exploratory study
Int. J. Surg.
(2014) - et al.
Sociotechnical analysis of nurses’ use of personal mobile phones at work
Int. J. Med. Inform.
(2016) - et al.
Digital transformation and disruption of the health care sector: internet-based observational study
J. Med. Internet Res.
(2018) - et al.
Research commentary—The digital transformation of healthcare: current status and the road ahead
Inf. Syst. Res.
(2010) - et al.
Capitalizing on health information technology to enable digital advantage in US hospitals
MIS Q.
(2019) - et al.
Advantages of mobile health in the management of adult patients with congenital heart disease
Int. J. Med. Inform.
(2019) - et al.
Growth, and reality of mobile health — Another data-free zone
N. Engl. J. Med.
(2017) - et al.
Mobile health (mHealth) channel preference: an integrated perspective of approach-avoidance beliefs and regulatory focus
J. Assoc. Inf. Syst.
(2019) - et al.
m-Health adoption by healthcare professionals: a systematic review
J. Am. Med. Inform. Assoc.
(2015)
Mobile devices and health
N. Engl. J. Med.
Proactive versus reactive security investments in the healthcare sector
MIS Q.
mHealth: New Horizons for Health Through Mobile Technologies
WHO Guideline: Recommendations on Digital Interventions for Health System Strengthening
Availability and quality of mobile health app privacy policies
J. Am. Med. Inform. Assoc.
Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis
BMJ
Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment
BMC Med.
Early psychosis service user views on digital technology: qualitative analysis
JMIR Ment. Health
Use of text messaging in general practice: a mixed methods investigation on GPs’ and patients’ views
Br. J. Gen. Pract.
How secure is mental health providers’ electronic patient communication? An empirical investigation
Prof. Psychol. Res. Pract.
The Science of Evaluation: a Realist Manifesto
What’s in a mechanism? Development of a key concept in realist evaluation
Implement. Sci.
A framework for guiding and evaluating literature reviews
Commun. Assoc. Inf. Syst.
The essential impact of context on organizational behavior
Acad. Manage. Rev.
A realist review of shared medical appointments: how, for whom, and under what circumstances do they work?
BMC Health Serv. Res.
Research Synthesis and Meta-Analysis: a Step-by-Step Approach
Rigor in information systems positivist case research: current practices, trends, and recommendations
MIS Q.
Internet-based medical education: a realist review of what works, for whom and in what circumstances
BMC Med. Educ.
Cited by (12)
A systematic analysis of failures in protecting personal health data: A scoping review
2024, International Journal of Information ManagementPerceived security of BYOD devices in medical institutions
2022, International Journal of Medical InformaticsData privacy concerns and use of telehealth in the aged care context: An integrative review and research agenda
2022, International Journal of Medical InformaticsCitation Excerpt :This context is comprised of users, systems, services (and related tasks), and data. Seminal studies in health information systems and medical informatics have emphasized contextualization approaches for building a better understanding of system use [66–69]. For example, the use of patients’ portal and Electronic Health Records have been studied in a contextualized approach [34,70].
Profiling adopters (and non-adopters) of a contact tracing mobile application: Insights from Australia
2021, International Journal of Medical InformaticsCitation Excerpt :Whereas governments have traditionally used apps for communication purposes, digital tracing is perceived to harvest information that would not usually be perceived as the government’s business (e.g. where you go and who you meet). This can trigger a host of privacy considerations and concerns about whether the right safeguards are in place to handle the information collected appropriately [14]. Political allegiance could influence download behaviour in two ways.
Telemedicine with special focus on allergic diseases and asthma—Status 2022: An EAACI position paper
2024, Allergy: European Journal of Allergy and Clinical Immunology