健康信息技术的隐私实践:隐私政策风险评估研究与拟议指南。
Privacy Practices of Health Information Technologies: Privacy Policy Risk Assessment Study and Proposed Guidelines.
机构信息
Brain and Mind Centre, The University of Sydney, Camperdown, Australia.
出版信息
J Med Internet Res. 2021 Sep 16;23(9):e26317. doi: 10.2196/26317.
BACKGROUND
Along with the proliferation of health information technologies (HITs), there is a growing need to understand the potential privacy risks associated with using such tools. Although privacy policies are designed to inform consumers, such policies have consistently been found to be confusing and lack transparency.
OBJECTIVE
This study aims to present consumer preferences for accessing privacy information; develop and apply a privacy policy risk assessment tool to assess whether existing HITs meet the recommended privacy policy standards; and propose guidelines to assist health professionals and service providers with understanding the privacy risks associated with HITs, so that they can confidently promote their safe use as a part of care.
METHODS
In phase 1, participatory design workshops were conducted with young people who were attending a participating headspace center, their supportive others, and health professionals and service providers from the centers. The findings were knowledge translated to determine participant preferences for the presentation and availability of privacy information and the functionality required to support its delivery. Phase 2 included the development of the 23-item privacy policy risk assessment tool, which incorporated material from international privacy literature and standards. This tool was then used to assess the privacy policies of 34 apps and e-tools. In phase 3, privacy guidelines, which were derived from learnings from a collaborative consultation process with key stakeholders, were developed to assist health professionals and service providers with understanding the privacy risks associated with incorporating HITs as a part of clinical care.
RESULTS
When considering the use of HITs, the participatory design workshop participants indicated that they wanted privacy information to be easily accessible, transparent, and user-friendly to enable them to clearly understand what personal and health information will be collected and how these data will be shared and stored. The privacy policy review revealed consistently poor readability and transparency, which limited the utility of these documents as a source of information. Therefore, to enable informed consent, the privacy guidelines provided ensure that health professionals and consumers are fully aware of the potential for privacy risks in using HITs to support health and well-being.
CONCLUSIONS
A lack of transparency in privacy policies has the potential to undermine consumers' ability to trust that the necessary measures are in place to secure and protect the privacy of their personal and health information, thus precluding their willingness to engage with HITs. The application of the privacy guidelines will improve the confidence of health professionals and service providers in the privacy of consumer data, thus enabling them to recommend HITs to provide or support care.
背景
随着健康信息技术(HIT)的普及,人们越来越需要了解使用这些工具可能带来的潜在隐私风险。尽管隐私政策旨在告知消费者,但这些政策一直被发现令人困惑且缺乏透明度。
目的
本研究旨在展示消费者对访问隐私信息的偏好;开发并应用隐私政策风险评估工具,以评估现有的 HIT 是否符合推荐的隐私政策标准;并提出指导方针,以帮助卫生专业人员和服务提供者了解与 HIT 相关的隐私风险,从而有信心地推广其作为护理一部分的安全使用。
方法
在第 1 阶段,与参加参与式 headspace 中心的年轻人、他们的支持人员以及中心的卫生专业人员和服务提供者一起进行了参与式设计研讨会。研究结果进行了知识转化,以确定参与者对隐私信息的呈现和可用性以及支持其交付所需的功能的偏好。第 2 阶段包括开发 23 项隐私政策风险评估工具,该工具纳入了国际隐私文献和标准的材料。然后使用该工具评估了 34 个应用程序和电子工具的隐私政策。在第 3 阶段,从与利益相关者的协作咨询过程中得出的隐私指南,旨在帮助卫生专业人员和服务提供者了解将 HIT 纳入临床护理的隐私风险。
结果
在考虑使用 HIT 时,参与式设计研讨会的参与者表示,他们希望隐私信息易于访问、透明且用户友好,以便他们能够清楚地了解将收集哪些个人和健康信息以及如何共享和存储这些数据。隐私政策审查显示出一贯较差的可读性和透明度,这限制了这些文件作为信息来源的实用性。因此,为了实现知情同意,隐私指南确保卫生专业人员和消费者充分了解在使用 HIT 支持健康和福祉时存在隐私风险的可能性。
结论
隐私政策缺乏透明度有可能破坏消费者对确保和保护其个人和健康信息隐私的必要措施的信任能力,从而阻止他们愿意使用 HIT。隐私指南的应用将提高卫生专业人员和服务提供者对消费者数据隐私的信心,从而使他们能够推荐 HIT 以提供或支持护理。
Zotero 插件