Need for the development of a specific regulatory framework for evaluation of mobile health apps in Peru: systematic search on app stores and content analysis

Abstract

Background: In Peru, there is an increase in the creation of mobile health (mHealth) apps; however, this situation could present problems related to the quality of information these apps share, data security and privacy, usability, and effectiveness, as there is no specific local regulation about their creation and use. Objective: The objective of this study was to review mHealth apps created, uploaded, or used in Peru, and perform an analysis of the national regulatory framework that could be applied to evaluate whether there is a need to develop and implement a specific regulation to these apps. Methods: A total of 3 reviews were performed. First, we reviewed information about Peruvian mHealth apps created up to May 2019 from scientific publications, news, government communications, and virtual stores, and evaluated their purpose, creator, and the available evidence of their usability and effectiveness. The second review was carried out by taking a sample of the 10 most commonly used mHealth apps in Peru (regardless of the country of creation), to evaluate the information they collect and classify them according to the possible risks that they could present in terms of security and privacy. In addition, we evaluated whether they refer to or endorse the information they provided. Finally, in the third review, we searched for Peruvian standards related to electronic health (eHealth) that involve information technology that can be applied to regulate these apps. Results: A total of 66 apps meeting our inclusion criteria were identified; of these, 47% (n=31) belonged to government agencies and 47% (n=31) were designed for administrative purposes (private and government agencies). There was no evidence about the usability or effectiveness of any of these apps. Concerning the 10 most commonly used mHealth apps in Peru, about the half of them gathered user information that could be leaked, changed, or lost, thus posing a great harm to their users or to their related patients. In addition, 6/10 (60%) of these apps did not mention the source of the information they provided. Among the Peruvian norms, the Law on the Protection of Personal Data, Law on Medical Devices, and administrative directives on standards and criteria for health information systems have some regulations that could be applied to these apps; however, these do not fully cover all aspects concerning the evaluation of security and privacy of data, quality of provided information, and evidence of an app’s usability and effectiveness.