Article Preview
TopIntroduction
Mobile devices have become essential objects that we all depend on in our daily lives. With the advancement of computing and technology, we can conduct all kinds of tasks using mobile devices by just connecting to the internet and having sufficient processing power. This improvement in technology has also led to advancements in using mobile devices to enhance the healthcare industry (Sim, 2019; Zhou et al., 2019). Nowadays, patients can benefit from mobile health applications to help them get proper medical care and/or facilitate how they receive medical care. The shift from traditional medical services, where patients need to go physically to the medical care facility, imposes substantial challenges in terms of the security and privacy of this type of activity. Patients can now consult a physician without having to physically go to a medical care facility; they can request to book online appointments, send private messages to the physicians, check the lab and radiology reports, and complete many other medical-related tasks that were not possible before the era of mobile health applications. However, the security and privacy challenges imposed by these applications raise concerns to the patients and health providers because of the sensitive and private nature of the data processed by these applications. Furthermore, it is crucial that mobile health applications comply with security and privacy regulations set by regulators to ensure that healthcare providers are preserving patients’ data privacy.
Recently, healthcare providers in Saudi Arabia migrated many services to mobile health applications to enhance the patient experience, increase efficiency, and optimize resource utilization. In fact, mobile health applications collect a lot of data from users to help them better comprehend their health status and to promote their overall well-being. These applications also store and process other sensitive information, such as users’ health-related data, location, lists of contacts, and personal photographs (Papageorgiou et al., 2018; Yasini & Marchand, 2015). Yet, these health applications need to comply with the Saudi Arabia’s Personal Data Protection Law (PDPL) to ensure the patients’ sensitive information is protected and properly handled. Also, many of these applications have not been tested properly in terms of efficacy and safety (Armontrout et al., 2018). The need for proper verification and checking the security of this mobile health application is more important when it comes to elderly people who might have limited knowledge about the way these applications should be used and how to interact with the healthcare provider via the app (Davidson & Jensen, 2013; Harrington et al., 2018).
In 2016, the European Union (EU) proposed the General Data Protection Regulation (GDPR) (Li et al., 2019; Tankard, 2016; Truong et al., 2021; Voigt & von dem Bussche, 2017; Zhang et al., 2018), marking a significant milestone in the EU’s recent accomplishments. This regulation replaced the 1995 Data Protection Directive, which was established during the early stages of the internet’s development. The GDPR sets the base guidelines for any technology provider who might be dealing with, directly or indirectly, personal data and information. The GDPR directly impacts any technology platform that collects, stores, and manages personal data. The regulation is considered a massive transformation in how service providers can and should deal with users’ data in a way that guarantees the safety of data and ensures its privacy preservation (Houser & Voss, 2018; Wachter, 2018; Zaeem & Barber, 2020). The GDPR sets the guidelines on how data should be processed, and some of these guiding principles of data protection include: Lawfulness, Fairness and Transparency, Purpose Limitation, Data Minimization, Accuracy, Storage Limitation, Integrity and Confidentiality, and Accountability (Gruschka et al., 2018; Houser & Voss, 2018). The risk of not complying with the GDPR can result in serious financial fines by regulators, just like what happened to Amazon and Google when they were fined for non-compliance, for which they paid $887 million and $391.5 million, respectively (Kendra Barnett, n.d.; Shead, 2021).