Background: Healthcare services are undergoing a digital transformation in which the Participatory Health Informatics field has a key role. Within this field, studies aimed to assess the quality of digital tools, including mHealth apps, are conducted. Privacy is one dimension of the quality of a mHealth app. Privacy consists of several components, including organizational, technical and legal safeguards. Within legal safeguards, giving transparent information to the users on how their data is handled is crucial. This information is usually disclosed to users through the privacy policy document. Assessing the quality of a privacy policy is a complex task and several scales supporting this process have been proposed in the literature. However, these scales are heterogeneous and even not very objective. In our previous study, we proposed a checklist of items guiding the assessment of the quality of a mHealth app privacy policy, based on the General Data Protection Regulation.
Objective: To refine the robustness of our General Data Protection Regulation-based privacy scale to assess the quality of a mHealth app privacy policy, to identify new items, and to assign weights for every item in the scale.
Methods: A two-round modified eDelphi study was conducted involving a privacy expert panel.
Results: After the Delphi process, all the items in the scale were considered "important" or "very important" (4 and 5 in a 5-point Likert scale, respectively) by most of the experts. One of the original items was suggested to be reworded, while 8 tentative items were suggested. Only 2 of them were finally added after Round 2. 11 of the 16 items in the scale were considered "very important" (weight of 1), while the other 5 were considered "important" (weight of 0.5).
Conclusions: The Benjumea privacy scale is a new robust tool to assess the quality of a mHealth app privacy policy, providing a deeper and complementary analysis to other scales that assesses the general quality. Also, this robust scale provides a guideline for the development of high-quality privacy policies of mHealth apps.
Keywords: participatory health informatics; mHealth apps; privacy policies; assessment scale; GDPR;