Leah R Fowler,Charlotte Gillard,Stephanie R Morain

DOI: https://doi.org/10.1177/1524839919899924

Abstract:Over 100 million women track their menstruation using mobile applications (apps). In addition to comparatively unremarkable personal information such as height and weight, these apps collect intimate data like characteristics of vaginal discharge and cervical position. In exchange, many apps claim to predict the timing and duration of menstruation and windows of fertility. From this information, users may modify their sexual behavior based on their reproductive intentions. Though these apps are popular, news reports and prior studies reveal that user expectations about privacy and accuracy often do not align with the content of terms of service and privacy policies. In this article, we analyzed the readability and accessibility of terms of service and privacy policies for 15 popular menstruation-tracking apps. We found that information about data-sharing practices and accuracy is often neither easily accessible nor understandable. As a result, terms of service and privacy policies likely obscure material information about privacy and accuracy, posing safety and reproductive health risks to users. To date, no regulatory body oversees or approves the vast majority of menstruation trackers, leaving the market open to apps that vary widely in quality, accuracy, and levels of protection. We encourage health care professionals to ask their patients and clients about app use and understanding, encourage them to review relevant app-specific information, and discourage use as contraception when indicated. We conclude with recommendations for future research to establish the appropriate standards of disclosure that should govern these and similar types of smartphone-based consumer health technologies.

Shalini Saini,Nitesh Saxena

2024-04-09

Abstract:FemTech, a rising trend in mobile apps, empowers women to digitally manage their health and family planning. However, privacy and security vulnerabilities in period-tracking and fertility-monitoring apps present significant risks, such as unintended pregnancies and legal consequences. Our approach involves manual observations of privacy policies and app permissions, along with dynamic and static analysis using multiple evaluation frameworks. Our research reveals that many of these apps gather personally identifiable information (PII) and sensitive healthcare data. Furthermore, our analysis identifies that 61% of the code vulnerabilities found in the apps are classified under the top-ten Open Web Application Security Project (OWASP) vulnerabilities. Our research emphasizes the significance of tackling the privacy and security vulnerabilities present in period-tracking and fertility-monitoring mobile apps. By highlighting these crucial risks, we aim to initiate a vital discussion and advocate for increased accountability and transparency of digital tools for women's health. We encourage the industry to prioritize user privacy and security, ultimately promoting a safer and more secure environment for women's health management.

Cryptography and Security,Emerging Technologies

Yawen Guo,Rachael Zehrung,Katie Genuario,Xuan Lu,Qiaozhu Mei,Yunan Chen,Kai Zheng

2023-11-20

Abstract:Abortion is a controversial topic that has long been debated in the US. With the recent Supreme Court decision to overturn Roe v. Wade, access to safe and legal reproductive care is once again in the national spotlight. A key issue central to this debate is patient privacy, as in the post-HITECH Act era it has become easier for medical records to be electronically accessed and shared. This study analyzed a large Twitter dataset from May to December 2022 to examine the public's reactions to Roe v. Wade's overruling and its implications for privacy. Using a mixed-methods approach consisting of computational and qualitative content analysis, we found a wide range of concerns voiced from the confidentiality of patient-physician information exchange to medical records being shared without patient consent. These findings may inform policy making and healthcare industry practices concerning medical privacy related to reproductive rights and women's health.

Human-Computer Interaction

Muhammad Hassan,Mahnoor Jameel,Tian Wang,Masooda Bashir

DOI: https://doi.org/10.48550/arXiv.2310.14490

IF: 6.4588

2023-10-23

Human-Computer Interaction

Abstract:FemTech or Female Technology, is an expanding field dedicated to providing affordable and accessible healthcare solutions for women, prominently through Female Health Applications that monitor health and reproductive data. With the leading app exceeding 1 billion downloads, these applications are gaining widespread popularity. However, amidst contemporary challenges to women's reproductive rights and privacy, there is a noticeable lack of comprehensive studies on the security and privacy aspects of these applications. This exploratory study delves into the privacy risks associated with seven popular applications. Our initial quantitative static analysis reveals varied and potentially risky permissions and numerous third-party trackers. Additionally, a preliminary examination of privacy policies indicates non-compliance with fundamental data privacy principles. These early findings highlight a critical gap in establishing robust privacy and security safeguards for FemTech apps, especially significant in a climate where women's reproductive rights face escalating threats.

Najd Alfawzan,Markus Christen,Giovanni Spitale,Nikola Biller-Andorno

DOI: https://doi.org/10.2196/33735

2022-05-06

Abstract:Background: Women's mobile health (mHealth) is a growing phenomenon in the mobile app global market. An increasing number of women worldwide use apps geared to female audiences (female technology). Given the often private and sensitive nature of the data collected by such apps, an ethical assessment from the perspective of data privacy, sharing, and security policies is warranted. Objective: The purpose of this scoping review and content analysis was to assess the privacy policies, data sharing, and security policies of women's mHealth apps on the current international market (the App Store on the Apple operating system [iOS] and Google Play on the Android system). Methods: We reviewed the 23 most popular women's mHealth apps on the market by focusing on publicly available apps on the App Store and Google Play. The 23 downloaded apps were assessed manually by 2 independent reviewers against a variety of user data privacy, data sharing, and security assessment criteria. Results: All 23 apps collected personal health-related data. All apps allowed behavioral tracking, and 61% (14/23) of the apps allowed location tracking. Of the 23 apps, only 16 (70%) displayed a privacy policy, 12 (52%) requested consent from users, and 1 (4%) had a pseudoconsent. In addition, 13% (3/23) of the apps collected data before obtaining consent. Most apps (20/23, 87%) shared user data with third parties, and data sharing information could not be obtained for the 13% (3/23) remaining apps. Of the 23 apps, only 13 (57%) provided users with information on data security. Conclusions: Many of the most popular women's mHealth apps on the market have poor data privacy, sharing, and security standards. Although regulations exist, such as the European Union General Data Protection Regulation, current practices do not follow them. The failure of the assessed women's mHealth apps to meet basic data privacy, sharing, and security standards is not ethically or legally acceptable.

Konrad Kollnig,Lu Zhang,Jun Zhao,Nigel Shadbolt

DOI: https://doi.org/10.48550/arXiv.2302.13585

2023-02-27

Computers and Society

Abstract:Privacy in apps is a topic of widespread interest because many apps collect and share large amounts of highly sensitive information. In response, China introduced a range of new data protection laws over recent years, notably the Personal Information Protection Law (PIPL) in 2021. So far, there exists limited research on the impacts of these new laws on apps' privacy practices. To address this gap, this paper analyses data collection in pairs of 634 Chinese iOS apps, one version from early 2020 and one from late 2021. Our work finds that many more apps now implement consent. Yet, those end-users that decline consent will often be forced to exit the app. Fewer apps now collect data without consent but many still integrate tracking libraries. We see our findings as characteristic of a first iteration at Chinese data regulation with room for improvement.

Shuai Li,Zhemin Yang,Nan Hua,Peng Liu,Xiaohan Zhang,Guangliang Yang,Min Yang

DOI: https://doi.org/10.1145/3548606.3559371

2022-01-01

Abstract:ABSTRACTRecent years have witnessed the interesting trend that modern mobile apps perform more and more likely as user-to-user platforms, where app users can be freely and conveniently connected. Upon these platforms, rich and diverse data is often delivered across users, which brings users great conveniences and plentiful services, but also introduces privacy security concerns. While prior work has primarily studied illegitimate personal data collection problems in mobile apps, few paid little attention to the security of this emerging user-to-user platform feature, thus providing a rather limited understanding of the privacy risks in this aspect. In this paper, we focus on the security of the user-to-user platform feature and shed light on its caused insufficiently-studied but critical privacy risk, which is brought forward by cross-user personal data over-delivery (denoted as XPO). For the first time, this paper reveals the landscape of such XPO risk in wild, along with prevalence and severity assessment. To achieve this, we design a novel automated risk detection framework, named XPOChecker, that leverages the advantages of machine learning and program analysis to extensively and precisely identify potential privacy risks during user-to-user connections, and regulate whether the delivered data is legitimate or not. By applying XPOChecker on 13,820 real-world popular Android apps, we find that XPO is prevalent in practice, with 1,902 apps (13.76%) being affected. In addition to the mere exposure of diverse private user data which causes serious and broad privacy infringement, we demonstrate that the XPO exploits can invalidate privacy preservation mechanisms, leak business secrets, and even restore the sensitive membership of victims which potentially poses personal safety threats. Furthermore, we also confirm the existence of XPO risks in iOS apps for the first time. Last, to help understand and prevent XPO, we have responsibly launched two notification campaigns to inform the developers of the affected apps, with the conclusion of five underlying lessons from developers' feedback. We hope our work can make up for the deficiency of the understandings of XPO, help developers avoid XPO, and motivate further researches.

Deborah Lupton

DOI: https://doi.org/10.1080/13691058.2014.920528

2014-06-11

Abstract:Digital health technologies are playing an increasingly important role in healthcare, health education and voluntary self-surveillance, self-quantification and self-care practices. This paper presents a critical analysis of one digital health device: computer apps used to self-track features of users' sexual and reproductive activities and functions. After a review of the content of such apps available in the Apple App Store and Google Play™ store, some of their sociocultural, ethical and political implications are discussed. These include the role played by these apps in participatory surveillance, their configuration of sexuality and reproduction, the valorising of the quantification of the body in the context of neoliberalism and self-responsibility, and issues concerning privacy, data security and the use of the data collected by these apps. It is suggested that such apps represent sexuality and reproduction in certain defined and limited ways that work to perpetuate normative stereotypes and assumptions about women and men as sexual and reproductive subjects. Furthermore there are significant ethical and privacy implications emerging from the use of these apps and the data they produce. The paper ends with suggestions concerning the 'queering' of such technologies in response to these issues.

social sciences, biomedical,family studies

Gioacchino Tangari,Muhammad Ikram,Kiran Ijaz,Mohamed Ali Kaafar,Shlomo Berkovsky

DOI: https://doi.org/10.1136/bmj.n1248

2021-06-16

BMJ

Abstract:Abstract Objectives To investigate whether and what user data are collected by health related mobile applications (mHealth apps), to characterise the privacy conduct of all the available mHealth apps on Google Play, and to gauge the associated risks to privacy. Design Cross sectional study Setting Health related apps developed for the Android mobile platform, available in the Google Play store in Australia and belonging to the medical and health and fitness categories. Participants Users of 20 991 mHealth apps (8074 medical and 12 917 health and fitness found in the Google Play store: in-depth analysis was done on 15 838 apps that did not require a download or subscription fee compared with 8468 baseline non-mHealth apps. Main outcome measures Primary outcomes were characterisation of the data collection operations in the apps code and of the data transmissions in the apps traffic; analysis of the primary recipients for each type of user data; presence of adverts and trackers in the app traffic; audit of the app privacy policy and compliance of the privacy conduct with the policy; and analysis of complaints in negative app reviews. Results 88.0% (n=18 472) of mHealth apps included code that could potentially collect user data. 3.9% (n=616) of apps transmitted user information in their traffic. Most data collection operations in apps code and data transmissions in apps traffic involved external service providers (third parties). The top 50 third parties were responsible for most of the data collection operations in app code and data transmissions in app traffic (68.0% (2140), collectively). 23.0% (724) of user data transmissions occurred on insecure communication protocols. 28.1% (5903) of apps provided no privacy policies, whereas 47.0% (1479) of user data transmissions complied with the privacy policy. 1.3% (3609) of user reviews raised concerns about privacy. Conclusions This analysis found serious problems with privacy and inconsistent privacy practices in mHealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mHealth apps.

Huiyi Wang,Liu Wang,Haoyu Wang

DOI: https://doi.org/10.48550/arXiv.2012.10866

2020-12-20

Software Engineering

Abstract:To help curb the spread of the COVID-19 pandemic, governments and public health authorities around the world have launched a number of contact-tracing apps. Although contact tracing apps have received extensive attentions from the research community, no existing work has characterized the users' adoption of contact tracing apps from the app market level. In this work, we perform the first market-level analysis of contact tracing apps. We perform a longitudinal empirical study (over 4 months) of eight government-backed COVID-19 contact tracing apps in iOS app store. We first collect all the daily meta information (e.g., app updates, app rating, app comments, etc.) of these contact tracing apps from their launch to 2020-07-31. Then we characterize them from release practice, app popularity, and mobile users' feedback. Our study reveals various issues related to contact tracing apps from the users' perspective, hoping to help improve the quality of contact tracing apps and thus achieving a high level of adoption in the population.

Rachele Hendricks-Sturrup,Christine Y Lu

DOI: https://doi.org/10.2196/41937

2023-03-10

Abstract:Background: The June 2022 US Supreme Court decision to ban abortion care in Dobbs v Jackson Women's Health Organization sparked ominous debate about the privacy and safety of women and families of childbearing age with digital footprints who actively engage in family planning, including abortion and miscarriage care. Objective: To assess the perspectives of a subpopulation of research participants of childbearing age regarding the health-relatedness of their digital data, their concerns about the use and sharing of personal data online, and their concerns about donating data from various sources to researchers today or in the future. Methods: An 18-item electronic survey was developed using Qualtrics and administered to adults (aged ≥18 years) registered in the ResearchMatch database in April 2021. Individuals were invited to participate in the survey regardless of health status, race, gender, or any other mutable or immutable characteristics. Descriptive statistical analyses were conducted using Microsoft Excel and manual queries (single layer, bottom-up topic modeling) and used to categorize illuminating quotes from free-text survey responses. Results: A total of 470 participants initiated the survey and 402 completed and submitted the survey (for an 86% completion rate). Nearly half the participants (189/402, 47%) self-reported to be persons of childbearing age (18 to 50 years). Most participants of childbearing age agreed or strongly agreed that social media data, email data, text message data, Google search history data, online purchase history data, electronic medical record data, fitness tracker and wearable data, credit card statement data, and genetic data are health-related. Most participants disagreed or strongly disagreed that music streaming data, Yelp review and rating data, ride-sharing history data, tax records and other income history data, voting history data, and geolocation data are health-related. Most (164/189, 87%) participants were concerned about fraud or abuse based on their personal information, online companies and websites sharing information with other parties without consent, and online companies and websites using information for purposes that are not explicitly stated in their privacy policies. Free-text survey responses showed that participants were concerned about data use beyond scope of consent; exclusion from health care and insurance; government and corporate mistrust; and data confidentiality, security, and discretion. Conclusions: Our findings in light of Dobbs and other related events indicate there are opportunities to educate research participants about the health-relatedness of their digital data. Developing strategies and best privacy practices for discretion regarding digital-footprint data related to family planning should be a priority for companies, researchers, families, and other stakeholders.

Joydeep Mitra

DOI: https://doi.org/10.48550/arXiv.2207.08978

2022-07-21

Abstract:With the onset of COVID-19, governments worldwide planned to develop and deploy contact tracing (CT) apps to help speed up the contact tracing process. However, experts raised concerns about the long-term privacy and security implications of using these apps. Consequently, several proposals were made to design privacy-preserving CT apps. To this end, Google and Apple developed the Google/Apple Exposure Notification (GAEN) framework to help public health authorities develop privacy-preserving CT apps. In the United States, 26 states used the GAEN framework to develop their CT apps. In this paper, we empirically evaluate the US-based GAEN apps to determine 1) the privileges they have, 2) if the apps comply with their defined privacy policies, and 3) if they contain known vulnerabilities that can be exploited to compromise privacy. The results show that all apps violate their stated privacy policy and contain several known vulnerabilities.

Cryptography and Security,Computers and Society

Leonardo Horn Iwaya,M. Ali Babar,Awais Rashid,Chamila Wijayarathna

DOI: https://doi.org/10.1007/s10664-022-10236-0

2022-01-22

Abstract:An increasing number of mental health services are offered through mobile systems, a paradigm called mHealth. Although there is an unprecedented growth in the adoption of mHealth systems, partly due to the COVID-19 pandemic, concerns about data privacy risks due to security breaches are also increasing. Whilst some studies have analyzed mHealth apps from different angles, including security, there is relatively little evidence for data privacy issues that may exist in mHealth apps used for mental health services, whose recipients can be particularly vulnerable. This paper reports an empirical study aimed at systematically identifying and understanding data privacy incorporated in mental health apps. We analyzed 27 top-ranked mental health apps from Google Play Store. Our methodology enabled us to perform an in-depth privacy analysis of the apps, covering static and dynamic analysis, data sharing behaviour, server-side tests, privacy impact assessment requests, and privacy policy evaluation. Furthermore, we mapped the findings to the LINDDUN threat taxonomy, describing how threats manifest on the studied apps. The findings reveal important data privacy issues such as unnecessary permissions, insecure cryptography implementations, and leaks of personal data and credentials in logs and web requests. There is also a high risk of user profiling as the apps' development do not provide foolproof mechanisms against linkability, detectability and identifiability. Data sharing among third parties and advertisers in the current apps' ecosystem aggravates this situation. Based on the empirical findings of this study, we provide recommendations to be considered by different stakeholders of mHealth apps in general and apps developers in particular. [...]

Cryptography and Security,Computers and Society

Saad Sajid Hashmi,Nazar Waheed,Gioacchino Tangari,Muhammad Ikram,Stephen Smith

DOI: https://doi.org/10.48550/arXiv.2106.10035

2021-07-28

Abstract:Contemporary mobile applications (apps) are designed to track, use, and share users' data, often without their consent, which results in potential privacy and transparency issues. To investigate whether mobile apps have always been (non-)transparent regarding how they collect information about users, we perform a longitudinal analysis of the historical versions of 268 Android apps. These apps comprise 5,240 app releases or versions between 2008 and 2016. We detect inconsistencies between apps' behaviors and the stated use of data collection in privacy policies to reveal compliance issues. We utilize machine learning techniques for the classification of the privacy policy text to identify the purported practices that collect and/or share users' personal information, such as phone numbers and email addresses. We then uncover the data leaks of an app through static and dynamic analysis. Over time, our results show a steady increase in the number of apps' data collection practices that are undisclosed in the privacy policies. This behavior is particularly troubling since privacy policy is the primary tool for describing the app's privacy protection practices. We find that newer versions of the apps are likely to be more non-compliant than their preceding versions. The discrepancies between the purported and the actual data practices show that privacy policies are often incoherent with the apps' behaviors, thus defying the 'notice and choice' principle when users install apps.

Cryptography and Security

Konrad Kollnig,Lu Zhang,Jun Zhao,Nigel Shadbolt

DOI: https://doi.org/10.1016/j.clsr.2024.106041

IF: 2.707

2024-09-03

Computer Law & Security Review

Abstract:Privacy in apps is a topic of widespread interest because many apps collect and share large amounts of highly sensitive information. In response, the Chinese legislator introduced a range of new data protection laws over recent years, notably the Personal Information Protection Law (PIPL) in 2021. So far, there exists limited research on the impacts of these new laws on apps' privacy practices. To address this gap, this paper analyses data collection in pairs of 634 Chinese iOS apps, one version from early 2020 and one from late 2021. Our work finds that many more apps now implement consent. Yet, those end-users that decline consent will often be forced to exit the app. Fewer apps now collect data without consent but many still integrate tracking libraries. Market concentration in app data collection has seen limited change. At the same time, there exists a larger number of influential and equal market participants than in the West. Among them, Apple was the only relevant foreign company. We see our findings characteristic of a first iteration at Chinese data regulation with room for improvement. With the help of enhanced technological capabilities, we expect increased enforcement of the new data rules. There is also room to refine the new laws and make them more targeted at mobile apps and the online sphere, particularly through clear and up-to-date technical specifications for software developers. As such, our findings could also be motivation for non-Chinese policy- and lawmakers to enhance their own data protection regimes.

law

Jody Farnden,Ben Martini,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.48550/arXiv.1505.02906

2015-05-12

Abstract:Dating apps for mobile devices, one popular GeoSocial app category, are growing increasingly popular. These apps encourage the sharing of more personal information than conventional social media apps, including continuous location data. However, recent high profile incidents have highlighted the privacy risks inherent in using these apps. In this paper, we present a case study utilizing forensic techniques on nine popular proximity-based dating apps in order to determine the types of data that can be recovered from user devices. We recover a number of data types from these apps that raise concerns about user privacy. For example, we determine that chat messages could be recovered in at least half of the apps examined and, in some cases, the details of any users that had been discovered nearby could also be extracted.

Computers and Society

Muhammad Ajmal Azad,Junaid Arshad,Syed Muhammad Ali Akmal,Farhan Riaz,Sidrah Abdullah,Muhammad Imran,Farhan Ahmad

DOI: https://doi.org/10.1109/JIOT.2020.3024180

2020-09-17

Abstract:Today's smartphones are equipped with a large number of powerful value-added sensors and features, such as a low-power Bluetooth sensor, powerful embedded sensors, such as the digital compass, accelerometer, GPS sensors, Wi-Fi capabilities, microphone, humidity sensors, health tracking sensors, and a camera, etc. These value-added sensors have revolutionized the lives of the human being in many ways, such as tracking the health of the patients and the movement of doctors, tracking employees movement in large manufacturing units, monitoring the environment, etc. These embedded sensors could also be used for large-scale personal, group, and community sensing applications especially tracing the spread of certain diseases. Governments and regulators are turning to use these features to trace the people's thoughts to have symptoms of certain diseases or viruses, e.g., COVID-19. The outbreak of COVID-19 in December 2019, has seen a surge of the mobile applications for tracing, tracking, and isolating the persons showing COVID-19 symptoms to limit the spread of the disease to the larger community. The use of embedded sensors could disclose private information of the users, thus potentially bring a threat to the privacy and security of users. In this article, we analyzed a large set of smartphone applications that have been designed to contain the spread of the COVID-19 virus and bring the people back to normal life. Specifically, we have analyzed what type of permission these smartphone apps require, whether these permissions are necessary for the track and trace, how data from the user devices are transported to the analytic center, and analyzing the security measures these apps have deployed to ensure the privacy and security of users.

Yuanyuan Feng,Brad Stenger,Shikun Zhang

DOI: https://doi.org/10.2196/57309

2024-08-29

Abstract:Background: The COVID-19 pandemic gave rise to countless user-facing mobile apps to help fight the pandemic ("COVID-19 mitigation apps"). These apps have been at the center of data privacy discussions because they collect, use, and even retain sensitive personal data from their users (eg, medical records and location data). The US government ended its COVID-19 emergency declaration in May 2023, marking a unique time to comprehensively investigate how data privacy impacted people's acceptance of various COVID-19 mitigation apps deployed throughout the pandemic. Objective: This research aims to provide insights into health data privacy regarding COVID-19 mitigation apps and policy recommendations for future deployment of public health mobile apps through the lens of data privacy. This research explores people's contextual acceptance of different types of COVID-19 mitigation apps by applying the privacy framework of contextual integrity. Specifically, this research seeks to identify the factors that impact people's acceptance of data sharing and data retention practices in various social contexts. Methods: A mixed methods web-based survey study was conducted by recruiting a simple US representative sample (N=674) on Prolific in February 2023. The survey includes a total of 60 vignette scenarios representing realistic social contexts that COVID-19 mitigation apps could be used. Each survey respondent answered questions about their acceptance of 10 randomly selected scenarios. Three contextual integrity parameters (attribute, recipient, and transmission principle) and respondents' basic demographics are controlled as independent variables. Regression analysis was performed to determine the factors impacting people's acceptance of initial data sharing and data retention practices via these apps. Qualitative data from the survey were analyzed to support the statistical results. Results: Many contextual integrity parameter values, pairwise combinations of contextual integrity parameter values, and some demographic features of respondents have a significant impact on their acceptance of using COVID-19 mitigation apps in various social contexts. Respondents' acceptance of data retention practices diverged from their acceptance of initial data sharing practices in some scenarios. Conclusions: This study showed that people's acceptance of using various COVID-19 mitigation apps depends on specific social contexts, including the type of data (attribute), the recipients of the data (recipient), and the purpose of data use (transmission principle). Such acceptance may differ between the initial data sharing and data retention practices, even in the same context. Study findings generated rich implications for future pandemic mitigation apps and the broader public health mobile apps regarding data privacy and deployment considerations.

Chao Liu,Yuanshi Jiao,Licong Su,Wenna Liu,Haiping Zhang,Sheng Nie,Mengchun Gong

DOI: https://doi.org/10.2196/preprints.46455

IF: 7.076

2024-08-22

Journal of Medical Internet Research

Abstract:Background: Pregnancy and gestation information is routinely recorded in electronic medical record (EMR) systems across China in various data sets. The combination of data on the number of pregnancies and gestations can imply occurrences of abortions and other pregnancy-related issues, which is important for clinical decision-making and personal privacy protection. However, the distribution of this information inside EMR is variable due to inconsistent IT structures across different EMR systems. A large-scale quantitative evaluation of the potential exposure of this sensitive information has not been previously performed, ensuring the protection of personal information is a priority, as emphasized in Chinese laws and regulations. Objective: This study aims to perform the first nationwide quantitative analysis of the identification sites and exposure frequency of sensitive pregnancy and gestation information. The goal is to propose strategies for effective information extraction and privacy protection related to women's health. Methods: This study was conducted in a national health care data network. Rule-based protocols for extracting pregnancy and gestation information were developed by a committee of experts. A total of 6 different sub–data sets of EMRs were used as schemas for data analysis and strategy proposal. The identification sites and frequencies of identification in different sub–data sets were calculated. Manual quality inspections of the extraction process were performed by 2 independent groups of reviewers on 1000 randomly selected records. Based on these statistics, strategies for effective information extraction and privacy protection were proposed. Results: The data network covered hospitalized patients from 19 hospitals in 10 provinces of China, encompassing 15,245,055 patients over an 11-year period (January 1, 2010-December 12, 2020). Among women aged 14-50 years, 70% were randomly selected from each hospital, resulting in a total of 1,110,053 patients. Of these, 688,268 female patients with sensitive reproductive information were identified. The frequencies of identification were variable, with the marriage history in admission medical records being the most frequent at 63.24%. Notably, more than 50% of female patients were identified with pregnancy and gestation history in nursing records, which is not generally considered a sub–data set rich in reproductive information. During the manual curation and review process, 1000 cases were randomly selected, and the precision and recall rates of the information extraction method both exceeded 99.5%. The privacy-protection strategies were designed with clear technical directions. Conclusions: Significant amounts of critical information related to women's health are recorded in Chinese routine EMR systems and are distributed in various parts of the records with different frequencies. This requires a comprehensive protocol for extracting and protecting the information, which has been demonstrated to be technically feasible. Implementing a data-based strategy will enhance the protection of women's privacy and improve the accessibility of health care services.

health care sciences & services,medical informatics