Empirical Analysis of Sri Lankan Mobile Health Ecosystem: A Precursor to an Effective Stakeholder Engagement

Kenneth Thilakarathna,Sachintha Pitigala,Jayantha Fernando,Primal Wijesekera
2024-07-18
Abstract:Sri Lanka recently passed its first privacy legislation covering a wide range of sectors, including health. As a precursor for effective stakeholder engagement in the health domain to understand the most effective way to implement legislation in healthcare, we have analyzed 41 popular mobile apps and web portals. We found that 78% of the tested systems have third-party domains receiving sensitive health data with minimal visibility to the consumers. We discuss how this will create potential issues in preparing for the new privacy legislation.
Cryptography and Security,Computers and Society,Human-Computer Interaction,Software Engineering
What problem does this paper attempt to address?
### What problems does this paper attempt to solve? This paper aims to solve the problems faced by the mobile health ecosystem in Sri Lanka during the implementation of privacy legislation. Specifically, by analyzing 41 popular mobile applications and web portals, the author explores how to effectively implement privacy legislation in the healthcare field. The following are the main problems that this paper attempts to solve: 1. **Compliance with privacy legislation**: - Sri Lanka has recently passed its first privacy legislation (PDPA), covering multiple fields including healthcare. However, many mobile health applications and websites do not fully comply with these regulations. - The research found that 78% of the tested systems send sensitive health data to third parties, with almost no transparency for consumers. 2. **Third - party data sharing issues**: - Many mobile health applications and websites share sensitive health information with third parties (such as Google Analytics, Facebook, etc.), which may lead to user privacy leakage. - The widespread existence of third - party data sharing makes it complex to ensure data security and privacy protection. 3. **Lack of transparency and privacy policies**: - Most of the tested health systems do not have clear privacy policies or fail to disclose their third - party data sharing behavior in the privacy policies. - This lack of transparency does not meet the requirements of the new privacy legislation and also increases the user's privacy risk. 4. **Costs and challenges in preparing to deal with the new privacy legislation**: - Developers and medical institutions need to understand and adapt to the new privacy legislation requirements, which involve challenges in terms of cost, responsibility, and technical implementation. - For example, obtaining users' informed consent, managing cross - border data transmission, and providing data subject rights are all urgent problems to be solved. 5. **Stakeholder participation and understanding**: - In order to effectively implement privacy legislation, all stakeholders (such as medical institutions, developers, patients, and legal practitioners) must fully understand their responsibilities and the challenges they face. - Provide scientific basis for relevant parties through empirical research to help them better understand and deal with the new privacy regulations. ### Summary The core objective of this paper is to use the current "golden period" to provide a scientific basis for the healthcare field in Sri Lanka through empirical analysis, ensuring that relevant institutions and stakeholders can fully understand and comply with the new privacy legislation, thereby establishing a more transparent and secure mobile health ecosystem.