Background: With the introduction of privacy regulations such as the California Consumer Privacy Act and the European Union General Data Protection Regulation (GDPR), effective data protection in mobile health (mHealth) is rapidly becoming a concern. However, we have a limited understanding of the contexts and mechanisms that affect the likelihood of failures and successes in mHealth data protection, and their subsequent impacts. In this review and theory development paper, we aim to address this critical knowledge gap.
Method: We conducted a systematic literature search using PubMed, Embase, and Scopus databases. To synthesize the evidence, we adopted a realist review approach and compiled the extracted information based on context-mechanism-outcome (CMO) configurations. Out of an initial set of 611 records, 19 articles met the eligibility criteria and were included.
Results: Our findings indicate that the failures and successes in data protection and their impacts (effective mHealth interventions, data protection awareness, and adoption/use of mHealth systems) depend contingently upon a number of contextual factors (systems, users, tasks, services, geographic elements) and causal mechanisms (unauthorized access, device theft, loss, and sharing, lack of cyber-hygiene, and data protection concerns for failures, and trust building activity, secure and law compliant platforms, and perceived data protection, for successes). We conceptualized the CMO configurations to provide explanations for the reported failures and successes in data protection.
Conclusion: For effective mHealth interventions, the dark side of system use (data breaches) must be mitigated and remediated. Our study offers a theoretical model that contextually explains how the mechanisms of success and failures work in mHealth.
Keywords: Cybersecurity; Data privacy; Data protection; Information systems; Mobile health.
Copyright © 2020. Published by Elsevier B.V.