information systems research articles

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Publications
Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

Advanced Search
Journal List
Healthcare (Basel)

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

Puspita kencana sari.

1 Faculty of Computer Science, Universitas Indonesia, Depok 16424, Indonesia

2 Faculty of Economic & Business, Telkom University, Bandung 40257, Indonesia

Putu Wuri Handayani

Achmad nizar hidayanto, setiadi yazid, rizal fathoni aji, associated data.

Search results are available from the authors.

This study aims to review the literature on antecedent factors of information security related to the protection of health information systems (HISs) in the healthcare organization. We classify those factors into organizational and individual aspects. We followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework. Academic articles were sourced from five online databases (Scopus, PubMed, IEEE, ScienceDirect, and SAGE) using keywords related to information security, behavior, and healthcare facilities. The search yielded 35 studies, in which the three most frequent individual factors were self-efficacy, perceived severity, and attitudes, while the three most frequent organizational factors were management support, cues to action, and organizational culture. Individual factors for patients and medical students are still understudied, as are the organizational factors of academic healthcare facilities. More individual factors have been found to significantly influence security behavior. Previous studies have been dominated by the security compliance behavior of clinical and non-clinical hospital staff. These research gaps highlight the theoretical implications of this study. This study provides insight for managers of healthcare facilities and governments to consider individual factors in establishing information security policies and programs for improving security behavior.

1. Introduction

The implementation of health information systems (HISs) by healthcare providers has positive value in properly managing healthcare information but also has negative impacts, such as security and privacy risks. HISs are vulnerable to violations of information security and privacy. Openness and connectedness with many heterogeneous stakeholders in the health network also increase these risks [ 1 ]. The healthcare industry lags far behind other sectors in terms of digital literacy and information security, making them a primary target [ 2 ]. Serious data breach incidents in the healthcare industry have occurred in health insurance institutions in the United States [ 3 , 4 ], health research institutes in the United Kingdom [ 5 ], providers of general laboratory testing services and specialized diagnostics in Canada [ 6 ], and hospital networks [ 7 ] and blood donor agencies in Singapore [ 8 ]. Security breaches target different types of healthcare organizations, although HIPAA Journal [ 9 ] states that 75% of data breaches occur in healthcare providers. Therefore, healthcare providers must maintain the confidentiality, availability, and integrity of patient health information [ 10 , 11 , 12 ] as part of their healthcare service delivery.

Several aspects can make the medical environment especially challenging to manage in terms of security. Healthcare has a larger risk of insider threats than the banking and insurance industries, which both hold and manage highly sensitive information [ 13 ]. The medical setting is strongly influenced by ethical considerations for various professions [ 14 ], affecting their decisions and behavior. Communication and trust issues between medical personnel and patients [ 15 , 16 ] play a fundamental role in patient care. Network expansion of healthcare service providers promotes the policy of sharing data between related parties [ 17 ], which increases the susceptibility of patient information transferred via electronic forms, including data ownership issues [ 18 ], responsibility for ensuring confidentiality [ 19 ], and responsibility for data integrity [ 20 ]. Health facilities are open public organizations [ 14 ], causing difficulties in access control and physical security [ 21 ], even though they have higher vulnerability to information security risks [ 16 ]. Insider threats posed by people with legitimate access to information systems can come from temporary staff, such as medical students, residents, or interns, who have the same need for access to medical data as permanent employees [ 14 , 16 ]. Most healthcare organizations do not prioritize information security in their resource allocation [ 14 ], as healthcare services are their primary business. Employees have different values and norms for information security [ 22 , 23 , 24 ] because it is often seen as hampering productivity in healthcare, especially in emergencies; thus, the level of negligence in security controls is relatively high [ 14 ]. In healthcare, there is not the same degree of worry or caution as in certain other sectors, including the banking industry [ 25 ]. These conditions emphasize that security behavior is a significant factor influencing healthcare organizations’ security effectiveness [ 26 ].

Health information is considered to be the most confidential information among other types of personal information [ 14 ]. It has a high value on the black market and, thus, becomes the target of organized criminal networks [ 27 ]. Some possible impacts include threats to patients based on their medical condition, financial losses and loss of resources, death, serious injury, illegal sales of limited medical equipment and medicines, loss of organizational reputation, and failure to achieve the organization’s mission and goals [ 28 , 29 ]. The most extensive health data breaches have occurred internally, with most incidents being errors and incidents of misuse [ 30 , 31 ]. Previous studies [ 22 , 32 , 33 ] have revealed cases of security breaches caused by human factors. Therefore, information security management in healthcare organizations should encourage good security behavior among employees and other related parties.

Information security behavior is essential in order to ensure that information assets are well protected [ 34 ]. Information-security-related behavior is defined as employee behavior in using organizational information systems, including hardware, software, networks, etc., that have security implications [ 35 ] as a function of the information security components defined by information security policy [ 36 , 37 ]. A previous study by Guo [ 35 ] classified security behaviors into four categories: (1) Security assurance behavior refers to the employee’s deliberate behavior to protect the organization’s information system, where this action is beyond policymakers’ expectations. (2) Security-compliant behavior refers to intentional or unintentional behavior that does not violate an organization’s information security policy, as policymakers expect. (3) Security risk-taking behavior refers to intentional employee behavior that can carry security risks for the organization’s information system, even if the employee has no motive for causing damage. (4) Security-damaging behavior refers to intentional employee behavior that can damage the security of an organization’s information system.

Security assurance and security-compliant behavior are considered desirable security behavior (DSB) because they can promote the effectiveness of information security designed by an organization. Meanwhile, security risk-taking and security-damaging behavior are considered undesirable security behavior (USB) that employees must avoid. In the healthcare context, most studies on security behavior have focused on factors that affect DSB, such as compliance with the Health Insurance Portability and Accountability Act (HIPAA)’s security and privacy rules or information security policy. Other studies have also investigated factors influencing USB, such as the intention to disclose patient information. Management can optimize the factors that drive DSB and anticipate the factors that drive USB. Therefore, it is necessary to understand the antecedent factors of both DSB and USB in the healthcare context.

Several previous studies conducted systematic literature reviews related to information security in the health context, such as [ 38 , 39 ], which focused on technical aspects and information security control. In comparison, systematic literature reviews related to information security behavior and culture [ 40 , 41 , 42 , 43 , 44 , 45 , 46 , 47 ] have not focused on the healthcare context. We found two articles [ 48 , 49 ] presenting systematic literature reviews concerning information security behavior in health organizations. The study by Page [ 48 ] discussed organizational culture in general but did not focus on healthcare organizations. The review by Yeng et al. [ 49 ] investigated healthcare professionals’ individual factors that can influence their information security practices, including psychological, social, cultural, and demographic factors. However, organizational factors also significantly influence information security practices and behaviors [ 50 , 51 ]. Thus, the present study aims to fill the gap in previous systematic reviews [ 49 ] by exploring individual and organizational factors that influence information security behavior in healthcare organizations.

In the literature on this research topic, the terms “information security” and “cybersecurity” are frequently used synonymously. Cybersecurity is related to the data in cyberspace, in contrast to information security, which is the protection of all information [ 52 ]. In smaller healthcare facilities, it is possible that HISs’ implementation will not always be online. HIS security risks include medical staff members directly disclosing patient information to their families. Therefore, this study focuses on information security behavior. We investigated the research trends and antecedent factors of information security behavior in the healthcare context involving various types of HIS users in healthcare organizations, including clinical staff, non-clinical staff, and patients. Specifically, we asked the following research question: “What are the research trends and antecedent factors of information security behavior in health information systems from organizational and individual perspectives?”

To answer this research question, we adopted a systematic literature review methodology. To conduct and report our review, we used the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) statement [ 53 ]. PRISMA emphasizes methods through which researchers may guarantee the transparent and thorough reporting of systematic reviews [ 54 ]. PRISMA 2020 updates the PRISMA 2009 statement, which includes 27-item checklists, a flow diagram, and an explanation [ 53 ]. The choice of a systematic review will provide us the opportunity to inquire into present trends in the emphasis placed on security behavior, security threats, and the variables that affect how users behave while protecting health information.

This study is expected to have theoretical and practical implications. First, this study provides a systematic overview for researchers of antecedent factors of information security behavior, specifically in healthcare organizations. Second, this study determines the organizational and individual elements mapped to USB and DSB from HIS users. These findings can provide insight to managers in healthcare organizations to help them design information security policies and programs to prevent information security breaches, especially for internal threats. Third, this study can provide lessons for regulators to develop information security regulations in the healthcare industry—especially for information security governance and culture.

2. Materials and Methods

This study adopted the PRISMA 2020 framework ( Table S1: PRISMA 2020 Checklist ) [ 53 ]. PRISMA has been used in previous studies in the field of information systems primarily related to health services, such as user acceptance of hospital information systems [ 55 ], security and privacy in electronic health records [ 38 , 39 ], and information security culture in general [ 44 ]. This shows that information system studies can also use PRISMA in the context of health and information security.

2.1. Eligibility Criteria

We determined four inclusion criteria (IC) for this study, as follows: (IC1) original scientific articles, including research articles, conference papers, and systematic reviews; (IC2) full-text articles available and written in English; (IC3) the research examines factors that influence information security behavior; (IC4) the research investigates health information protection in healthcare organizations. For removing irrelevant studies, the following exclusion criteria (EC) were applied: (EC1) articles duplicated in another repository; (EC2) articles that report on information security behavior from multisector organizations—not specifically in the healthcare sector; (EC3) studies that evaluate information security behavior without uncovering any antecedent factors; (EC4) studies that explore HIS security in organizations other than healthcare organizations.

2.2. Search Strategy

The second step was determining the sources of information, keywords, and journal repositories. The keywords used reflected three categories: terms related to information security, behavior, and health organizations. The keywords used in searching the repositories were as follows: (“information security” OR “cybersecurity”) AND (“behavior” OR “awareness” OR “compliance” OR “practice”) AND (“hospital” OR “clinic” OR “health”). Five journal repositories were used as sources of information: ScienceDirect, PubMed, SAGE, IEEE, and Scopus. We applied a filter for publication type to retrieve only journal articles and conference papers. To explore all possible studies, there was no publication time limit. The search process was carried out in February 2022 and focused on five databases: ScienceDirect, Medline/PubMed, SAGE, IEEE Xplore, and Scopus. We exported all of the search results into BibTeX or RIS files. We imported those files into Mendeley as a reference tool to check for duplicates and conduct further analysis.

2.3. Data Items and Synthesis

The next step was to analyze some attributes of the articles collected—namely, the author names, publication year, source type, name of the journal or conference, country of study or author affiliation, research methods, sample unit (i.e., respondent), healthcare organization type, variables used in the research model, and foundational theory. The selected studies focus on factors that influence the information security behavior of HIS users who have access to patients’ health data in healthcare organizations. Articles discussing information security behavior in organizations in general but covering the health industry were excluded. After reducing the duplicate results from the repositories, we screened the reports by examining their titles and abstracts. Furthermore, the examination was carried out by searching for full-text articles of some candidates and assessing whether the articles met the inclusion criteria. If a paper met the criteria, it was added to the selected studies. The results of the selected studies are summarized in a table ( Table S2: Summary of selected studies ).

3.1. Study Selection

The search results from the specified databases returned 5573 studies with the defined keywords. Duplicate records were removed, resulting in 4677 records being screened in the next step. The title and abstract screening resulted in the exclusion of 4496 records with no mention of information security behavior in healthcare. Consequently, 181 articles were sought for retrieval, but 28 reports did not meet IC2 (no access to full text and not written in English). Next, 153 full-text articles were assessed for eligibility; 83 papers did not meet IC3 (no focus on factors influencing information security behavior), and 35 papers did not meet IC4. Performing the final step of the review resulted in 35 studies. Figure 1 shows the complete steps of the PRISMA workflow carried out in this study.

An external file that holds a picture, illustration, etc.
Object name is healthcare-10-02531-g001.jpg

PRISMA workflow diagram (IC = Inclusion Criteria).

3.2. Study Characteristics

Figure 2 shows trends in research on information security behavior in healthcare from 2008 to 2021. We identified the first study published in 2008. One selected study in 2022 was excluded due to a lack of data to represent the year (until February 2022). The study trend increased significantly in 2020 (seven studies), which might have been a response to the COVID-19 outbreak. Healthcare providers had to change how to provide services to patients by adopting various technological solutions, which increased their vulnerability to cyberattacks [ 56 ]. During the COVID-19 pandemic, the most common cyberattacks in the health sector were ransomware and phishing attacks caused by human factors and a lack of security awareness [ 56 ]. The number of studies has doubled since 2020, but only two of the studies reviewed [ 57 , 58 ] mention COVID-19 in their discussion. The number of studies decreased slightly in 2021 (five studies) but was still higher than in previous years. Figure 2 shows the summary of selected studies for further analysis. The detailed list of selected studies is available in the Supplementary Materials (Table S2: Summary of selected studies) .

An external file that holds a picture, illustration, etc.
Object name is healthcare-10-02531-g002.jpg

Research trends.

Of the 35 studies included in this review, we analyzed the distribution according to the countries where the studies took their samples or were conducted. Table 1 shows that developed countries dominate the studies related to information security behavior in healthcare organizations. Most of the studies involved respondents or participants from the United States (11 studies), Taiwan (five studies), the Republic of Korea (four studies), Germany (four studies), Malaysia (two studies), Saudi Arabia (two studies), Norway (one study), and Spain (one study). One study took samples from Ireland, Italy, and Greece. There were only four studies from developing countries: South Africa (two studies), India (one study), and Indonesia (one study). The categories of developed and developing countries used in this study refer to their gross national income per capita per year as calculated by the World Bank Atlas [ 59 ].

Countries involved in the selected studies.

Regarding the organization type, most studies were conducted in hospitals. Table 2 shows that 23 studies examined information security behavior in hospitals only. Five studies involved hospitals and other healthcare providers, such as private clinics, physical therapy facilities, mental healthcare facilities, nursing homes, public health centers, and physicians’ offices. Two investigated nursing schools, and two investigated academic medical centers. In the remaining three studies, the type of healthcare organization was not specified.

Types of organizations involved in the selected studies.

Table 3 shows the study characteristics according to the respondents or participants. Most of the studies involved clinical staff (25 studies), such as doctors, dentists, nurses, pharmacists, physical therapists, and nutritionists. Twenty-one studies involved non-clinical staff as respondents, such as administration staff, information technology (IT) staff, human resources experts, privacy officers, top-level management, and psychologists. In addition to the permanent staff of healthcare organizations, five studies investigated the information security behavior of temporary staff, such as medical students and interns. A single study took patients as respondents to measure their behavior in protecting personal information managed by medical facilities.

Respondents involved in the selected studies.

The research methods ( Table 4 ) were primarily quantitative, surveying respondents through questionnaires (27 studies). Some studies complemented their surveys with experiments to observe actual behavior. Seven studies used qualitative methods—both empirical (i.e., interview) and analytical (i.e., literature review and conceptual models). Meanwhile, two other studies used mixed methods (i.e., survey and interview).

Research methods of the selected studies.

Table 5 shows where the selected studies were published. Most of the selected studies were journal articles (25 studies). Three sources contained more than one selected study. Meanwhile, nine studies were published in conference proceedings, with two of these sources containing more than one selected study.

Source of the selected studies.

Table 6 defines 20 distinct theories adopted as foundational in the selected studies. Most studies used a combination of two or more theories. The theories used in multiple studies were the theory of planned behavior (TPB; 10 studies), general deterrence theory (GDT; nine studies), protection motivation theory (PMT; eight studies), health belief model (HBM; five studies), and theory acceptance model (TAM; four studies). The TPB explains that social pressure and cognitive thinking influence individual behavior [ 86 ]. GDT describes how security behavior is influenced by deterrence beliefs and fears [ 87 ]. PMT is involved in the development of the HBM, which explains how individuals carry out a cognitive evaluation to determine appropriate behavior based on the ability to deal with threats [ 88 , 89 ]. The TAM provides a model of how people come to acknowledge and utilize technology [ 90 ]. However, the TPB was only adopted in studies related to DSB, while other frequent theories were adopted in both DSB and USB research.

Foundational theories in the selected studies.

Table 7 depicts the variance in the types of information security behavior examined in the selected studies. DSB was the most observed behavior (25 studies), with behavioral concerns with respect to compliance with information security policy and regulations (17 studies) or performing security protection according to best practices (eight studies). USB was examined in seven studies, with concerns including risky security practices (four studies) and information security policy violations (three studies). Meanwhile, three studies investigated security behavior with respect to both secure and insecure practices among HIS users.

Security behaviors investigated in the selected studies.

3.3. Security Threat Model

A healthcare facility bases its information security policy on the security risk profile of the organization. The risk can be determined from security threats that may occur in the organization or refer to similar organizations as benchmarks. Previous studies [ 91 ] revealed that the most critical security threat in an HIS is a power failure, followed by human error and technological failures. Other studies [ 32 , 92 ] identified that most security threats were related to human behavior, such as password sharing, missing records, email misrouting, theft on the premises, procedures not followed, and the establishment of improper HIS privileges.

The selected studies also mention some threats and vulnerabilities to be addressed by improving information security protection by modifying the healthcare staff’s behavior. Since this systematic review focuses on the information security behavior of HIS users, most of the selected studies only show possible threats posed by insiders. We modeled the threat from selected studies by referring to [ 93 ] in breaking down the threat action, health information assets, vulnerabilities, and potential control actions. Threat action and control were classified based on ISO 27799:2016 [ 14 ] as the information security standard for health information. Figure 3 depicts various types of threats to health information, especially with insiders as the source. The number in the bar shows the number of selected studies mentioning the threat.

An external file that holds a picture, illustration, etc.
Object name is healthcare-10-02531-g003.jpg

Threat actions were discussed in the selected studies.

Here, we discuss the top three security threat actions discussed in the selected studies. The greatest security threat is the unauthorized use of the HIS (11 studies). This threat can lead to incident events because of vulnerabilities in the healthcare facilities—for example, lack of security awareness and policy compliance [ 11 , 50 , 58 , 70 , 81 , 82 ], use of multiple entry points to access electronic medical records [ 49 , 65 ] and forgetting to log out after using the HIS at an unattended workstation [ 85 ]. The second-greatest threat is masquerading by insiders, such as staff accessing the HIS without using their own account (seven studies). The vulnerabilities that can be exploited by this threat are weak information security policy compliance [ 57 , 81 ], weak access control management [ 67 , 83 , 84 , 85 ], and sharing of workstations to access the HIS [ 25 ]. The third-greatest threat is user error in handling information (six studies). This threat can be triggered by the weakness of information security policy compliance [ 57 , 74 ], ignorance of the risk involved [ 11 ], poor security skills and security monitoring [ 1 ], low user education, and lack of awareness of information security [ 50 , 75 ].

There are some actions that cannot be classified into threat types according to ISO 27799:2016 Annex A [ 14 ]. An example would be a nurse intentionally disclosing a patient’s health information to their family [ 64 , 77 , 79 ] with the assumption that this would make the medical treatment more efficient and benefit the healthcare facility. Meanwhile, an operation error in ISO 27799:2016 [ 14 ] refers to the unintentional disclosure of confidential information. Some selected studies [ 26 , 51 , 61 , 66 , 72 , 76 ] do not mention the threat action specifically but only describe a violation of the information security policy or regulation and health information leakage in a healthcare organization.

3.4. Antecedent Factors of Security Behavior

Antecedent factors were gathered from research variables that were proven to be significant in empirical studies included in this review. Of the 35 selected studies, four were conceptual studies and, thus, were excluded from the analysis. There were 59 different variables as antecedent factors that significantly influence information security behavior directly and indirectly. The number of variables shows enormous variation in information security behavior research in healthcare. The variables are also related to the various foundational theories in the selected studies. Some factors are derived from frequent foundational theories, i.e., the TPB, PMT, GDT, and HBM. This shows that information security behavior studies are likely to use approaches from psychology (TPB and PMT), criminology (GDT), and public health (HBM) [ 94 ].

Meanwhile, factors adopted from the information system domain (TAM) are mostly insignificant in influencing security behavior. These variables were grouped into individual and organizational factors and then mapped into two types of security behavior. Human factors in cybersecurity are better viewed from various perspectives. Some previous studies [ 51 , 61 ] agree that employee security behavior can be influenced by two types of factors—namely, organizational factors and individual factors.

3.4.1. Individual Factors

Individual or personal factors investigate the individual reasoning and decision-making behind security behavior [ 95 ]. This study identified 31 distinct individual factors ( Table 8 ) from the selected studies that empirically influence information security behavior. Fifteen factors appear in multiple studies. Four of them influence DSB and USB, examined in different studies.

Individual factors as antecedents of security behavior.

Notes: DSB = desirable security behavior (such as compliance behavior, protection behavior, etc.); USB = undesirable security behavior (such as risk-taking behavior, non-compliance, etc.); N/A = not applicable (no selected studies using the factor); CS = clinical staff; NS = non-clinical staff; MS = medical student.

The most frequent individual factor in the selected studies was self-efficacy (12 studies) derived from PMT. Almost half of the desirable security behavior studies observed that self-efficacy positively and significantly influences information security behavior directly [ 1 , 23 , 51 , 57 , 61 , 72 , 74 , 75 ] and indirectly [ 62 , 63 , 70 ], through other variables (e.g., perceived behavioral control and avoidance motivation). The other most frequent factors were perceived severity (10 studies) and perceived susceptibility (4 studies). Perceived severity positively influences security compliance behavior [ 65 , 71 , 74 , 75 , 81 ] and assurance behavior [ 62 , 63 ] or negatively influences damaging behavior [ 76 ]. Perceived susceptibility also positively influences compliance behavior [ 65 , 71 , 74 ] and assurance behavior [ 63 , 76 ]. Perceived susceptibility in some studies is called perceived vulnerability [ 71 , 76 , 78 ]. According to PMT and the HBM, these factors are components of threat appraisal, which explains people’s assessment of a security threat or risk that they will manage [ 96 ]. Some selected studies used the terms perceived threat [ 63 ] and perceived risk [ 65 ] to reflect healthcare staff’s perceptions of the security threat or risk according to their perceived severity and susceptibility, which then significantly influence their further security behavior intentions.

Perceived benefit (six studies) and perceived barriers (three studies) are also adopted from HBM constructs. A previous study [ 71 ] that adopted PMT used different terms to reflect perceived benefits and perceived barriers: response efficacy and response cost, respectively. Other words with similar meanings to perceived benefit and perceived barriers are safeguard effectiveness [ 63 ] and safeguard cost [ 63 , 65 ], respectively. Different studies [ 70 , 81 ] that adopted the TAM used the perceived usefulness construct but adopted a similar definition of perceived benefit in the context of security behavior.

The TPB, as the dominant foundational theory in the selected studies, also contributes to frequent factors—namely, attitudes (seven studies), subjective norms (seven studies), and perceived behavioral control (four studies). Attitude is commonly used as a mediating variable to predict health staff’s DSB based on individual and organizational factors. Perceived trust is frequently related to behavioral intentions in TPB studies [ 1 , 51 , 61 , 74 ].

Security awareness (seven studies) is adopted from the variable GDT [ 87 ] as a factor that deters people from engaging in undesirable behavior. Some studies used the general term information security awareness as a research variable [ 57 , 58 , 62 , 67 ], while others used health information security awareness, consisting of general and health-related issues, regulations, and relevant consequences [ 64 , 77 ].

Perceived responsibility (two studies) and personal norms (two studies) are individual factors that appeared more than once in studies related to DSB and USB. Perceived responsibility emphasizes that it is one’s job to achieve professional goals [ 79 ]. Meanwhile, personal norms define health staff’s values, such as perceiving an information security policy violation as inappropriate and unacceptable [ 58 ]. This value negatively influences the intention to disclose information [ 77 ] and positively influences attitudes toward information security policy compliance [ 58 ].

In examining HIS users who participated in the selected studies, we found that individual factors from patients have not yet been explored. One study that took patients as participants [ 69 ] only investigated organizational factors (i.e., data collection processes, secondary use, and system error) that can influence their security behavior. There are three factors that significantly influence information security behavior among both clinical and non-clinical staff of healthcare organizations and medical students: perceived severity, perceived susceptibility, and information security awareness. The other individual factors significantly influence one or two user types. Therefore, those factors can be explored in future research.

3.4.2. Organizational Factors

Organizational factors investigate organizational issues—such as procedures, programs, work environment, and security culture—that can influence employees’ security behavior [ 50 ]. There were 26 distinct organizational factors ( Table 9 ) that empirically affect information security behaviors in the selected studies. Six factors were identified in more than one study; three appeared in both USB and DSB studies. Fourteen factors were only examined in DSB studies, while seven were examined only in USB studies.

Organizational factors as antecedents of security behavior.

Notes: DSB = desirable security behavior (such as compliance behavior, protection behavior, etc.); USB = undesirable security behavior (such as risk-taking behavior, non-compliance, etc.); N/A = not applicable (no selected studies using the factor); HS = hospital; AHF = academic healthcare facilities; NHF = non-specific healthcare facilities (e.g., clinics, health centers, etc.).

The most frequent organizational factor was management/organizational support (four studies). Previous studies [ 1 , 26 , 61 , 74 ] found that management support indirectly influences users’ behavior through various individual factors, such as perceived benefit, severity, self-efficacy, and trust. Management support can be measured through information security policy implementation, security training, and leadership from the top-level management [ 74 ].

Cues to action (three studies) are derived from the HBM construct. In selected studies [ 62 , 72 , 75 ], cues to action had a positive and significant influence on security behavior intention—mainly for security protection and compliance. None of the selected studies examined the effects of cues to action on the desire to commit a security violation or human error. A survey by Kessler et al. [ 66 ] measured organizational culture through practice, importance, and laxness, while Dong et al. [ 58 ] examined organizational culture in terms of top-level management beliefs and organizational control of information security issues.

The following factors appeared in two studies: Perceived certainty is derived from GDT, which can examine different acts or processes, such as detection [ 80 ] and punishment [ 73 ]. Two selected studies evaluated the impacts of peer influence and superior influence on different types of security behavior: protection intention [ 70 ] and non-compliance intention [ 82 ]. Both studies revealed that peer and superior influences significantly affect security behavior intentions through individual factors as mediating variables, such as subjective norms [ 70 ] and neutralization techniques [ 82 ].

Importantly, most of the selected studies took place in hospitals, and organizational factors mostly influence security behavior in a hospital context. Management support is the only factor that impacts all types of healthcare organizations. These results support the findings of previous studies [ 1 , 26 , 61 , 74 ], illustrating that support from management—such as information security policymaking—is the most important thing for all types of health organizations. However, in the selected studies, management support to deter undesirable security behavior was not investigated.

4. Discussion

Studies on information security behavior in healthcare organizations are still dominated by investigations into why people intend to comply with an organization’s information security policy or health security regulation, such as HIPAA. The most frequently adopted theory is the TPB, but the most frequent significant factors are derived from PMT as an improvement from the HBM. Attitudes, subjective norms, and perceived behavioral control as the constructs of the TPB were only investigated in DSB studies and were mostly combined with other theories, such as PMT and GDT. It is possible to explain human errors and violations by examining the staff’s attitudes toward information security behaviors [ 95 ]. However, the attitude was not a research variable in the selected studies related to USB.

The results empirically reveal that more individual (32 factors) than organizational (26 factors) aspects significantly affect information security behavior in the healthcare context. Those factors might positively (i.e., promoting) or negatively (i.e., preventing) affect the related behavior. This is consistent with the most frequently adopted foundational theories, the TPB and PMT, which focus on individual aspects of behavior. Although only two selected studies [ 50 , 82 ] explicitly segregated individual and organizational factors, many (16 studies) also examined both factors. Ten studies only used individual factors, while four studies only used organizational factors as significant antecedents to predict users’ security behavior. Hence, organizational aspects remain underexplored in this research field. However, most studies indicated that organizational factors significantly impact security behavior, mediated by individual factors.

Self-efficacy is the most significant individual factor that is only important in influencing DSB. A USB study [ 64 ] and a combined USB–DSB study [ 76 ] examined this factor. However, self-efficacy was not significant in predicting insecure behavior, such as the intention to disclose information and violate security controls. The other frequent individual factors were from PMT and the HBM: perceived severity, perceived susceptibility, perceived benefit, and perceived barriers. Perceived severity and perceived susceptibility can be influenced by the security awareness of healthcare staff [ 76 ], which reflects their knowledge and understanding of potential security issues and their consequences—both general and health-information-specific [ 77 ]. Together with perceived benefits and perceived barriers, self-efficacy compiles a construct known as coping appraisal, which affects information security intention [ 78 ]. Many studies measured the benefits of security protection using various terms, including perceived benefit, perceived usefulness, and response efficacy. Although they used different names for the variables in different contexts, they referred to the same definitions.

Management support, as the most significant organizational factor, is derived from GDT’s constructs. None of the selected studies examined management support as an antecedent factor of USB. Management support, such as providing security training to improve staff’s security awareness, can also influence self-efficacy [ 1 , 64 , 74 , 76 ]. Therefore, security managers in healthcare organizations can design some security policies and programs that facilitate the staff’s adoption of security practices and increase their confidence. Strengthening employee self-efficacy may increase the likelihood of effective security compliance. The next most significant organizational factor was cues to action from the HBM. The selected empirical studies showed that health staff’s security behavior could be predicted directly by cues to action, such as security campaigns and the influence of peers and superiors, which can promote security protections and compliance.

Some studies used demographic characteristics as differentiating factors, such as gender [ 66 , 72 , 80 , 81 ], age [ 25 , 66 ], occupation type [ 25 , 61 , 66 ], organization type [ 61 , 81 ], education [ 25 ], working duration [ 74 , 78 , 80 ]. However, these demographic differences were only found in DSB studies. Organizational and occupational characteristics can influence the self-efficacy of healthcare professionals in complying with privacy and security rules due to their different work environments [ 61 ]. Figure 4 depicts a summary of the antecedent factors of security behavior based on the selected studies.

An external file that holds a picture, illustration, etc.
Object name is healthcare-10-02531-g004.jpg

Antecedent factors of information security behavior in healthcare organizations.

The theoretical contributions of our research complement prior studies by adding and mapping previous inquiries to understand related factors, actors, providers, and behavior types. A systematic literature review by Yeng et al. [ 49 ] examined psychological, social, and cultural aspects of information security behavior. The study did not define individual and organizational factors as predictors of information security behavior. Moreover, the study only investigated general healthcare professionals’ perspectives as HIS users without including patients and other stakeholders among the healthcare providers. The COVID-19 pandemic has driven healthcare facilities to develop digital health approaches, such as telehealth, mobile health applications, and the Internet of Medical Things (IoMT). These initiatives can accelerate the exchange of health information by empowering patients to manage and share their medical information with various healthcare organizations. Patient-centered information exchange also requires the patient to play an active role in information security and privacy protection [ 97 ]. A previous study [ 69 ] investigating patient behavior did not examine individual factors.

The practical implications of our research provide lessons for decision-makers in healthcare organizations and governments to encourage the expected security behavior. The most frequent information security hazards in healthcare organizations are improper usage, insider impersonation, and human error when handling information. By considering specific elements such as self-efficacy, perceived severity, and information security knowledge, healthcare organizations may build security policies to reduce the occurrence and effects of these risks. For instance, educating users about the threats to information security and enhancing their technical skills to defend information security are only two examples of how to do this. For information security protection to be successful, it is also necessary to enhance organizational factors that can promote information security behavior, such as support and commitment from top-level management, peer and superior influence, and a positive corporate culture.

A limitation of this review is that we only analyzed the empirical studies to define significant antecedent factors and classify them as an individual or organizational factors. The most frequent factors were measured not by their appearance as research variables in the selected studies but by how many studies identified those factors as predictors of security behavior. Since the research methods of the empirical studies varied, this review could not determine the influence of each factor on the dependent variables. Therefore, the most frequent factors do not necessarily represent the most significant factors in evaluating health staff’s information security behavior. Previous studies revealed no established general model for information security behavior in healthcare. This study does not propose a specific model but, rather, shows the research gap for further investigation. Further research is necessary to learn more about the influencing factors among user groups in various healthcare organizations. Patients should be involved as research objects to determine how healthcare facilities should involve them in controlling information security.

5. Conclusions

Healthcare providers other than hospitals are understudied. Studies related to both DSB and USB show that the factors preventing protection can differ from those that promote information security violations. Therefore, future studies should investigate both types of security behavior. The development of technological solutions used by health facilities since the COVID-19 outbreak, such as telemedicine and mobile health applications, has expanded HIS coverage. Protecting health information security relies on healthcare professionals and patients participating in managing their data. Information security risks come not only from internal users at the healthcare provider but also from external users who have access rights to the system. Therefore, studies on information security behavior in healthcare organizations need to understand the patient’s perspective, which is still rarely studied.

Supplementary Materials

The following supporting information can be downloaded at: https://www.mdpi.com/article/10.3390/healthcare10122531/s1 , Table S1: PRISMA 2020 Checklist; Table S2: Summary of selected studies.

Funding Statement

This research and APC were funded by the Republic of Indonesia’s Ministry of Research, Technology, and Higher Education under Hibah Penelitian Dasar Unggulan Perguruan Tinggi (PDUPT), grant number NKB-788/UN2.RST/HKP.05.00/2022.

Author Contributions

Conceptualization, P.K.S. and P.W.H.; methodology, P.K.S.; software, R.F.A.; validation, P.W.H., A.N.H. and S.Y.; formal analysis, P.K.S.; investigation, P.K.S.; resources, P.K.S.; data curation, P.K.S. and P.W.H.; writing—original draft preparation, P.K.S.; writing—review and editing, P.W.H. and S.Y.; visualization, P.K.S.; supervision, A.N.H.; project administration, R.F.A.; funding acquisition, P.W.H. All authors have read and agreed to the published version of the manuscript.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Data availability statement, conflicts of interest.

The authors declare no conflict of interest.

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This paper is in the following e-collection/theme issue:

Published on 11.4.2024 in Vol 26 (2024)

This is a member publication of Imperial College London (Jisc)

Regulatory Standards and Guidance for the Use of Health Apps for Self-Management in Sub-Saharan Africa: Scoping Review

Authors of this article:

Benard Ayaka Bene 1, 2 , MBBS, MPH ;
Sunny Ibeneme 3 , MD, PhD ;
Kayode Philip Fadahunsi 1 , MBBS, MPH ;
Bala Isa Harri 4 , MBBS, MPH, MSc ;
Nkiruka Ukor 5 , MSc ;
Nikolaos Mastellos 1 , BSc, PhD ;
Azeem Majeed 1 , MD ;
Josip Car 1, 6 , MSc, MD, PhD

1 Department of Primary Care and Public Health, School of Public Health, Imperial College London, London, United Kingdom

2 Department of Public Health, Federal Ministry of Health, Abuja, Nigeria

3 Digital Health Specialist, UNICEF East Asia Pacific Regional Office, Bangkok, Thailand

4 Department of Health Planning, Research and Statistics, Federal Ministry of Health, Abuja, Nigeria

5 Strategic Health Information Cluster, World Health Organization, Abuja, Nigeria

6 School of Life Course & Population Sciences, King’s College London, London, United Kingdom

Corresponding Author:

Benard Ayaka Bene, MBBS, MPH

Department of Primary Care and Public Health

School of Public Health

Imperial College London

The Reynolds Building

St Dunstan’s Road

London, W6 8RP

United Kingdom

Phone: 44 7598439185

Email: [email protected]

Background: Health apps are increasingly recognized as crucial tools for enhancing health care delivery. Many countries, particularly those in sub-Saharan Africa, can substantially benefit from using health apps to support self-management and thus help to achieve universal health coverage and the third sustainable development goal. However, most health apps published in app stores are of unknown or poor quality, which poses a risk to patient safety. Regulatory standards and guidance can help address this risk and promote patient safety.

Objective: This review aims to assess the regulatory standards and guidance for health apps supporting evidence-based best practices in sub-Saharan Africa with a focus on self-management.

Methods: A methodological framework for scoping reviews was applied. A search strategy was built and applied across the following databases, gray literature sources, and institutional websites: PubMed, Scopus, World Health Organization (WHO) African Index Medicus, OpenGrey, WHO Regional Office for Africa Library, ICTworks, WHO Directory of eHealth policies, HIS Strengthening Resource Center, International Telecommunication Union, Ministry of Health websites, and Google. The search covered the period between January 2005 and January 2024. The findings were analyzed using a deductive descriptive content analysis. The policy analysis framework was adapted and used to organize the findings. The Reporting Items for Stakeholder Analysis tool guided the identification and mapping of key stakeholders based on their roles in regulating health apps for self-management.

Results: The study included 49 documents from 31 sub-Saharan African countries. While all the documents were relevant for stakeholder identification and mapping, only 3 regulatory standards and guidance contained relevant information on regulation of health apps. These standards and guidance primarily aimed to build mutual trust; promote integration, inclusion, and equitable access to services; and address implementation issues and poor coordination. They provided guidance on systems quality, software acquisition and maintenance, security measures, data exchange, interoperability and integration, involvement of relevant stakeholders, and equitable access to services. To enhance implementation, the standards highlight that legal authority, coordination of activities, building capacity, and monitoring and evaluation are required. A number of stakeholders, including governments, regulatory bodies, funders, intergovernmental and nongovernmental organizations, academia, and the health care community, were identified to play key roles in regulating health apps.

Conclusions: Health apps have huge potential to support self-management in sub-Saharan Africa, but the lack of regulatory standards and guidance constitutes a major barrier. Hence, for these apps to be safely and effectively integrated into health care, more attention should be given to regulation. Learning from countries with effective regulations can help sub-Saharan Africa build a more robust and responsive regulatory system, ensuring the safe and beneficial use of health apps across the region.

International Registered Report Identifier (IRRID): RR2-10.1136/bmjopen-2018-025714

Introduction

Health apps are the most widely used digital health products globally [ 1 , 2 ]. Harnessing the potential of health apps creates a huge opportunity in providing support for health care delivery, including patient communication, patient education, and decision support for self-management [ 3 - 8 ]. Health apps can be an effective tool to strengthen health systems worldwide, especially in low- and middle-income countries including those in sub-Saharan Africa [ 4 , 5 , 9 ]. As a result, the attainment of universal health coverage (UHC) and sustainable development goal (SDG) 3, good health and well-being, can be accelerated [ 8 , 10 ].

Many health apps fall below the expected quality threshold [ 11 ]. Several studies have found that widely used health apps are often technically unreliable and clinically unsafe [ 12 - 14 ] and do not comply with ethical standards and the principles of confidentiality of information and data privacy [ 15 , 16 ]. In addition, many commercially available health apps were not developed using interoperability standards that are widely accepted in sub-Saharan Africa (eg, Fast Healthcare Interoperability Resources [FHIR]) [ 17 - 20 ]. Consequently, it becomes difficult to integrate these apps into a clinical workflow.

Hence, regulation through robust mechanisms is crucial to enhance the development, implementation, and adoption of health apps. Regulatory standards and guidance are essential for the safety of patients as they ensure quality assurance of any new technology in health care and contribute to building mutual trust while promoting the optimal use of the technology [ 21 - 23 ]. Therefore, to ensure that health apps that are used to support the self-management of patients are technically reliable and clinically safe, interoperable across systems, and compliant with the principles of confidentiality of information and data privacy, there is a need for effective regulatory standards. Furthermore, effective regulation can help ensure that health apps for self-management are culturally functional and competent and are accessible to those who need them regardless of gender, ethnicity, geographical location, or financial status [ 24 - 31 ].

Since 2005, there have been ongoing efforts to strengthen digital health governance at both the national and international levels [ 32 , 33 ]. In 2018, the World Health Organization (WHO) member states renewed their commitment to using digital health technologies (DHTs) to advance UHC and SDG 3 [ 33 ]. However, to date, the extent to which the use of health apps for self-management is regulated across countries within the WHO African Region (also known as sub-Saharan Africa) remains unclear. Therefore, this review was conducted to identify available regulatory standards and guidance and assess the extent to which they regulate health apps for self-management in sub-Saharan Africa. The review also mapped out the key stakeholders and their roles in regulating health apps for self-management across sub-Saharan Africa.

Review Questions

The review attempted to answer the following questions: (1) What regulatory standards and guidance are available for regulating health apps for self-management across sub-Saharan Africa? (2) To what extent do regulatory standards and guidance regulate health apps for self-management in terms of what aspects are regulated; why, how, and for whom; and what aspects are not regulated? (3) Who are the key stakeholders and what are their roles in regulating health apps for self-management?

Study Design

The process of this scoping review followed the methodological framework for conducting a scoping study originally described by Arksey and O’Malley [ 34 ] and the updated methodological guidance for conducting a Joanna Briggs Institute scoping review [ 34 - 37 ]. The reporting of the review was guided by the PRISMA-ScR (Preferred Reporting Items for Systematic Reviews and Meta-Analyses extension for Scoping Reviews) checklist [ 38 ]. A completed PRISMA-ScR checklist is provided in Multimedia Appendix 1 . The protocol of this scoping review was published in BMJ Open [ 30 ].

Identifying Relevant Documents

Two reviewers (BAB and SI) developed the search strategy with the assistance of a librarian and in consultation with other research team members (KPF, BIH, NU, NM, AM, and JC). The following key terms were included: policy, legislation, strategy, regulation, standard, criterion, framework, guidance, guideline, digital health, eHealth, app, WHO African Region, and sub-Saharan Africa, and the names of all sub-Saharan African countries.

Owing to the absence of regulatory standards and guidance in scientific databases, the search focus was narrowed down to gray literature sources and institutional websites, including OpenGrey, WHO Regional Office for Africa (AFRO) Library, repositories for digital health policies (ICTworks, WHO’s Directory of eHealth Policies, and Health Information System Strengthening Resource Center), as well as the websites of WHO, International Telecommunication Union (ITU), and Ministries of Health (MOHs). The only scientific databases searched were PubMed, Scopus, and WHO AIM. PubMed was not included in the protocol. We also conducted a systematic search on Google. We used truncation to increase the yield of the results. The search strategy was then applied across PubMed, Scopus, and WHO AIM databases using Boolean terms (mainly OR and AND ) to combine search results. Gray literature sources and institutional websites were searched using phrases containing ≥2 keywords such as “eHealth regulation,” “digital health regulatory standard,” “eHealth regulatory standard,” “digital health regulation,” “digital health policy,” “eHealth policy,” “digital health strategy,” and “eHealth strategy.” For Google search, we added the names of the country to the phrases (eg, “digital health regulation Nigeria”). The reference lists of the included documents were also searched, and key individuals at the MOHs, WHO Country Offices, and the WHO AFRO were contacted for related documents. When our search was conducted, the WHO Directory of eHealth policies website was unavailable, and the WHO AFRO Library was undergoing reconstruction. The search strategies for PubMed, Scopus, and WHO AIM are provided in Multimedia Appendix 2 . The search was conducted between 2005 and January 2024.

Study Selection

The search results obtained from PubMed, Scopus, and WHO AIM were imported into Mendeley (Elsevier) [ 39 ] to remove duplicates. The search conducted on OpenGrey did not yield any results, whereas relevant records obtained from institutional websites, repositories, and Google were downloaded as PDF copies and uploaded to Mendeley. After removing duplicates, the remaining results were imported into Covidence (Veritas Health Innovation) [ 40 ] for screening. Two reviewers (BAB and SI) applied the predefined eligibility criteria ( Textbox 1 ) to screen the documents in 2 stages (title and abstract or executive summary). All discrepancies were discussed until the reviewers reached agreement.

Inclusion criteria

Type of document: Regulatory standards, guidance, policies, strategies, and committee or government reports that address regulatory issues related to the use of health apps for self-management
Location: Documents developed and implemented in countries within sub-Saharan Africa
Date of publication: Documents developed since 2005; the global efforts toward promoting standards to minimize variability and potential harms that could arise from poorly regulated use of digital health began in 2005 [ 33 ]
Language: Documents written in English language and other official languages of sub-Saharan African countries (Portuguese and French)

Exclusion criteria

Type of document: Standards, guidance, policies, strategies, and reports not related to regulation of health apps
Location: Documents from countries outside sub-Saharan Africa
Date of publication: Documents developed before 2005
Language: None

Data Charting (Extraction)

Two reviewers (BAB and SI), in consultation with the other members of the research team, developed the data extraction forms using an iterative process that included piloting data extraction and refinement until a consensus was reached.

We proposed in the study protocol [ 30 ] that data extraction would be conducted by the 2 reviewers independently. However, owing to the approach adopted for data extraction (deductive qualitative content analysis), 1 reviewer, rather than 2, initially extracted data from the included documents, and any concerns were discussed with a second reviewer [ 41 ]. Unresolved issues were then discussed and resolved with a third reviewer in a steering group meeting.

Collating, Summarizing, and Reporting Results

To address the research questions (particularly question 2), we adopted a deductive descriptive qualitative content analysis method to analyze and report the key findings. The policy analysis framework by Walt and Gilson [ 42 ] was adapted and applied to ensure that there was a consistent way of organizing the key findings: (1) Content (which aspects are regulated and which aspects are not?)—these are the components that directly or indirectly address regulatory issues related to the use of health apps for self-management, including areas that have not been addressed. (2) Context (why are those aspects regulated?)—this characterizes the rationale indicated for addressing regulatory issues related to the use of health apps for self-management. (3) Process (how are the regulatory standards developed and implemented?)—this describes the methods or approaches used to develop and implement regulatory standards. (4) Actors (who are the regulatory standards targeted toward?)—these are the key actors targeted by the standards.

Using a deductive descriptive qualitative content analysis approach, we examined each included document to systematically identify texts for concepts, patterns, and other relevant information. We then categorized them under content, context, process, or actors in relation to regulating health apps for self-management. The findings under content and context were further organized based on 4 predefined regulatory categories or themes as documented in the literature, namely (1) technical and clinical safety [ 12 - 14 ], (2) data protection and security [ 15 , 16 ], (3) standards and interoperability [ 28 , 31 ], and (4) inclusion and equitable access [ 24 - 29 ].

To address the third research question, the Reporting Items for Stakeholder Analysis (RISA) tool [ 41 ] was used as a guide to group key stakeholders based on role categorization as recognized globally by the WHO, the ITU, and UNESCO [ 32 , 33 , 43 ].

Ethical Considerations

Primary data were not collected in this study. Therefore, no ethics approval was required.

Search Results

A total of 2900 records were obtained after removing duplicates. Although the literature search was conducted in English, the search also yielded documents written in French and Portuguese from the ICTworks repository [ 44 ]. Following the initial screening of the title and abstract (or executive summaries), 73 documents were retrieved for full-text assessment. After applying the inclusion criteria for the full-text assessment, 49 documents were found eligible for inclusion in the review.

The PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) flow diagram [ 45 ] showing the study selection process is presented in Figure 1 .

Types of Documents

On the basis of the inclusion criteria, 3 categories of documents were considered for this review, namely “stand-alone regulatory standards and guidance that potentially regulate health apps for self-management,” “national policies and strategies on digital health,” and “other national documents that relate to the regulation of health apps for self-management.” Table 1 presents the types of documents obtained for each country within sub-Saharan Africa.

Characteristics of the Included Documents

Stand-alone regulatory standards and guidance.

We identified and included 6 stand-alone regulatory standards [ 18 , 19 , 46 - 49 ] from 3 countries (Ethiopia, Kenya, and Nigeria). All 6 documents were written in English. The years of development ranged between 2013 and 2021, as indicated in Multimedia Appendix 3 . The years of implementation were not specifically stated.

Although none of the included regulatory standards were exclusively developed to regulate health apps for self-management, 3 of them (Kenya Standards and Guidelines for mHealth Systems [ 18 ], Kenya Standards and Guidelines for E-Health Systems Interoperability [ 47 ], and Health Sector Information and Communications Technology Standards and Guidelines [ 48 ]) provided concept and information relevant to the regulation of health apps and were included in the qualitative content analysis. The Kenya Standards and Guidelines for mHealth Systems [ 18 ] provides standards and guidelines on the design, development, and implementation of mobile health (mHealth) solutions to ensure they are interoperable, scalable, and sustainable. The Kenya Standards and Guidelines for E-Health Systems Interoperability [ 47 ] outlines the principles, requirements, and standards for eHealth systems interoperability in Kenya. The Health Sector Information and Communications Technology Standards and Guidelines [ 48 ] provide guidance and a consistent approach across the health sector in Kenya for establishing, acquiring, and maintaining current and future information systems and information and communications technology (ICT) infrastructure that foster interoperability across systems. These 3 documents are a good combination of regulatory standards and guidance that provide content and context relevant to the regulation of health apps in sub-Saharan Africa.

The remaining 3 standards (standard for electronic health record [EHR] system in Ethiopia [ 19 ], standards and guidelines for electronic medical record systems in Kenya [ 46 ], and the health information exchange standard operating procedure and guideline [ 49 ]) were exclusively developed for EHRs or electronic medical records. However, they contain information relevant for mapping stakeholders with potential roles in regulating health apps for supporting self-management.

National Policies and Strategies on Digital Health

This review includes 35 national policies and strategies that are related to digital health (potentially covering health apps) [ 50 - 84 ] from 31 countries written in English, French, and Portuguese (Benin, Botswana, Burkina Faso, Burundi, Cameroon, Comoros, Côte d’Ivoire [Ivory Coast], Democratic Republic of the Congo, Eswatini, Ethiopia, Gabon, Ghana, Kenya, Liberia, Madagascar, Malawi, Mali, Mauritius, Mozambique, Namibia, Niger, Nigeria, Rwanda, Senegal, Sierra Leone, South Africa, Tanzania, Togo, Uganda, Zambia, and Zimbabwe). Although the literature search was conducted in English, it also yielded documents written in French and Portuguese from the ICTworks repository. The years of development and implementation range between 2005 and 2030. Policies and strategies written in French and Portuguese were translated into English using Google Translate. Documents labeled as national development plans, strategic plans, and strategic development plans were considered as national strategies.

National policies and strategies do not offer specific standards or guidance, but rather outline the country’s vision, policy directions, and strategies for using digital technologies in health care. They provide useful information for identifying digital health stakeholders who can play a role in regulating health apps for self-management. For example, Nigeria has a separate National Digital Health Policy [ 72 ] and a National Digital Health Strategy [ 71 ]. Both documents were developed by building on the lessons learned from the end-term evaluation of the previous National Health ICT Strategic Framework [ 85 ]. They describe Nigeria’s renewed vision, mission, goals, objectives, and strategies for the development and implementation of digital health with the aim to improve the quality, efficiency, and effectiveness of health service delivery and health outcomes.

It is worth noting that for countries with >1 policy or strategy, we included only the most recent versions. For instance, as mentioned earlier, Nigeria now has both a national digital health policy and a national digital health strategy. These 2 documents supersede and thus replace the old National Health ICT Strategic Framework [ 86 ]. Details of included documents are presented in Multimedia Appendix 3 .

Content: Aspects That Are Regulated and Aspects That Are Not

Technical and clinical safety.

Technical and clinical safety standards are required to prevent or minimize the harm that may arise from the use of the health ICT systems (including mHealth systems) as well as to improve the health outcomes and user satisfaction. As shown in Figure 2 , two subthemes were generated from included standards [ 18 , 47 , 48 ] as content under technical and clinical safety: v(1) guidance on system quality and (2) guidance on software or app development, acquisition, support, and maintenance.

Notably, 2 of the included standards [ 18 , 47 ] provide guidance on system quality to ensure the quality, security, reliability, performance, and maintenance of eHealth and mHealth systems. The Kenya Standards and Guidelines for E-Health Systems Interoperability [ 47 ] recommend the implementation of a data quality protocol to ensure that the data collection, collation, analysis, interpretation, dissemination, and use are managed in accordance with the quality standards. Similarly, the Kenya Standards and Guidelines for mHealth Systems [ 18 ] recommends the inclusion of the following requirements in the technical manual: (1) minimum hardware requirements that should incorporate the preferred hardware architecture, (2) minimum software requirements that should include the minimum version of the underlying operating system as well as acceptable versions of related software, and (3) a detailed list of software dependencies (external libraries) necessary for the system to function properly.

The included standards [ 18 , 48 ] cover guidance on software or app development, acquisition, support, and maintenance, which aim to ensure the efficiency and effectiveness of eHealth and mHealth systems. The Kenya Standards and Guidelines for mHealth Systems [ 18 ] recommends a technical manual to provide a detailed description of the system’s installation and maintenance processes for system administrators and implementers; a developer’s guide for software developers and programmers to provide them with an overview of the system, description of the software design methodologies, description of the system architecture, and technical design diagrams; and a user manual to aid users in understanding how the system works and how each feature operates; in addition, the technical manual contains instructions for operating the software; entering and updating data; and generating, saving, and printing reports.

Although the contents generated here provide guidance that is relevant to health apps, they are not specific to health apps. Moreover, there are no clear measures to enable individuals or organizations that use health apps to manage clinical risk appropriately.

Data Protection and Security

Data protection and security are crucial aspects of managing patient information, thus ensuring the confidentiality, integrity, and availability of data as well as the rights and interests of the patient. Two subthemes related to data protection and security are (1) security measures for adequate protection of patients’ digital records and (2) guidance on data exchange.

The included standards [ 18 , 48 ] provide security measures for eHealth or mHealth systems to ensure the adequate protection of digitally accessible patient records. These measures include authentication, accountability, identification, authorization, integrity, confidentiality, availability, security, administration, and audit. This will help to achieve confidentiality, integrity, availability, and nonrepudiation of patient data or health records. Additional levels of security such as data encryption are required when there is a need to store sensitive information on removable devices or media or outside the MOH premises.

The Kenya Standards and Guidelines for mHealth Systems [ 18 ] provide the following guidance on data exchange to ensure privacy: (1) anonymize client data as much as possible before they can be shared; (2) where possible, use pseudonyms for the client data before they can be shared; (3) aggregate client data before they can be shared to reduce possibilities of tracing the data back to the client; and (4) minimize data so that access is available only to the data set required for that particular use. With regard to privacy rules, the Kenya Standards and Guidelines for E-Health Systems Interoperability [ 47 ] propose that a notice of privacy practices should be given to patients describing how their information may be used or shared while also specifying their legal rights.

Standards and Interoperability

Standards and interoperability are essential concepts in the field of IT, especially for systems that need to communicate and exchange data, as seen in the use of health apps for self-management. Two subthemes related to standards and interoperability are (1) interoperability as a basic requirement and (2) minimum standards to enable integration.

All the regulatory standards [ 18 , 47 , 48 ] highlight the importance of having interoperability as a basic requirement when selecting software products or services for use within the health system. This facilitates interaction across systems. For instance, to facilitate seamless interaction between mHealth systems and primary information systems for data capture, reporting, and decision support in various domains of the health system, the Kenya Standards and Guidelines for mHealth Systems [ 18 ] recommends the incorporation of at least 3 types of interoperability, namely, technical interoperability, semantic interoperability, and process interoperability.

Furthermore, 2 regulatory standards [ 18 , 47 ] proposed minimum interoperability standards to enable the integration of services and data exchange between various systems in health care. For instance, the Kenya Standards and Guidelines for mHealth Systems [ 18 ] suggests standards (for interoperability) for mHealth systems that are consistent with the recommendations in internationally accepted standards. They include the following: (1) clinical messaging—ensuring mHealth systems conform to Health Level 7 (HL7) version 3 standards and corresponding implementation guideline; (2) clinical terminology—ensuring terminologies and classifications for clinical concepts (eg, International Classification of Diseases, tenth revision—for diseases; Systemized Nomenclature of Medicine—for clinical data coding; Logical Observation Identifiers Names and Codes—for laboratories; and RxNorm—for Pharmacies); (3) the mHealth system must use the latest versions of international standards, such as HL7 Clinical Document Architecture for electronic sharing of clinical documents; (4) concepts—mHealth systems will use the idea of “concepts” so that information can be transmitted between systems without losing meaning or context, and HL7 Reference Implementation Model or other appropriate standards are recommended for implementing concepts; (5) architecture—to develop mHealth systems, developers should define the system architecture that should include data elements and business logic. Furthermore, to define how mHealth systems interact with other systems, developers of mHealth solutions must provide application programming interfaces. FHIR is the preferred application programming interface interoperability standard.

Inclusion and Equitable Access

Inclusion and equitable access are essential principles to ensure that health apps are culturally appropriate and relevant and accessible to everyone, regardless of gender, ethnicity, location, or economic status.

All the included regulatory standards [ 18 , 47 , 48 ] indicate that they were developed based on a combination of participatory and consultative approaches involving multiple actors or stakeholders, thus promoting inclusion. However, there are no specific measures or guidance to ensure adequate engagement and representation of all the relevant stakeholders and to sustain that engagement.

The Kenya Standards and Guidelines for mHealth Systems [ 18 ] proposes the following systems attributes to ensure equitable access to mHealth services at all times and from anywhere: (1) allocation of adequate storage and bandwidth capacity; (2) fast response time; (3) fast recovery capabilities; (4) performance monitoring; (5) business continuity processes, for example, backups; and (6) redundant sites and links. Furthermore, the Kenya Standards and Guidelines for mHealth Systems [ 18 ] prescribes the following metrics for measuring system availability: (1) downtime per year, (2) mean time between failure, (3) mean time to repair, and (4) failure in time.

Although the abovementioned systems attributes and metrics for measuring system availability are important, the included standards do not offer any concrete guidance or model for achieving a sustainable funding mechanism for health apps to ensure that they are readily available and accessible to those who need them.

Context: Reasons Why Those Aspects Are Regulated

The 3 standards [ 18 , 47 , 48 ] were developed to address unsafe, isolated, and inconsistent implementation. The Health Sector ICT Standards and Guidelines [ 48 ] suggest that although there has been a lot of ICT investment in the health sector leading to improvement in service delivery and information exchange, there remains the challenge of inconsistency in ICT implementation and harmonization of the health sector system requirements. Hence, there is a need to adopt global best practices for software development, acquisition, support, and maintenance by the MOH. In addition, the Kenya Standards and Guidelines for mHealth Systems [ 18 ] indicates that standards and guidelines are necessary to ensure a consistent approach to the development of ICT systems. Similarly, the Kenya Standards and Guidelines for E-Health Systems Interoperability [ 47 ] recognize the need to ensure that the processes of collecting, collating, analyzing, interpreting, disseminating, and using data are consistent with data quality standards.

To build mutual trust and maximize the benefits of eHealth information exchange, the Kenya Standards and Guidelines for E-Health Systems Interoperability [ 47 ] reiterate that as health data are constantly being exchanged across health information systems, robust security standards are required to maintain their integrity and confidentiality. This will build the trust of service users and consequently help to maximize the benefits of eHealth information exchange such as in self-management.

Two of the included regulatory standards [ 47 , 48 ] indicate that the context for standards and interoperability was (1) to address poor coordination, duplication of efforts, and inefficient use of resources and (2) to promote the integration of ICT systems.

The Kenya Standards and Guidelines for E-Health Systems Interoperability [ 47 ] acknowledge that the absence of interoperability standards over the years has led to the duplication of efforts and the inefficient use of ICT resources in health care. Now that ICT has become increasingly relevant in improving efficiency in health service delivery, the Kenya MOH recognizes the need to adopt a standardized approach, hence the development of interoperability standards for eHealth systems. In addition, the Health Sector ICT Standards and Guidelines [ 48 ] emphasize the relevance of interoperability as a requirement for addressing the inconsistency in implementing ICT in the health sector.

The Health Sector ICT Standards and Guidelines [ 48 ] consider “integration of ICT systems” as one of its key guiding principles, acknowledging the lack of information systems integration as a challenge experienced by ICT services across Kenya.

The contexts for inclusion and equitable access as generated from included standards [ 18 , 47 , 48 ] were (1) to promote inclusion and (2) to promote equitable access to services.

To promote inclusion, the standards [ 18 , 47 , 48 ] highlight the importance of involving and engaging multiple actors and stakeholders during the development process. However, no emphasis was placed on the need to sustain stakeholder engagement during the implementation process.

Pertaining to equitable access, the Kenya Standards and Guidelines for mHealth Systems [ 18 ] acknowledges that the public health care system is largely unavailable to most of the population in many developing countries because of geographical location, resource constraints, inefficiencies, and lack of awareness. Hence, it recognizes the importance of ensuring that mHealth services are always accessible by users and from anywhere as well as the need to put in place mechanisms to make this happen.

Process: How the Regulations Are Developed and Implemented

Two themes were generated from the included standards: development and implementation processes [ 18 , 47 , 48 ].

Development Process

All the included standards [ 18 , 47 , 48 ] indicate that they were developed through a participatory process and in consultation with a range of subject experts and interest groups. In addition, the standards [ 18 , 47 , 48 ] adopted a multisectoral approach to engage health-related stakeholders from government ministries or agencies and development partners and a range of subject experts and interest groups. It has also been reported that these standards [ 18 , 47 , 48 ] were developed based on international best practices and with reference to international standards. However, there is no indication that a stakeholder engagement strategy was adopted to sustain the engagement of stakeholders through the entire development and implementation process.

Implementation Process

The 3 regulatory standards [ 18 , 47 , 48 ] identify the key requirements to ensure effective implementation of IT services in the health sector. These are (1) legal authority, (2) coordination, (3) building capacity, and (4) monitoring and evaluation.

The included standards [ 18 , 47 , 48 ] were established based on the legal provisions enshrined in the health and other related acts and laws of Kenya as well as the relevant policies and strategies. Hence, it is expected that their implementation will comply with and be backed by those legal provisions. For example, the Health Sector ICT Standards and Guidelines [ 48 ] indicate that its implementation will be supported by the authority from the Kenya Communications Act 2009, E-Government Strategy, and National ICT Policy. Similarly, the Kenya Standards and Guidelines for mHealth Systems [ 18 ] asserts that it will be implemented by complying with existing and relevant national policies, legal frameworks, strategies, and standards, including the Health Information Policy, ICT Standards, and System Interoperability Principles.

The included standards [ 18 , 47 , 48 ] report that the implementation of regulations will require robust coordination mechanisms. For instance, the Health Sector ICT Standards and Guidelines [ 48 ] indicate that, as the Ministry’s ICT resource manager, the principal secretary (also the head of ICT), in collaboration with the ICT Governance Committee, is responsible for coordinating the implementation of the standard. The ICT Governance Committee comprises representatives from the heads of departments and ICT development partners in the health sector. The committee’s responsibilities include overseeing, enforcing, and reviewing standards as well as initiating ICT projects.

The Health Sector ICT Standards and Guidelines [ 48 ] highlight the need for capacity building or training of the MOH staff and stakeholders who are the primary users of the Ministry’s ICT services. This will enhance their capacity to implement the guidelines provided in the document in line with the ministry’s human resource development policies, regulations, and rules. However, it is acknowledged that building capacity for health ICT is a challenge given that there is low adoption of ICT among health providers, and ICT is not routinely included in the course content of most training programs. The Kenya Standards and Guidelines for mHealth Systems [ 18 ] listed the “number of mHealth practitioners trained on the standards and guidelines” as one of the indicators for monitoring and evaluating mHealth interventions.

The Health Sector ICT Standards and Guidelines [ 48 ] assert that monitoring and evaluation is an essential role of the MOH to ensure efficiency, accountability, and transparency throughout the implementation period. It further stresses that all those who use the Ministry’s ICT services are required to adhere to the provisions in the standard as the MOH will carry out quarterly monitoring exercises on the use of the standard to ensure compliance based on clear indicators. Furthermore, the ICT Governance Committee will periodically review and amend the standard to keep it relevant and effective. Similarly, the Kenya Standards and Guidelines for mHealth Systems [ 18 ] establishes the following key indicators for effectively monitoring and evaluating the implementation of the standards and guidelines: (1) the number of counties in which the MOH has disseminated the standards and guidelines, (2) the number of counties successfully implementing the standards and guidelines, (3) the number of mHealth practitioners trained on the standards and guidelines, (4) the number of mHealth practitioners accessing the standards and guidelines, (5) the number of mHealth practitioners who correctly understand the standards and guidelines, (6) the number of stakeholders who adhere to the standards and guidelines, (7) the number of mHealth systems that follow the required development steps, and (8) the number of mHealth practitioners who have implemented their systems by using the standards and guidelines. In addition, the Kenya Standards and Guidelines for mHealth Systems [ 18 ] indicates that the outlined standards will be reviewed every 3 years to ensure they are up to date with new changes including the changes in policies and systems upgrades.

Although all the abovementioned indicators are relevant, the implementation process is not explicit on the approach for regulating health apps and ensuring compliance with regulatory standards and guidance.

Actors: Those the Regulations Are Targeted at

The included standards [ 18 , 47 , 48 ] identified 2 main groups of actors for whom the regulations and guidance were targeted. They included (1) those who provide digital health services and (2) those who use the ICT infrastructure of the MOH.

Two of the standards [ 47 , 48 ] indicated that the regulations should be implemented by all individuals and organizations that provide ICT-related health care services to the public. Similarly, the Health Sector ICT Standards and Guidelines [ 48 ] state that all those who access or use the MOH ICT infrastructure are expected to adhere to the guidelines outlined in the document.

Mapping of Stakeholders

To address the third research question, we conducted a stakeholder mapping guided by the RISA tool [ 41 ].

A total of 11 categories of key stakeholders were identified from all 49 included documents (6 stand-alone regulatory standards and guidance, 35 national policies or strategies, and 8 other related documents). These categories are consistent with the digital health stakeholders recognized by the WHO, ITU, and UNESCO [ 32 , 33 , 43 ]. Table 2 presents the mapping of stakeholders according to their role categorization. A more detailed table with a potential role description with regard to regulating health apps for self-management is presented in Multimedia Appendix 4 .

a WHO: World Health Organization.

This paper presents the findings of a scoping review of regulatory standards and guidance for the use of health apps for self-management in sub-Saharan Africa. To the best of our knowledge, this is the first study that attempted to identify and assess the extent to which regulatory standards and guidance regulate and guide the use of health apps for self-management in sub-Saharan Africa as well as map out the key stakeholders and their potential roles.

Our findings reveal that only 1 country (Kenya) in sub-Saharan Africa currently has national regulatory standards that could potentially regulate the use of health apps for self-management. The included standards failed to adequately address adequate attention to inclusion and equitable access. This is concerning given the growing need to promote the adoption of culturally appropriate and relevant health apps and to ensure that they are available to those who need them regardless of gender, ethnicity, geographical location, or financial status [ 24 - 29 ]. Consequently, this review provides insights into the regulation of health apps for self-management in sub-Saharan Africa, which needs to be given more attention if the potential of these apps is to be harnessed in the region.

Principal Findings

We identified 49 documents from 31 countries in sub-Saharan Africa. Although none of the included standards provided a specific set of regulations on health apps for self-management, we identified 3 standards [ 18 , 47 , 48 ] that provided relevant information regarding the regulation of health apps. The included national policies and strategies, in contrast, only outline the goals and commitments made by national governments to promote the adoption of digital technologies in the health sector and the plans and paths set forth to achieve these goals. However, the information they provided was relevant for identifying and mapping digital health stakeholders who potentially have vital roles in regulating the use of health apps for self-management.

The policy analysis framework (content, context, process, and actors) [ 42 ] was adapted and applied to organize the key findings. The content covered the following areas: guidance on systems quality; guidance on software and app development, acquisition, support, and maintenance; security measures for adequate protection of patients’ digital records; guidance on data exchange; interoperability as a basic requirement; minimum standards to enable integration; involvement and engagement of relevant stakeholders; and system attributes for equitable access to services. Meanwhile, the context was to address unsafe, isolated, and inconsistent implementation; to build mutual trust and maximize the benefits of eHealth information exchange; to address poor coordination, duplication of efforts, and inefficient use of resources; to promote the integration of ICT systems; and to promote inclusion and equitable access to services. The process involved the development process (which covers participatory and consultative processes and multisectoral approach, with reference to international standards and best practices) and the implementation process (which covers legal authority, coordination, capacity building, and monitoring and evaluation). The targeted actors were those who provided digital health services and those who used the ICT infrastructure of the MOH.

Furthermore, key stakeholders with potential roles in regulating health apps for self-management were identified. They include the government, regulatory bodies, funders, intergovernmental and nongovernmental organizations, academia, and the health care community.

Implications of the Study Findings for Practice

Regulatory standards and guidance act as a bridge between technological innovation and its safe and effective use in health care. They ensure that while technology continues to advance, the safety and trust of patients are never compromised. Among the plethora of health apps on the market, the over-the-counter, nonregulated apps such as wellness and fitness apps are the most mainstream [ 93 - 95 ]. On the other side of the spectrum, there are regulated health apps that are classified under medical devices or software as medical device products [ 94 , 95 ]. Some of these are prescription-only apps, such as digital therapeutics (DTx) apps for managing substance dependence [ 95 , 96 ].

Although some high-income countries have made significant strides in ensuring the safety, effectiveness, and accessibility of health apps, the journey has indeed not been without challenges and hurdles. Sub-Saharan Africa, although dealing with its own unique set of challenges, has the opportunity to learn from the experiences of these high-income countries. This could potentially allow the region to bypass some of the hurdles encountered by high-income countries in their journeys.

Technical and clinical safety are essential requirements that health apps must meet before they can be considered for use for self-management to minimize the risk of harm to patients. It is well documented that health apps that function poorly pose a serious threat to the safety of patients. An example illustrating how health apps used for self-management can threaten patient safety is evident in a study [ 12 ]. This study [ 12 ] revealed that widely used health apps designed to calculate and estimate insulin doses could endanger patients by providing incorrect or inappropriate dose recommendations. Similarly, 2 successive studies that assessed the contents and tools of apps for asthma discovered that none of the apps in the first study offered comprehensive information or adequate tools for asthma self-management, whereas the follow-up study, which was conducted 2 years later, showed a 2-fold increase in the number of asthma apps, yet there was no improvement in the content and tools offered by the newer apps. In fact, many apps recommended self-management procedures that were not supported by evidence [ 13 , 14 ]. Accordingly, some health apps that support the self-management of long-term conditions do not adhere to evidence-based guidelines and are unresponsive to the evolving health needs of patients.

Although the context of included regulatory standards with regard to technical and clinical safety was to address unsafe, isolated, and inconsistent implementation, the guidance provided by these regulatory standards is not specific to health apps, and they do not provide appropriate guidance and standards for health organizations and other key stakeholders to establish a framework for managing the clinical risks associated with deploying and implementing self-management health apps. Considering the rapid advancements in digital health (including artificial intelligence [AI] or machine learning and big data), health apps will increasingly play a crucial role in supporting self-management through digitally enabled care pathways that will improve personalized care and health outcomes [ 97 , 98 ]. Therefore, it is imperative to ensure the technical reliability and clinical safety of health apps for self-management through robust regulatory standards and guidance. For instance, a guide on the criteria for health app assessment, developed by the UK government, includes technical stability and clinical safety as criteria for deciding whether health apps should be considered for use in the National Health Service (NHS) [ 99 ]. In addition, medical device apps are required to conform to the NHS clinical risk management standards as part of the clinical safety requirements [ 99 , 100 ]. In the event of any concerns regarding the safety of a medical device app, the Yellow Card reporting system can be used by a responsible clinical safety officer or any other individual to notify the Medicines and Healthcare products Regulatory Agency (MHRA) [ 101 , 102 ].

To adequately manage patient information when health apps are used for self-management, data protection and security standards and guidance are required. They guarantee that data are kept and handled safely and responsibly within the provisions of the law and that patients’ rights and interests are respected.

There have been ongoing concerns about compliance with ethical standards, the principles of confidentiality of information, and data privacy. For example, an assessment of apps that had previously been endorsed by the former UK NHS Apps Library revealed substantial gaps in compliance with data protection principles regarding the collection, storage, and transmission of personal information. This has raised a fundamental concern about the credibility of developer disclosures and whether these disclosures can be trusted by certification programs [ 15 ]. A study assessed the privacy practices of the 36 most popular apps for depression and smoking cessation for Android and iOS in the United States and Australia [ 16 ]. The findings revealed that although only 69% (25/36) of the apps included a privacy policy, 92% (33/36) of the apps shared data with a third party, and only 92% (23/25 with privacy policy) of the apps disclosed sharing data with a third party in their policy. Although 81% (29/36) of the apps shared data with Google and Facebook for the purposes of advertising, marketing, or analytics, only 43% (12/28) of the apps that shared data with Google and 50% (6/12) of the apps that shared data with Facebook disclosed this in their policy [ 16 ].

In this regard, health app developers and providers in the United Kingdom are required to conduct a data protection risk assessment before they launch or update their apps to ensure compliance with the United Kingdom General Data Protection Regulation (GDPR) and other relevant regulations, including the Data Protection Act 2018 [ 103 ]. By conducting a data protection risk assessment, health app developers and providers can demonstrate that they are accountable; they respect the privacy and dignity of their users; and that they deliver safe, effective, and ethical solutions [ 104 ].

Health apps are expected to play an increasingly important role in supporting self-management. However, this ambition can only be achieved if citizens trust that these apps are collecting and analyzing data safely and in accordance with robust regulatory standards and guidance. It is also crucial that these apps provide reliable information that clinicians can act on [ 98 ]. The context of the standards included in this study regarding data protection and security was to build mutual trust and maximize the benefits of eHealth information exchange. Trust is a key factor in the successful adoption and use of health apps, and transparency in data handling and clinical decision-making is essential to build and maintain that trust. This is also paramount for the widespread acceptance and impact of health apps on health care outcomes in sub-Saharan Africa.

We acknowledge the existence of numerous national laws related to data protection and security outside the health sector. Hence, guidelines that link these legislations together must be provided to ensure compliance with all relevant laws and guidance when using patient data. An example of how to achieve this is the United Kingdome’s guide to good practice for digital and data-driven health technologies that provides guidelines on how to abide by the laws and principles that govern data security and protection in the United Kingdom, including the GDPR, Data Protection Act 2018, and Caldicott Principles [ 105 ].

Standards and interoperability are essential for effectively developing, deploying, and implementing health apps to support self-management in sub-Saharan Africa. Interoperability is the ability of different systems, devices, or applications to communicate and exchange data with each other in a coordinated manner, thus providing timely and seamless portable information across organizational, regional, and national boundaries and optimizing both individual and population health [ 106 ]. In the same vein, standards enable interoperability between systems or devices through a common language and a common set of expectations [ 106 ].

Interoperability is crucial in improving the quality, safety, and efficiency of care delivery as well as empowering patients and providers with access to relevant and timely information [ 99 ]. One of the most widely used and accepted interoperability standards for health care data exchange is FHIR [ 106 , 107 ]. FHIR is a global industry standard developed by HL7 International. FHIR is designed to be quick to learn and implement and to support a variety of use cases, including self-management [ 108 ]. By using apps that are based on an FHIR standard, patients can benefit from data analytics that show how their health data relate to their chronic conditions or wellness goals [ 109 ]. They could also access all their health information from one place, even if they visit different health professionals who use different electronic medical records or EHR, thus promoting integrated care [ 28 , 31 , 33 , 109 - 115 ]. As a result, patient care can easily be coordinated.

The context of the included regulatory standards with regard to standards and interoperability was to address poor coordination, duplication of efforts, and inefficient use of resources and to promote the integration of ICT systems. However, in sub-Saharan Africa, there are many challenges and barriers to the adoption and implementation of interoperability standards, such as the lack of awareness or knowledge of the benefits and requirements of interoperability standards among stakeholders; lack of incentives or regulations to encourage or enforce the adoption of interoperability standards by app developers and vendors; lack of resources or capacity to implement interoperability standards, including technical expertise, infrastructure, funding, or governance; and lack of alignment or coordination among the different actors and initiatives involved in developing, deploying, and implementing the digital health interventions [ 30 , 116 - 119 ]. To address these challenges, some possible solutions may include raising awareness and education on the importance and value of interoperability standards for health apps among all relevant actors; developing and implementing policies and guidelines that promote or mandate the use of interoperability standards by app developers and vendors; providing technical assistance and support for app developers and vendors to adopt and implement interoperability standards, such as tools, frameworks, testing, certification, or accreditation; and establishing and strengthening collaboration and coordination among the different stakeholders and initiatives involved in health app development, deployment, and implementation in sub-Saharan Africa. In addition, the Digital Health Platform Handbook, a toolkit developed by the collaborative efforts of the WHO and ITU [ 120 ], can help countries in sub-Saharan Africa to develop and implement digital health platforms as the underlying infrastructure for interoperable and integrated national digital health systems. The digital health platform is a system-wide approach to developing digital health solutions with the aim to overcome the problems of siloed, vertical, and isolated applications and systems that hamper data management, innovation, efficiency, and impact in the health sector.

Inclusion and equitable access are crucial to ensuring that health apps and related services are culturally appropriate and relevant as well as accessible to all who need them, regardless of gender, ethnicity, geographical location, ability, or financial status [ 24 - 29 ]. This is the key to promoting a “sense of belonging” and “ownership” and thus underscoring the importance of stakeholder mapping and involvement or engagement through the development and implementation process [ 22 ].

In this study, the included regulatory standards demonstrate the importance of inclusion by adopting both a participatory and consultative approach involving multiple stakeholders from different sectors. However, the standards do not provide clear guidance to ensure the adequate participation and sustained engagement of all relevant stakeholders. The lack of concise guidance to ensure the adequate participation and engagement of all relevant stakeholders, especially the susceptible and disadvantaged groups, can increase the risk of tokenistic tendencies, which can undermine the cultural appropriateness of health apps [ 25 , 121 ]. Some susceptible groups, such as women and people with low socioeconomic status, may face additional barriers to accessing and using health apps, such as lack of digital literacy, privacy concerns, cultural norms, or stigma [ 25 ]. Similarly, the cost of developing, maintaining, and updating health apps may not be covered by public or private health insurance schemes, which could limit their affordability and availability for low-income or uninsured populations [ 95 ]. However, there is no specific guidance or model for an effective funding mechanism for health apps in the included regulatory standards.

To address these challenges and ensure equitable access to health apps for self-management in sub-Saharan Africa, possible measures may include developing policies and regulations that support integrating health app interventions into existing health systems and financing mechanisms and engaging with stakeholders from different sectors and backgrounds (including health professionals, patients, communities, governments, civil society, academia, and industry) to co-develop and co-implement frameworks or models that promote the use of health apps for self-management in ways that are responsive to the local context and needs. Moreover, establishing regulations that provide appropriate financing or reimbursement options will reduce the risk of developers of good quality health apps turning to data mining for revenue, thus increasing privacy concerns [ 95 ]. For instance, in Germany, the reimbursement of health apps classified as medical devices (Digitale Gesundheitsanwendungen) was introduced in 2021 under the statutory health insurance [ 122 , 123 ]. When a medical device is prescribed by a physician or a physiotherapist, the manufacturer must submit an application to the German Federal Institute for Drugs and Medical Devices (Bundesinstitut für Arzneimittel und Medizinprodukte) for approval [ 123 ]. The Federal Association of the Statutory Health Insurance Funds (Spitzenverband Bund der Krankenkassen) determines and negotiates the reimbursement thresholds following approval. However, the manufacturer must demonstrate that the app is safe, functional, and of good quality; complies with data protection requirements; and benefits patient care [ 123 ].

The process of regulating health apps essentially involves the development and implementation of regulatory standards and guidance. According to our study, the development process comprises a participatory and consultative process, a multisectoral approach, and a reference to international standards and best practices. In contrast, the implementation process is ongoing and requires appropriate legal authority, coordination, capacity building, and monitoring and evaluation.

We recognize that health apps can be accessed and used by patients from different parts of the world, and this means that countries need to carefully consider whether health apps that are accessed and used by their citizens meet the national or regional legal and ethical requirements, including their cultural and linguistic needs [ 23 ]. For countries in sub-Saharan Africa, a cross-border or regional collaboration between national legal authorities through the coordination of agencies such as the African Medicines Regulatory Harmonization (AMRH) may help to ensure that health apps built for the region are safe, effective, and user-friendly for everyone, considering the contextual differences of the countries [ 23 ]. For instance, all medical device companies that want to sell their products in the European market must obtain a Conformité Européenne (CE) mark for their devices, which indicates that they meet the legal requirements and can be freely circulated within the European Union [ 124 ]. Although the European Union member states regulate medical devices, the European Medicines Agency is involved in the regulatory process.

The regulation of health apps is extremely complex and involves a wide range of stakeholders. Therefore, a robust coordination mechanism is essential to reduce the risk of fragmentation and duplication of efforts and to promote the efficient use of resources. Most countries in sub-Saharan Africa have units in health ministries that coordinate and oversee the regulation of medical products. These units should be autonomous, full-fledged departments with legal authority (boards or commissions) to ensure independent, transparent, and accountable decision-making, but this is often not the case [ 125 ]. These units are recognized by the national authorities as regulators (eg, the National Medicines Regulatory Authority [NMRA]) [ 126 ]. Such organizational structures hinder the effectiveness of the national regulatory authorities in fulfilling their mandate and prevent the establishment of quality management systems to ensure transparent and accountable decision-making [ 125 ].

Furthermore, Essén et al [ 23 ] analyzed health app policy or regulation in 9 high-income countries (Sweden, Norway, Denmark, Netherlands, Belgium, Germany, England, the United States, and Singapore) and found that most of these countries adopted centralized approaches to app evaluation. Although centralized approaches might have advantages over self-evaluation, they may create bottlenecks and limit the availability of high-quality health apps for users. As suggested by Essén et al [ 23 ], a decentralized approach, such as the accreditation of evaluation agencies, maybe a worthwhile solution. However, this will require adequate coordination to ensure the consistency and reliability of the evaluation criteria and methods across different agencies as well as the transparency and accountability of the accreditation process. A possible way to achieve this is to adopt a common framework that can guide the evaluation and accreditation of health apps.

Similarly, the postmarket surveillance (PMS) system, which is a new regulation for medical devices in Europe, is a process of collecting and analyzing data on medical devices after they have been launched into the market to ensure their safety and performance and to identify any problems or need for improvements [ 127 , 128 ]. The PMS system is important because premarket data, which are obtained from testing a medical device before it is launched, have limitations in capturing the long-term performance and risks of the device [ 128 ]. Currently, the PMS system does not cover fitness and wellness apps, which are commonly used in self-management. Hence, Yu [ 93 ] proposed that the PMS system should also be applied to DHTs, such as fitness and wellness apps. They argue that the postmarket data would help regulators periodically review and adjust the regulatory standards for these groups of health apps based on their risks and benefits.

Drawing on the experience of the United Kingdom, it can be clearly demonstrated that the regulation of health apps is a complex, a multifaceted, and an evolving process that involves different regulators and criteria depending on the nature and function of the app. For instance, a centralized NHS Apps Library was launched as a beta site in April 2017 to provide patients with a collection of trusted and easy-to-use digital health tools [ 129 ]. The library provided access to a range of health apps that were reviewed and approved by the NHS, including apps that could help patients manage conditions such as diabetes, mental health, and chronic obstructive pulmonary disease [ 130 ]. However, the library was closed in December 2021 [ 131 ]. Although no reason for the closure was provided on the website, it is likely because of persistent concerns regarding the safety of patients and data privacy involving multiple apps including those listed in the library [ 12 , 14 - 16 , 131 , 132 ]. The NHS App was introduced in January 2019 before the closure of the NHS Apps Library to serve as the gateway for accessing NHS services including ordering repeat prescriptions and booking or managing appointments [ 133 ].

Furthermore, the United Kingdom Health Security Agency, formerly known as Public Health England, issued a guidance on criteria for health app assessment in October 2017 [ 99 ]. The purpose of this guidance was to ensure that all health apps built for the UK population work well and provide clear information about their functions, benefits, and intended outcomes for patients and health care professionals. On the basis of this guidance, those intending to build an app are required to conform to certain regulations before being considered for the app assessment process. The 2 main regulations are the medical device regulation and the Care Quality Commission (CQC) registration. Apps that are considered as medical devices must register with the MHRA and have a CE mark. Apps providing health or social care that fit into 1 of 14 regulated activities are required to register with the CQC before they can be assessed [ 134 ]. CQC is an independent regulator of health and social care services in England.

Similarly, the Organisation for the Review of Care and Health Apps (ORCHA) is a UK-based organization that independently evaluates and distributes health apps. It provides services such as app review, accreditation, curation, and recommendation within the United Kingdom and across the world [ 135 ]. ORCHA also enables organizations (including the NHS) to build a decentralized web-based digital health library of consumer-friendly over-the-counter apps [ 135 - 137 ]. These apps are continuously assessed by ORCHA against the standards and regulations in clinical and professional assurance, data quality and privacy, and usability and accessibility [ 137 ].

In addition, the Digital Technology Assessment Criteria (DTAC) were introduced in beta in October 2020, and its first official version was subsequently launched in February 2021 [ 138 ]. The DTAC plays a crucial role in ensuring that digital health tools meet the necessary standards in areas such as clinical safety, data protection, technical security, interoperability, usability, and accessibility. By serving as the national baseline criteria for DHTs in the NHS and social care, it provides a valuable framework for health care organizations during procurement. It also offers guidance for developers on the expectations for their digital technologies within the NHS and social care. This is an example of how a harmonized framework can help ensure the quality and safety of DHTs, including health apps.

In addition, the National Institute for Health and Care Excellence Evidence Standards Framework is a set of evidence standards for a wide range of DHTs designed to help evaluators and decision makers in the health care system to consistently identify DHTs that are likely to offer benefits to the users and the health care system [ 139 ]. The Evidence Standards Framework was first published in March 2019 and is ideally used before DHTs (including health apps) are considered for commissioning or procurement by the NHS [ 140 ]. It is a crucial tool for ensuring that DHTs are clinically effective and offer value to the health and care system in the United Kingdom. In August 2022, the framework was updated to include AI and data-driven technologies with adaptive algorithms [ 140 ].

Furthermore, DTx apps, which are a type of medical device, are not allowed into the UK market unless they comply with the UK GDPR and meet the requirements of DTAC. In addition, they must bear the CE or UK Conformity Assessed marks [ 141 ]. This means that DTx apps must demonstrate their safety and efficacy through clinical trials and comply with the relevant regulations for data protection and quality standards as regulated by the MHRA. DTx products are also recognized as DHTs under the National Institute for Health and Care Excellence Evidence Standards Framework [ 142 ]. DTx incorporates software to treat, prevent, or manage specific diseases or conditions [ 143 , 144 ]. The fact that DTx products typically focus on a narrow clinical indication and generate evidence of clinical efficacy underscores their potential to make a substantial contribution to self-management and health care delivery in general. The increasing recognition of the role of DTx in patient care by regulators is also noteworthy, and the creation of regulatory and reimbursement pathways for approved apps further enables DTx products to continue to play an important role in impacting health care delivery [ 1 , 143 ]. This is a testament to the potential of regulated health apps to revolutionize health care and improve patient outcomes.

Among the many lessons to learn from the experience of the United Kingdom is that the regulation of health apps must evolve to keep pace with advances in DHTs and adapt to the changing needs and demands of digital health. Moreover, efforts are being made to streamline the multifaceted approaches to simplify app regulation and access in the United Kingdom [ 23 ]. Therefore, a robust and dynamic coordination mechanism, along with political will, skilled personnel, reliable funding, and a robust framework for monitoring and evaluating progress and aligning key performance indicators, is essential for countries in sub-Saharan Africa to keep pace with the advancement in the regulation of health apps. There is also a need to strengthen collaboration and ensure regulatory harmonization among national regulatory authorities and continental bodies such as the regional economic communities, AMRH, and the WHO AFRO [ 126 ].

Capacity building and monitoring and evaluation are important factors for ensuring effective regulation of health apps given the complex nature of the process. The regulation of medical products (including health apps) in sub-Saharan Africa generally includes licensing and accreditation, evaluation, inspection, quality control, information dissemination and promotion, and monitoring of adverse events [ 125 ]. Therefore, high-level skills as well as effective monitoring and evaluation will be required to ensure the success of the process. For most countries in sub-Saharan Africa, the NMRA is responsible for coordinating and overseeing the regulatory system of medical products [ 125 , 126 ]. However, in most cases, NMRAs are unable to perform the core regulatory functions expected of them [ 145 ]. More than 90% of African countries have limited or no capacity to regulate medical products, with only 7% having moderately developed capabilities [ 145 ]. The lack of effective NMRAs in Africa exposes the citizens to potential harm by allowing unsafe, low-quality, and fake medical products to circulate and be used [ 145 ].

Although it is the responsibility of governments to establish functional regulatory systems and ensure effective monitoring and evaluation of the regulatory process, the involvement of international and continental organizations to support sub-Saharan African countries improve the regulatory capacity of their national regulatory agencies would be extremely beneficial. For instance, the African Medicines Agency (AMA) was established in November 2019 as a treaty adopted by the African Union Member States to help address the concerns arising from weak regulatory systems on the continent. At present, 37 countries have signed the AMA treaty, including 26 countries that have ratified it [ 146 ]. The main objective of the AMA is to enhance the capacity of States Parties and regional economic communities to regulate medical products to improve the quality, safety, and efficacy of medical products on the continent [ 147 ]. The AMA, in collaboration with other existing capacity building initiatives or organizations, such as the WHO Global Initiative on Digital Health, ITU, AMRH, WHO AFRO, and United Nations Children’s Fund, can assist sub-Saharan African countries in aligning their regulatory requirements with available resources and support them to acquire the necessary tools and skills to build effective and sustainable regulatory systems for health apps. This can be achieved by adopting a decentralized approach to engage a network of technical experts across the African Union similar to the model of the European Medicines Agency [ 148 ].

Actors or Stakeholders

The regulation of health apps often requires working with a wide range of actors or stakeholders. However, in this review, we identified only 2 main actor groups (those who provide digital health services and those who use the ICT infrastructure of the health ministry). These are the groups that are targeted by the included regulatory standards.

From a broader perspective, 12 categories of stakeholders according to their potential role in regulating health apps for the self-management were mapped in this study. The potential contribution of these stakeholders to the regulation of health apps for self-management in sub-Saharan Africa not only depends on their roles and responsibilities but also on their interests, needs, expectations, and influence [ 41 , 149 - 151 ]. Thus, a robust stakeholder analysis is paramount as it can help define the scope of the regulatory process, prioritize the requirements, manage the expectations, and ensure the engagement and participation of stakeholders throughout the regulatory process [ 41 , 152 - 156 ]. Our stakeholder mapping, as presented in Table 2 (refer to Multimedia Appendix 4 for more details), lays the foundation for national governments to conduct a robust stakeholder analysis and to adopt an all-inclusive stakeholder engagement strategy to manage and sustain the engagement and participation of all relevant stakeholders [ 157 , 158 ].

Recommendations

Our review found that the regulation of health apps in sub-Saharan Africa is especially poor and almost nonexistent, as only Kenya has national standards that could address some of the regulatory issues related to health apps. Therefore, we recommend the following actions to help sub-Saharan African countries improve the regulation of health apps to support self-management:

Establish a clear and consistent definition of what constitutes a health app (considering AI or machine learning) and what level of regulation is required for different types of apps.
Develop and implement criteria and guidelines that ensure the quality, safety, and usability of health apps.
Engage with independent app evaluators, such as ORCHA, to adopt a common framework that can guide the evaluation and accreditation of health apps and use the framework to create and maintain decentralized and transparent platforms that showcase and evaluate health apps for users and health care professionals.
Develop and implement policies and regulations that enable sustainable funding for health apps such as integrating the use of health apps for self-management into existing health systems and financing pathways or mechanisms.
Support and facilitate innovation and collaboration across the sub-Saharan Africa region, especially in areas including but not limited to data security and privacy, interoperability standards, usability, accessibility, funding, capacity building, and monitoring and evaluation of the regulatory process.
Manage and sustain the engagement, involvement, and participation of all relevant stakeholders in the regulatory process by conducting a robust stakeholder analysis and adopting an all-inclusive stakeholder engagement strategy.

Strengths and Limitations of the Study

This study has several strengths, which include an extensive search of gray literature and repositories, contact with key individuals, and the use of a systematic approach. Given that regulatory standards and guidance are unavailable in scientific databases, a wide range of gray literature and repositories were searched. In addition, contact was made with key staff members to obtain relevant documents, including those at the MOHs, the WHO country offices, and the WHO AFRO. Second, to enhance the strength of the study, a policy analysis framework was adapted and used to systematically organize the key study findings, whereas a deductive descriptive qualitative content analysis approach was used to identify and analyze texts that contained relevant concepts and other related information based on the 4 predefined themes. Third, the RISA tool was used to guide the mapping of key stakeholders. This has further increased the robustness of the study findings.

The limitations of this study include the fact that our literature search was conducted in English. Although the literature search was conducted in English, it yielded documents written in French and Portuguese from the ICTworks repository. Second, regulatory standards and guidance are not readily available on scientific databases; hence, it is possible that some relevant documents might have been missed. However, efforts were made to obtain these documents by contacting key stakeholders including key contact persons at the WHO AFRO, WHO country offices, and MOHs. In addition, contacting key individuals only for the purposes of requesting documents rather than conducting direct interviews was one of the limitations of this study. Interviewing key contact persons and stakeholders to obtain additional information could have strengthened the review; however, we did not interview any key individuals or stakeholders because it was beyond the scope of this review. Nonetheless, we recommend that future studies consider incorporating interviews to explore the perspectives of key stakeholders.

Conclusions

Health apps are increasingly being used by patients to manage their health, and sub-Saharan African countries can leverage these apps to advance their progress toward achieving SDG 3 (good health and well-being) and UHC, especially given the rapid advancement of AI and big data. However, our study has established that the regulation of health apps in sub-Saharan Africa is inadequate to ensure that health apps are technically reliable and clinically safe; interoperable across systems; compliant with the principles of confidentiality of information and data privacy; culturally appropriate and relevant; and accessible to everyone regardless of gender, ethnicity, location, or income. Therefore, the region can learn from the experiences of some high-income countries such as the United Kingdom and Germany to develop and implement a robust and responsive regulatory system that supports the widespread adoption of safe, effective, and beneficial health apps for its population.

Following the publication of this review, a summary of the findings will be disseminated to the relevant organizations. In addition, the key findings will be summarized and presented at national, regional, and international conferences.

Acknowledgments

The authors would like to thank Rebecca Jones, the Library Manager and Liaison Librarian at Charing Cross Library, who advised and assisted with the search strategy for this study. This work is part of the PhD research of BAB, which is sponsored by the government of Nigeria. AM and JC were supported by the National Institute for Health and Care Research (NIHR) Applied Research Collaboration Northwest London (NIHR200180). The views expressed in this publication are those of the authors and not necessarily those of the government of Nigeria or the NIHR or the Department of Health and Social Care. In the Results and Discussion sections, Microsoft Copilot in Bing [ 159 ] was used to help summarize and modify a few texts as well as suggest some citations.

Data Availability

The search strategy for PubMed, Scopus, and the World Health Organization AIM is presented in Multimedia Appendix 1 . All data generated or analyzed during this study are included in this published article (and its supplementary information files). The documents analyzed are available directly from the relevant institutional websites, ICTworks repository [ 44 ] or upon request from the relevant government departments in each country. Additionally, documents in the list of references that are not accessible on the web can be solicited from the corresponding author on reasonable request.

Authors' Contributions

BAB and JC conceived the study. BAB designed the study with contributions from JC and NM. BAB drafted the manuscript, and JC, NM, AM, SI, KPF, BIH, and NU read and contributed to it. AM was the clinical lead, and JC acted as a guarantor for this study. The final manuscript was read and approved by all the authors.

Conflicts of Interest

None declared.

PRISMA-ScR (Preferred Reporting Items for Systematic Reviews and Meta-Analyses extension for Scoping Reviews) checklist.

Database search strategy.

Details of included documents.

Mapping of the stakeholders according to their potential role in regulating health apps for self-management.

Aitken M, Nass D. Digital health trends 2021: innovation, evidence, regulation, and adoption. IQVIA Institute for Human Data Science. 2021. URL: https://www.iqvia.com/-/media/iqvia/pdfs/institute-reports/digital-health-trends-2021/iqvia-institute-digital-health-trends-2021.pdf?&_=1669449368070 [accessed 2022-11-26]
Mobile app threat landscape report. RiskIQ. 2020. URL: https://www.riskiq.com/2020-mobile-threat-landscape-report-thank-you/ [accessed 2021-07-19]
El-Sappagh S, Ali F, Hendawi A, Jang JH, Kwak KS. A mobile health monitoring-and-treatment system based on integration of the SSN sensor ontology and the HL7 FHIR standard. BMC Med Inform Decis Mak. May 10, 2019;19(1):97. [ FREE Full text ] [ CrossRef ] [ Medline ]
Labrique AB, Vasudevan L, Kochi E, Fabricant R, Mehl G. mHealth innovations as health system strengthening tools: 12 common applications and a visual framework. Glob Health Sci Pract. Aug 06, 2013;1(2):160-171. [ FREE Full text ] [ CrossRef ]
Adepoju IOO, Albersen BJA, De Brouwere V, van Roosmalen J, Zweekhorst M. mHealth for clinical decision-making in sub-Saharan Africa: a scoping review. JMIR Mhealth Uhealth. Mar 23, 2017;5(3):e38. [ FREE Full text ] [ CrossRef ] [ Medline ]
Vegesna A, Tran M, Angelaccio M, Arcona S. Remote patient monitoring via non-invasive digital technologies: a systematic review. Telemed J E Health. Jan 2017;23(1):3-17. [ FREE Full text ] [ CrossRef ] [ Medline ]
Use of appropriate digital technologies for public health: Report by the Director-General. World Health Organization. 2016. URL: https://iris.who.int/handle/10665/274134 [accessed 2023-05-06]
El-Osta A, Rowe C, Majeed A. Developing a shared definition of self-driven healthcare to enhance the current healthcare delivery paradigm. J R Soc Med. Nov 2022;115(11):424-428. [ FREE Full text ] [ CrossRef ] [ Medline ]
Hussein R. A review of realizing the universal health coverage (UHC) goals by 2030: part 2- what is the role of eHealth and technology? J Med Syst. Jul 2015;39(7):72. [ CrossRef ] [ Medline ]
Sustainable development goal 3: Ensure healthy lives and promote well-being for all at all ages. United Nations. URL: https://sdgs.un.org/goals/goal3 [accessed 2023-05-07]
Coronavirus: apps to help the elderly. Organisation for the Review of Care and Health Apps. 2020. URL: https://orchahealth.com/coronavirus-apps-to-help-the-elderly/ [accessed 2021-07-19]
Huckvale K, Adomaviciute S, Prieto JT, Leow MKS, Car J. Smartphone apps for calculating insulin dose: a systematic assessment. BMC Med. May 06, 2015;13:106. [ FREE Full text ] [ CrossRef ] [ Medline ]
Huckvale K, Car M, Morrison C, Car J. Apps for asthma self-management: a systematic assessment of content and tools. BMC Med. Nov 22, 2012;10:144. [ FREE Full text ] [ CrossRef ] [ Medline ]
Huckvale K, Morrison C, Ouyang J, Ghaghda A, Car J. The evolution of mobile apps for asthma: an updated systematic assessment of content and tools. BMC Med. Mar 23, 2015;13:58. [ FREE Full text ] [ CrossRef ] [ Medline ]
Huckvale K, Prieto JT, Tilney M, Benghozi PJ, Car J. Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment. BMC Med. Sep 07, 2015;13:214. [ FREE Full text ] [ CrossRef ] [ Medline ]
Huckvale K, Torous J, Larsen ME. Assessment of the data sharing and privacy practices of smartphone apps for depression and smoking cessation. JAMA Netw Open. Apr 05, 2019;2(4):e192542. [ FREE Full text ] [ CrossRef ] [ Medline ]
Ndlovu K, Mars M, Scott RE. Interoperability frameworks linking mHealth applications to electronic record systems. BMC Health Serv Res. May 13, 2021;21(1):459. [ FREE Full text ] [ CrossRef ] [ Medline ]
Kenya standards and guidelines for mHealth systems. Kenya Ministry of Health. 2017. URL: https://www.health.go.ke/wp-content/uploads/2020/02/Revised-Guidelines-For-Mhealth-Systems-May-Version.pdf [accessed 2023-03-21]
Standard for electronic health record system (EHRs) in Ethiopia. Ethiopia Minister of Health. 2021. URL: https://registry.betterehealth.eu/ehealth-policies/standard-electronic-health-record-system-ehrs-ethiopia [accessed 2023-04-21]
National health normative standards framework for digital health interoperability in South Africa. South Africa Department of Health. 2021. URL: https://www.health.gov.za/wp-content/uploads/2022/10/HNSF_Gazette_21_October_2022.pdf [accessed 2023-05-15]
Ferretti A, Ronchi E, Vayena E. From principles to practice: benchmarking government guidance on health apps. Lancet Digit Health. Jun 2019;1(2):e55-e57. [ FREE Full text ] [ CrossRef ] [ Medline ]
Diao JA, Venkatesh KP, Raza MM, Kvedar JC. Multinational landscape of health app policy: toward regulatory consensus on digital health. NPJ Digit Med. May 11, 2022;5(1):61. [ FREE Full text ] [ CrossRef ] [ Medline ]
Essén A, Stern AD, Haase CB, Car J, Greaves F, Paparova D, et al. Health app policy: international comparison of nine countries' approaches. NPJ Digit Med. Mar 18, 2022;5(1):31. [ FREE Full text ] [ CrossRef ] [ Medline ]
Brown SA, Garcia AA, Kouzekanani K, Hanis CL. Culturally competent diabetes self-management education for Mexican Americans: the Starr County border health initiative. Diabetes Care. Feb 2002;25(2):259-268. [ FREE Full text ] [ CrossRef ] [ Medline ]
Chaney SC, Mechael P. Self-Care Trailblazer Group. 2020. URL: https://media.psi.org/wp-content/uploads/2020/09/31000510/Digital-Self-Care-Final.pdf [accessed 2021-05-20]
Kanzaveli T. Healthcare: shiftingfrom “one size fits all” to “one size fits one”. Medium. 2017. URL: https://tkanzaveli.medium.com/healthcare-shifting-from-one-size-fits-all-to-one-size-fits-one-d56136ded705 [accessed 2022-03-04]
Myth 1 – one app will fit all!. Organisation for the Review of Care and Health Apps. URL: https://orchahealth.com/myth-1-one-app-will-fit-all/ [accessed 2022-03-04]
Aitken M, Lyle J. Patient adoption of mHealth: use, evidence and remaining barriers to mainstream acceptance. IQVIA Institute for Human Data Science. Sep 2015. URL: https://www.iqvia.com/-/media/iqvia/pdfs/institute-reports/patient-adoption-of-mhealth.pdf [accessed 2021-05-21]
Mechael P, Batavia H, Kaonga N. Barriers and gaps affecting mhealth in low and middle income countries: policy white paper. Center for Global Health and Economic Development Earth Institute, Columbia University. 2010. URL: http://www.globalproblems-globalsolutions-files.org/pdfs/mHealth_Barriers_White_Paper.pdf [accessed 2021-03-24]
Bene BA, Ibeneme S, Fadahunsi KP, Harri BI, Ukor N, Mastellos N, et al. Regulatory standards and guidance for the use of health applications for self-management in Africa: scoping review protocol. BMJ Open. Feb 11, 2022;12(2):e058067. [ FREE Full text ] [ CrossRef ] [ Medline ]
Aitken M, Gauntlett C. Patient apps for improved healthcare: from novelty to mainstream. IMS Institute for Healthcare Informatics. 2013. URL: https://ignacioriesgo.es/wp-content/uploads/2014/03/iihi_patient_apps_report_editora_39_2_1.pdf [accessed 2024-03-10]
National eHealth Strategy Toolkit. World Health Organization, International Telecommunication Union. 2012. URL: https://www.itu.int/pub/D-STR-E_HEALTH.05-2012 [accessed 2021-06-28]
Global strategy on digital health 2020-2025. World Health Organization. 2021. URL: https://www.who.int/docs/default-source/documents/gs4dhdaa2a9f352b0445bafbc79ca799dce4d.pdf [accessed 2021-06-23]
Arksey H, O'Malley L. Scoping studies: towards a methodological framework. Int J Soc Res Methodol. Feb 2005;8(1):19-32. [ FREE Full text ] [ CrossRef ]
Anderson S, Allen P, Peckham S, Goodwin N. Asking the right questions: scoping studies in the commissioning of research on the organisation and delivery of health services. Health Res Policy Syst. Jul 09, 2008;6:7. [ FREE Full text ] [ CrossRef ] [ Medline ]
Levac D, Colquhoun H, O'Brien KK. Scoping studies: advancing the methodology. Implement Sci. Sep 20, 2010;5:69. [ FREE Full text ] [ CrossRef ] [ Medline ]
Peters MDJ, Marnie C, Tricco AC, Pollock D, Munn Z, Alexander L, et al. Updated methodological guidance for the conduct of scoping reviews. JBI Evid Synth. Oct 2020;18(10):2119-2126. [ FREE Full text ] [ CrossRef ] [ Medline ]
Tricco AC, Lillie E, Zarin W, O'Brien KK, Colquhoun H, Levac D, et al. PRISMA Extension for Scoping Reviews (PRISMA-ScR): checklist and explanation. Ann Intern Med. Oct 02, 2018;169(7):467-473. [ FREE Full text ] [ CrossRef ] [ Medline ]
Leitner C, Potenziani D. Mendeley reference manager. Mendeley. 2022. URL: https://www.mendeley.com/reference-management/reference-manager [accessed 2022-08-03]
Better systematic review management. Covidence. URL: https://www.covidence.org/ [accessed 2023-02-13]
Franco-Trigo L, Fernandez-Llimos F, Martínez-Martínez F, Benrimoj SI, Sabater-Hernández D. Stakeholder analysis in health innovation planning processes: A systematic scoping review. Health Policy. Oct 2020;124(10):1083-1099. [ FREE Full text ] [ CrossRef ] [ Medline ]
Walt G, Gilson L. Reforming the health sector in developing countries: the central role of policy analysis. Health Policy Plan. Dec 1994;9(4):353-370. [ FREE Full text ] [ CrossRef ] [ Medline ]
Digital health: a call for government leadership and cooperation between ICT and health. Broadband Commission. 2017. URL: https://broadbandcommission.org/wp-content/uploads/2021/09/WGHealth_Report2017-.pdf [accessed 2021-06-28]
Vota W. Every African country’s national eHealth strategy or digital health policy. ICT works. 2019. URL: https://www.ictworks.org/african-national-ehealth-strategy-policy/ [accessed 2023-12-10]
Moher D, Liberati A, Tetzlaff J, Altman DG, PRISMA Group. Preferred reporting items for systematic reviews and meta-analyses: the PRISMA statement. PLoS Med. Jul 21, 2009;6(7):e1000097. [ FREE Full text ] [ CrossRef ] [ Medline ]
Standards and guidelines for electronic medical record systems in Kenya. Kenya Ministry of Medical Services, Kenya Ministry of Public Health and Sanitation. 2010. URL: http://guidelines.health.go.ke:8000/media/Standards_and_Guidelines_for_EMR_Systems.pdf [accessed 2023-04-21]
Kenya standards and guidelines for E-health systems interoperability. Kenya Ministry of Health, AfyaInfo Project. 2014. URL: https://pdf.usaid.gov/pdf_docs/PA00TB2K.pdf [accessed 2023-03-21]
Health sector ICT standards and guidelines. Kenya Ministry of Health. 2013. URL: https://www.medbox.org/pdf/5e148832db60a2044c2d2895 [accessed 2023-03-21]
Health information exchange standard operating procedure (SOP) and guideline. Nigeria Federal Ministry of Health. Jul 2020.
National eHealth strategy 2018-2022. Benin Ministry of Health. 2017.
The eHealth strategy of botswana 2020-2024. Botswana Ministry of Health. URL: https://ehealth.ub.bw/bhdc/Docs/MOH%20ehealth%20Strategy%20Book%20A4.pdf [accessed 2023-04-22]
Health sector digital strategy 2016-2020. Burkina Faso Ministry of Health.
National health informatics development plan of Burundi. Burundi Ministry of Public Health. 2015.
The 2020-2024 national digital health strategic plan. Cameroon Ministry of Public Health. 2020.
National eHealth strategy 2017-2021. Comoros Ministry of Health. 2016.
eHealth strategic plan. Cote d’Ivoire Minister of Health and Public Hygiene. 2011.
National development plan for health informatics. Democratic Republic of Congo Ministry of Public Health. 2014.
Kingdom of Swaziland eHealth strategy 2016 - 2020. Kingdom of Swaziland Ministry Of Health. 2016.
Information revolution strategic plan (2018-2025). Ethiopia Ministry of Health. 2018.
Strategic master plan of the health information system of the Gabon. Gabon Ministry of Public Health and Population. 2017.
National e-Health strategy. Ghana Ministry of Health. 2010.
Kenya national e-Health strategy. Kenya Ministry of Medical Services, Kenya Ministry of Public Health & Sanitation. 2011.
Kenya national eHealth policy 2016-2030. Kenya Ministry of Health. 2016.
National strategy - Liberia - 2016-2021. Liberia Ministry of Health. 2016.
Strategic plan for strengthening the health information system of Madagascar 2018–2022. Madagascar Ministry of Public Health. 2017.
National digital health strategy 2020-2025. Malawi Ministry of Health. 2020.
National eHealth policy in Mali. Mali Ministry of Health and Public Hygiene. 2013.
Health 2015: seamless continuity of care. Mauritius Ministry of Health and Quality of Life. 2015.
Strategic plan of information system for health 2009-2014. Mozambique Ministry of Health. 2009.
National eHealth strategy 2019-2023. Niger Ministry of Public Health. 2018.
National digital health strategy 2021-2025. Nigeria Federal Ministry of Health. 2021.
National digital health policy. Nigeria Federal Ministry of Health. 2021.
National digital health strategic plan 2018-2023. Rwanda Ministry of Health. 2018. URL: https://elearning.helinanet.org/mod/resource/view.php?id=890 [accessed 2023-05-09]
Strategic plan for digital health 2018-2023. Senegal Ministry of Health and Social Action. 2018.
National digital health strategy 2018-2023. Sierra Leone Ministry of Health and Sanitation, Sierra Leone Ministry of Information and Communication. 2018.
The national digital health strategy 2019 – 2024. Tanzania Ministry of Health, Community Development, Gender, Elderly and Children. 2019.
National digital health strategy for South Africa 2019 - 2024. South Africa Department of Health. 2019.
Strategic plan for the development of eHealth in Togo 2013-2015. Togo Ministry of Health. 2012.
Uganda national eHealth policy. Uganda Ministry of Health. 2016.
Uganda national eHealth strategy 2017 - 2021. Uganda Ministry of Health. URL: https://health.go.ug/sites/default/files/National%20e_Health%20Strategy_0.pdf [accessed 2023-05-16]
National eHealth strategy 2017-2021. Zambia Ministry of Health. 2017.
Zimbabwe’s E-Health strategy 2012-2017. Ministry of Health and Child Welfare. 2012.
National eHealth strategy 2021-2025. Namibia Ministry of Health & Social Services. 2021. URL: https://www.scribd.com/document/639371316/eHealth-Strategy-Namibia-2021# [accessed 2023-05-13]
Health sector ICT policy and strategy. Ghana Ministry of Health. 2005. URL: https://www.moh.gov.gh/wp-content/uploads/2016/02/Health-Sector-ICT-Policy-and-Strategy.pdf [accessed 2023-05-08]
Adebola OJ. Beyond national digital health strategy: final report of end term evaluation for the National Health ICT Strategic Framework 2015-2020. Nigeria Federal Ministry of Health. May 2021.
National Health ICT Strategic Framework 2015 - 2020. Nigeria Federal Ministry of Health. 2016. URL: https://www.health.gov.ng/doc/HealthICTStrategicFramework.pdf [accessed 2023-05-16]
Digital health blueprint. Ethiopia Ministry of Health. 2021. URL: http://repository.iifphc.org/bitstream/handle/123456789/1658/Ethiopian-Digital-Health-Blueprint.pdf?sequence=1&isAllowed=y [accessed 2023-05-16]
Kenya health information systems interoperability framework. Kenya Ministry of Health. 2020. URL: https://www.data4sdgs.org/sites/default/files/services_files/Kenya%20Health%20Information%20Systems%20Interoperability%20Framework.pdf [accessed 2023-05-16]
National community health digitization strategy 2020-2025. Kenya Ministry of Health, Division of Community Health Services. 2021. URL: https://www.eahealth.org/sites/www.eahealth.org/files/content/attachments/2021-08-02/eCHIS-Strategy-2020-2025.pdf [accessed 2023-05-16]
Leitner C, Potenziani D. Health information systems interoperability in Liberia. IntraHealth International. 2016. URL: https://elearning.helinanet.org/mod/resource/view.php?id=938 [accessed 2023-05-16]
Narrative for 2022 national digital health annual operational plan (AOP). Nigeria Federal Ministry of Health. 2022.
Tanzania digital health investment road map 2017-2023. Tanzania Ministry of Health, Community Development, Gender, Elderly and Children, President’s Office Regional Administration and Local Government. 2017.
Yu H. Regulation of digital health technologies in the European Union: intended versus actual use. In: Cohen GI, Minssen T, Price II NW, Robertson C, Shachar C, editors. The Future of Medical Device Regulation: Innovation and Protection. Cambridge. Cambridge University Press; Mar 31, 2022;103-114.
Policy for device software functions and mobile medical applications: guidance for industry and Food and Drug Administration staff. U.S. Food and Drug Administration. 2022. URL: https://www.fda.gov/media/80958/download [accessed 2023-10-10]
Gordon WJ, Landman A, Zhang H, Bates DW. Beyond validation: getting health apps into clinical practice. NPJ Digit Med. 2020;3:14. [ FREE Full text ] [ CrossRef ] [ Medline ]
FDA clears mobile medical app to help those with opioid use disorder stay in recovery programs. U.S. Food and Drug Administration. 2018. URL: https://www.fda.gov/news-events/press-announcements/fda-clears-mobile-medical-app-help-those-opioid-use-disorder-stay-recovery-programs [accessed 2021-01-27]
Digital maturity model: achieving digital maturity to drive growth. Deloitte. 2018. URL: https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Technology-Media-Telecommunications/deloitte-digital-maturity-model.pdf [accessed 2021-10-20]
May E. How digital health apps are empowering patients. Deloitte. 2021. URL: https://www2.deloitte.com/us/en/blog/health-care-blog/2021/how-digital-health-apps-are-empowering-patients.html [accessed 2023-10-06]
Guidance: criteria for health app assessment. Public Health England. 2017. URL: https://www.gov.uk/government/publications/health-app-assessment-criteria/criteria-for-health-app-assessment [accessed 2023-10-16]
Clinical risk management standards. National Health Service Digital. 2020. URL: https://digital.nhs.uk/services/clinical-safety/clinical-risk-management-standards [accessed 2023-10-28]
Report a problem with a medicine or medical device. Gov.uk. URL: https://www.gov.uk/report-problem-medicine-medical-device [accessed 2023-11-07]
Digital technology assessment criteria for health and social care (DTAC) - Version 1.0. National Health Service X. 2021. URL: https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Ftransform.england.nhs.uk%2Fmedia%2Fdocuments%2FDTAC_version_1.0_FINAL_updated_16.04.odt&wdOrigin=BROWSELINK [accessed 2023-11-07]
Data protection impact assessment: NHS login - formerly Citizen Identity. National Health Service Digital. 2022. URL: https://digital.nhs.uk/services/nhs-login/data-protection-impact-assessment [accessed 2023-11-07]
Risks and data protection impact assessments (DPIAs). Information Commissioner’s Office. URL: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/risks-and-data-protection-impact-assessments-dpias/ [accessed 2023-11-07]
A guide to good practice for digital and data-driven health technologies. Department of Health and Social Care. 2021. URL: https://www.gov.uk/government/publications/code-of-conduct-for-data-driven-health-and-care-technology/initial-code-of-conduct-for-data-driven-health-and-care-technology [accessed 2023-10-30]
Interoperability in healthcare. Healthcare Information and Management Systems Society (HIMSS). 2023. URL: https://www.himss.org/resources/interoperability-healthcare [accessed 2023-10-17]
DAPB4020: UK core Fast Healthcare Interoperability Resources (FHIR) release 4 (R4) governance. National Health Service Digital. 2022. URL: https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections/dapb4020-uk-core-fhir-r4-governance [accessed 2023-10-17]
Fast Healthcare Interoperability Resources (FHIR). National Health Service Digital. 2022. URL: https://digital.nhs.uk/services/fhir-apis [accessed 2023-10-17]
FHIR Interoperability Basics: 4 things to know. Health IT Analytics. 2022. URL: https://healthitanalytics.com/news/4-basics-to-know-about-the-role-of-fhir-in-interoperability [accessed 2023-11-07]
Giordanengo A, Bradway M, Pedersen R, Grøttland A, Hartvigsen G, Årsand E. Integrating data from apps, wearables and personal electronic health record (pEHR) systems with clinicians’ electronic health records (EHR) systems. Int J Integr Care. Nov 09, 2016;16(5):16. [ FREE Full text ] [ CrossRef ]
A plan for digital health and social care. Department of Health & Social Care. 2022. URL: https://www.gov.uk/government/publications/a-plan-for-digital-health-and-social-care/a-plan-for-digital-health-and-social-care [accessed 2022-12-01]
Ryu B, Kim N, Heo E, Yoo S, Lee K, Hwang H, et al. Impact of an electronic health record-integrated personal health record on patient participation in health care: development and randomized controlled trial of MyHealthKeeper. J Med Internet Res. Dec 07, 2017;19(12):e401. [ FREE Full text ] [ CrossRef ] [ Medline ]
Winter A, Takabayashi K, Jahn F, Kimura E, Engelbrecht R, Haux R, et al. Quality requirements for electronic health record systems*. A Japanese-German information management perspective. Methods Inf Med. Aug 07, 2017;56(7):e92-e104. [ FREE Full text ] [ CrossRef ] [ Medline ]
Wachter RM. Making IT work: harnessing the power of health information technology to improve care in England. National Advisory Group on Health Information Technology. 2016. URL: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/550866/Wachter_Review_Accessible.pdf [accessed 2021-07-22]
Framework on integrated people-centred health services (IPCHS). World Health Organisation. 2023. URL: https://www.who.int/teams/integrated-health-services/clinical-services-and-systems/service-organizations-and-integration [accessed 2023-06-05]
Ibeneme S, Karamagi H, Muneene D, Goswami K, Chisaka N, Okeibunor J. Strengthening health systems using innovative digital health technologies in Africa. Front Digit Health. 2022;4:854339. [ FREE Full text ] [ CrossRef ] [ Medline ]
Ibeneme S, Ukor N, Ongom M, Dasa T, Muneene D, Okeibunor J. Strengthening capacities among digital health leaders for the development and implementation of national digital health programs in Nigeria. BMC Proc. 2020;14(Suppl 10):9. [ FREE Full text ] [ CrossRef ] [ Medline ]
Delivering safe digital health. Organisation for the Review of Care and Health Apps. URL: https://orchahealth.com/ [accessed 2023-10-22]
Mamuye AL, Yilma TM, Abdulwahab A, Broomhead S, Zondo P, Kyeng M, et al. Health information exchange policy and standards for digital health systems in Africa: a systematic review. PLOS Digit Health. Oct 2022;1(10):e0000118. [ FREE Full text ] [ CrossRef ] [ Medline ]
Digital health platform handbook: Building a digital information infrastructure (infostructure) for health. World Health Organization, International Telecommunication Union. 2022. URL: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-E_HEALTH.10-2020-PDF-E.pdf [accessed 2021-05-22]
Framework for involving patients in patient safety 2021. National Health Service England. 2021. URL: https://www.england.nhs.uk/patient-safety/framework-for-involving-patients-in-patient-safety/ [accessed 2023-03-23]
Olesch A. Towards harmonised EU landscape for digital health: summary of the roundtable discussions in selected EIT Health InnoStars countries. EIT Health InnoStars. Jan 2023. URL: https://eithealth.eu/wp-content/uploads/2023/02/EIT_Health_DiGA_report_Jan2023.pdf [accessed 2023-10-10]
Grieb J, Tschammler D, Färber C, Woitz S. Digital health laws and regulations germany. Global Legal Group. 2023. URL: https://iclg.com/practice-areas/digital-health-laws-and-regulations/germany [accessed 2023-11-03]
Human regulatory: medical devices. European Medicines Agency. URL: https://www.ema.europa.eu/en/human-regulatory/overview/medical-devices [accessed 2023-10-12]
Strengthening the capacity for regulation of medical products in the African region. World Health Organization Regional Office for Africa. 2013. URL: https://iris.who.int/bitstream/handle/10665/94308/AFR_RC63_7.pdf?sequence=1 [accessed 2023-10-17]
Ncube BM, Dube A, Ward K. Establishment of the African Medicines Agency: progress, challenges and regulatory readiness. J Pharm Policy Pract. Mar 08, 2021;14(1):29. [ FREE Full text ] [ CrossRef ] [ Medline ]
Post market surveillance system. European Union Medical Device Regulation. 2023. URL: https://eumdr.com/post-market-surveillance-system/ [accessed 2023-10-31]
Dayal R. Effective post-market surveillance for medical devices: An essential part of medical devices regulation (MDR). Capgemini. 2020. URL: https://www.capgemini.com/insights/expert-perspectives/effective-post-market-surveillance-for-medical-devices-an-essential-part-of-mdr/ [accessed 2023-10-31]
NHS app library reaches 70 apps in honour of the NHS birthday. Northampton General Hospital NHS Trust. 2018. URL: https://www.northamptongeneral.nhs.uk/News/News-Archive/2018/NHS-App-Library-reaches-70-apps-in-honour-of-the-NHS-birthday.aspx [accessed 2023-09-21]
Developers invited to add to NHS apps library. National Health Service Digital. 2018. URL: https://digital.nhs.uk/news/2018/developers-invited-to-add-to-nhs-apps-library [accessed 2023-09-22]
The NHS apps library has closed. National Health Service Digital. 2021. URL: https://digital.nhs.uk/services/nhs-apps-library#:~:text=The%20NHS%20Apps%20Library%20was%20decommissioned%20in%20December%202021.&text=Further%20information%20can%20be%20found%20on%20the%20NHS.UK%20website [accessed 2023-09-22]
Larsen ME, Huckvale K, Nicholas J, Torous J, Birrell L, Li E, et al. Using science to sell apps: evaluation of mental health app store quality claims. NPJ Digit Med. 2019;2:18. [ FREE Full text ] [ CrossRef ] [ Medline ]
About the NHS app. National Health Service. Dec 4, 2023. URL: https://www.nhs.uk/nhs-app/about-the-nhs-app/ [accessed 2023-09-22]
Scope of registration: regulated activities. Care Quality Commission. 2022. URL: https://www.cqc.org.uk/guidance-providers/scope-registration-regulated-activities [accessed 2023-11-05]
Distributing great apps into health and care services across the world. Organisation for the Review of Care and Health Apps. 2020. URL: https://orchahealth.com/wp-content/uploads/2020/12/Health-and-Care-1.pdf [accessed 2023-10-09]
Our founder, our story and our values: we exist to make digital health healthy. Organisation for the Review of Care and Health Apps. URL: https://orchahealth.com/about-us/ [accessed 2023-10-09]
Health app library: empower your community with safe access to health apps and digital health products. Organisation for the Review of Care and Health Apps. URL: https://orchahealth.com/our-products/health-app-library/#:~:text=A%20Health%20App%20Library%20is,on%20the%20Health%20App%20Library [accessed 2023-10-09]
Digital technology assessment criteria (DTAC). National Health Service X. URL: https://www.nhsx.nhs.uk/key-tools-and-info/digital-technology-assessment-criteria-dtac/ [accessed 2023-10-09]
Evidence standards framework (ESF) for digital health technologies. National Institute for Health and Care Excellence. 2023. URL: https://www.nice.org.uk/about/what-we-do/our-programmes/evidence-standards-framework-for-digital-health-technologies [accessed 2023-10-08]
Tsang L, Kerr-Peterson H. UK NICE updates its evidence standards framework for data-driven digital health technologies. Ropes & Gray. 2022. URL: https://www.ropesgray.com/en/insights/alerts/2022/10/uk-nice-updates-its-evidence-standards-framework-for-data-driven-digital-health-technologies [accessed 2023-10-09]
Guidance: medical device stand-alone software including apps (including IVDMDs). Medicines and healthcare products regulatory agency. 2023. URL: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1168485/Medical_device_stand-alone_software_including_apps__including_IVDMDs_.pdf [accessed 2023-10-09]
Digital therapeutics in the United Kingdom. Digital Therapeutics Alliance. 2021. URL: https://dtxalliance.org/wp-content/uploads/2021/06/DTA_DTx-Overview_UK.pdf [accessed 2023-10-09]
Transforming global healthcare by advancing digital therapeutics. Digital Therapeutics Alliance. 2023. URL: https://dtxalliance.org/ [accessed 2023-10-10]
International Organization for Standardization (ISO) digital therapeutic definition. Digital Therapeutic Alliance. Jun 2023. URL: https://dtxalliance.org/wp-content/uploads/2023/06/DTA_FS_ISO-Definition.pdf [accessed 2023-10-09]
Ndomondo-Sigonda M, Miot J, Naidoo S, Dodoo A, Kaale E. Medicines regulation in Africa: current state and opportunities. Pharmaceut Med. 2017;31(6):383-397. [ FREE Full text ] [ CrossRef ] [ Medline ]
Chinele J. East Africa shows solid support for African Medicines Agency treaty. Health Policy Watch. Aug 16, 2023. URL: https://healthpolicy-watch.news/east-africa-shows-solid-support-for-african-medicines-agency-treaty/ [accessed 2023-10-09]
Treaty for the establishment of the African Medicines Agency 2019. African Union. 2019. URL: https://au.int/sites/default/files/treaties/36892-treaty-0069_-_ama_treaty_e.pdf [accessed 2023-10-17]
European Medicines Agency: about us. European Medicines Agency. Mar 1, 2023. URL: https://www.ema.europa.eu/en/documents/other/about-us-european-medicines-agency-ema_en.pdf [accessed 2023-10-18]
Bryson JM. What to do when stakeholders matter. Public Adm Rev. Mar 2004;6(1):21-53. [ FREE Full text ] [ CrossRef ]
Iyawa G, Herselman M, Botha A. Potential stakeholders and perceived benefits of a digital health innovation ecosystem for the Namibian context. Procedia Computer Science. 2017;121:431-438. [ CrossRef ]
Ferretti V. From stakeholders analysis to cognitive mapping and multi-attribute value theory: an integrated approach for policy support. European Journal of Operational Research. Sep 2016;253(2):524-541. [ CrossRef ]
Brugha R, Varvasovszky Z. Stakeholder analysis: a review. Health Policy Plan. Sep 2000;15(3):239-246. [ CrossRef ] [ Medline ]
Schmeer K. Guidelines for conducting a stakeholder analysis 1999. Partnerships for Health Reform, Abt Associates. 1999. URL: https://www.ktecop.ca/wordpress/wp-content/uploads/guidelines-stakeholder-analysis-PHR-1999.pdf [accessed 2023-10-17]
Gilmour J, Beilin R. Stakeholder mapping for effective risk assessment and communication. Australian Centre of Excellence for Risk Analysis, University of Melbourne. Apr 2007. URL: https://cebra.unimelb.edu.au/__data/assets/pdf_file/0006/2220990/gilmour0609.pdf [accessed 2023-10-17]
Quality, service improvement and redesign tools: stakeholder analysis. National Health Service England, National Health Service Improvement. 2022. URL: https://www.england.nhs.uk/wp-content/uploads/2022/02/qsir-stakeholder-analysis.pdf [accessed 2023-10-20]
Craven MP, Lang AR, Martin JL. Developing mHealth apps with researchers: multi-stakeholder design considerations. Springer; 2014. Presented at: Third International Conference, DUXU 2014, held as a part of HCI International; June 22-27, 2014;15-24; Heraklion, Greece. URL: https://doi.org/10.1007/978-3-319-07635-5_2 [ CrossRef ]
How to encourage stakeholder participation. SustaiNet Software International. URL: https://sustainet.com/how-to-encourage-stakeholder-participation/ [accessed 2023-10-20]
Stakeholder engagement. Organisation for Economic Cooperation and Development. URL: https://www.oecd.org/governance/better-international-rulemaking/compendium/keyprinciples/stakeholderengagement.htm [accessed 2023-10-20]
Microsoft Copilot in Bing. Microsoft. URL: https://www.bing.com/chat?form=NTPCHB [accessed 2023-03-15]

Abbreviations

Edited by A Mavragani; submitted 19.05.23; peer-reviewed by N O'Brien, A Essén; comments to author 07.09.23; revised version received 08.12.23; accepted 23.02.24; published 11.04.24.

©Benard Ayaka Bene, Sunny Ibeneme, Kayode Philip Fadahunsi, Bala Isa Harri, Nkiruka Ukor, Nikolaos Mastellos, Azeem Majeed, Josip Car. Originally published in the Journal of Medical Internet Research (https://www.jmir.org), 11.04.2024.

This is an open-access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in the Journal of Medical Internet Research, is properly cited. The complete bibliographic information, a link to the original publication on https://www.jmir.org/, as well as this copyright and license information must be included.

RSC Advances

Role of transition metals in coinage metal nanoclusters for the remediation of toxic dyes in aqueous systems.

* Corresponding authors

a Department of Chemistry, Manipal University Jaipur, Dehmi Kalan, Jaipur 303007, India E-mail: [email protected]

A difficult issue in chemistry and materials science is to create metal compounds with well-defined components. Metal nanoclusters, particularly those of coinage groups (Cu, Ag, and Au), have received considerable research interest in recent years owing to the availability of atomic-level precision via joint experimental and theoretical methods, thus revealing the mechanisms in diverse nano-catalysts and functional materials. The textile sector significantly contributes to wastewater containing pollutants such as dyes and chemical substances. Textile and fabric manufacturing account for about 7 × 10 5 tons of wastewater annually. Approximately one thousand tons of dyes used in textile processing and finishing has been recorded as being discharged into natural streams and water bodies. Owing to the widespread environmental concerns, research has been conducted to develop absorbents that are capable of removing contaminants and heavy metals from water bodies using low-cost technology. Considering this idea, we reviewed coinage metal nanoclusters for azo and cationic dye degradation. Fluorometric and colorimetric techniques are used for dye degradation using coinage metal nanoclusters. Few reports are available on dye degradation using silver nanoclusters; and some of them are discussed in detailed herein to demonstrate the synergistic effect of gold and silver in dye degradation. Mostly, the Rhodamine B dye is degraded using coinage metals. Silver nanoclusters take less time for degradation than gold and copper nanoclusters. Mostly, H 2 O 2 is used for degradation in gold nanoclusters. Still, all coinage metal nanoclusters have been used for the degradation due to suitable HOMO–LUMO gap, and the adsorption of a dye onto the surface of the catalyst results in the exchange of electrons and holes, which leads to the oxidation and reduction of the adsorbed dye molecule. Compared to other coinage metal nanoclusters, Ag/g-C 3 N 4 nanoclusters displayed an excellent degradation rate constant with the dye Rhodamine B (0.0332 min −1 ). The behavior of doping transition metals in coinage metal nanoclusters is also reviewed herein. In addition, we discuss the mechanistic grounds for degradation, the fate of metal nanoclusters, anti-bacterial activity of nanoclusters, toxicity of dyes, and sensing of dyes.

Graphical abstract: Role of transition metals in coinage metal nanoclusters for the remediation of toxic dyes in aqueous systems

Article information

Download Citation

Permissions.

P. Sharma, M. Ganguly and M. Sahu, RSC Adv. , 2024, 14 , 11411 DOI: 10.1039/D4RA00931B

This article is licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported Licence . You can use material from this article in other publications, without requesting further permission from the RSC, provided that the correct acknowledgement is given and it is not used for commercial purposes.

To request permission to reproduce material from this article in a commercial publication , please go to the Copyright Clearance Center request page .

If you are an author contributing to an RSC publication, you do not need to request permission provided correct acknowledgement is given.

If you are the author of this article, you do not need to request permission to reproduce figures and diagrams provided correct acknowledgement is given. If you want to reproduce the whole article in a third-party commercial publication (excluding your thesis/dissertation for which permission is not required) please go to the Copyright Clearance Center request page .

Read more about how to correctly acknowledge RSC content .

Social activity

Search articles by author, advertisements.

IMAGES

(PDF) Achieving Sustainability with Artificial Intelligence-A Survey of
(PDF) Choosing appropriate information systems research methodologies
Information systems research framework (Source: [25] )
Information Systems Research Framework (Hevner et al. 2004)
(PDF) Information Systems Journal Special Issue on: Activity Theory in
(PDF) Information systems research in the media industry

VIDEO

Information Systems, Organisations and Strategy Part 1
Information technology, information systems and software engineering
INFORMATION SYSTEMS IN BUSINESS FUNCTIONS
Ch2 Computer Science and Information Systems Research Projects
The Role of Information Systems in Transforming Learning in Schools || telkom university
Information systems vs Information technology

COMMENTS

Information Systems Research
The 2022 Information Systems Research journal award winners have been announced! The full list is available here. Congratulations to all of the winners! Call for Papers ISR has issued a call for papers for a special issue on Analytical Creativity. ScholarOne will be open to submissions beginning on January 2, 2024.
Information Systems Research
Information Systems Research (ISR) is a leading peer-reviewed, international journal focusing on theory, research, and intellectual development for information systems in organizations, institutions, the economy, and society. It is dedicated to furthering knowledge in the application of information technologies to human organizations and their management and, more broadly, to improving ...
Current Issue
Interorganizational Systems and Supply Chain Agility in Uncertain Environments: The Mediation Role of Supply Chain Collaboration Jingmei Zhou , Ting Xu , Yuchi Chiao , Yulin Fang Pages: 184-202
Information Systems Journal
Information Systems Journal is an international information technology journal publishing a broad range of impactful information systems (IS) research. ISJ publishes papers addressing the challenges and opportunities in making information systems a positive contribution to practice, policy, and society more broadly.
Articles in Advance
Longitudinal Impact of Preference Biases on Recommender Systems' Performance Meizi Zhou , Jingjing Zhang , Gediminas Adomavicius Published Online: November 21, 2023
Information Systems
Databases: Their Creation, Management and Utilization. Information systems are the software and hardware systems that support data-intensive applications. The journal Information Systems publishes articles concerning the design and implementation of languages, data models, process models, algorithms, software and hardware for information systems.
Keeping pace with the digital age: Envisioning information systems
The research platform we envision for the information systems research field is shown in Figure 1. In this view, instead of focusing on theoretical contributions, IS research as a platform is built around our competencies to collect, organize, and analyze (digital trace) data to capture the dynamics of socio-technical phenomena. ...
Review Article Artificial intelligence in information systems research
AI has received increased attention from the information systems (IS) research community in recent years. There is, however, a growing concern that research on AI could experience a lack of cumulative building of knowledge, which has overshadowed IS research previously. This study addresses this concern, by conducting a systematic literature ...
The role of information systems research in shaping the future of
Department of Accounting and Information Systems, Pamplin College of Business, Virginia Tech University, 880 West Campus Dr., Suite 3007, Blacksburg, VA, 24061-0101 USA. ... Much of the research on information privacy has focused on individuals (although there have also been several studies of organizational privacy policies when the Web and e ...
Information Systems Journal
The Information Systems Journal (ISJ) is an international journal promoting the study of, and interest in, information systems. Articles are welcome on research, practice, experience, current issues and debates. The ISJ encourages submissions that reflect the wide and interdisciplinary nature of the subject and articles that integrate technological disciplines with social, contextual and ...
Information systems as a nexus of information technology systems: A new
Mala Kaul is an Associate Professor of Information Systems and the Director of Business Analytics in the College of Business at the University of Nevada, Reno. She received her Ph.D. from the Robinson College of Business at Georgia State University. Her research focuses on the design and application of emergent technology, cybersecurity, health information technology, and the foundations of ...
The importance of theory at the Information Systems Journal
Information Systems Journal is an international information technology journal publishing a broad range of impactful information systems (IS) research. ... Although we do not expect that every research article will result in the creation of a new theory, we do expect a carefully articulated theoretical contribution toward understanding or ...
Home
Information Systems Frontiers examines the interface of information systems and information technology from analytical, behavioral, and technological perspectives.. Provides a common forum for industrial developments and pioneering academic research. Draws from fields such as computer science, telecommunications, operations research, economics, and cognitive sciences.
Information Systems
Modelling the quality of life goals of people living with dementia. James Lockerbie, Neil Maiden. Article 101578. View PDF. Article preview. Read the latest articles of Information Systems at ScienceDirect.com, Elsevier's leading platform of peer-reviewed scholarly literature.
Artificial Intelligence (AI) and Information Systems: Perspectives to
The guest editors would like to express our appreciation to Professor Ram Ramesh and Professor Raghav Rao, Editors-in-Chief of Information Systems Frontiers, for their support and guidance from the initial proposal to the production of this special issue.We also want to thank the contributing authors for their contributions to the accumulative building of knowledge on AI in a digitised society.
Influencing information systems practice: The action principles
The article offers a way of doing research on the applied side of information systems that is timely, does justice to the phenomena under investigation, and provides insights for multiple parties. Get full access to this article
Submission Guidelines
Information Systems Research (ISR) welcomes three types of submissions, as outlined in this section. Research Articles. Research Articles are full-length papers that seek to theoretically and/or empirically examine significant information systems phenomena. Appropriate submissions should offer a contribution that is sufficiently original and ...
Full article: Clinical research from information systems practice
An information systems clinical research framework. We define Information Systems Clinical Research as a research genre that generates knowledge from, and establishes the effectiveness of, practitioner-researcher interventions in achieving desired outcomes in information systems development, use, and management practice contexts. 1. 2.1.
Transforming Clinical Information Systems: Empowering Healthcare
Objective: In this synopsis, the editors of the Clinical Information Systems (CIS) section of the IMIA Yearbook of Medical Informatics overview recent research and propose a selection of best papers published in 2022 in the CIS field.. Methods: The editors follow a systematic approach to gather relevant articles and select the best papers for the section.
Viewpoint: Information systems research strategy
This article 1, 2 has two aligned aims: (i) to espouse the value of a strategic research orientation for the Information Systems Discipline; and (ii) to facilitate such a strategic orientation by recognising the value of programmatic research and promoting the publication of such work. It commences from the viewpoint that Information Systems (IS) research benefits from being strategic at every ...
Values and Ethics in Information Systems
Values and Ethics in Information Systems. A State-of-the-Art Analysis and Avenues for Future Research. Discussion; Published: 18 February 2022 Volume 64, pages 247-264, (2022) ; Cite this article
Information Security Behavior in Health Information Systems: A Review
2.1. Eligibility Criteria. We determined four inclusion criteria (IC) for this study, as follows: (IC1) original scientific articles, including research articles, conference papers, and systematic reviews; (IC2) full-text articles available and written in English; (IC3) the research examines factors that influence information security behavior; (IC4) the research investigates health ...
Research Spotlights
A new study in Information Systems Research explores an alternative approach by asking users to register with the website at the beginning of their shopping journey (i.e., ex ante registration request). The authors of the study show that the ex ante request leads to an increased probability of user registration.
Journal of Medical Internet Research
Background: Health apps are increasingly recognized as crucial tools for enhancing health care delivery. Many countries, particularly those in sub-Saharan Africa, can substantially benefit from using health apps to support self-management and thus help to achieve universal health coverage and the third sustainable development goal. However, most health apps published in app stores are of ...
Information Systems Research
Editorial Statement Information Systems Research (ISR) is an author-friendly peer-reviewed journal that seeks to publish the best research in the information systems discipline.Its mission is to advance knowledge about the effective and efficient utilization of information technology by individuals, groups, organizations, society, and nations for the improvement of economic and social welfare.
Research on decoupled transfer path analysis method and its application
Mashayekhi MJ, Behdinan K (2017) Analytical transmissibility based transfer path analysis for multi-energy-domain systems using four-pole parameter theory. Mechanical Systems and Signal Processing 95: 122-137.
Tastant-receptor interactions: insights from the fruit fly
Across species, taste provides important chemical information about potential food sources and the surrounding environment. As details about the chemicals and receptors responsible for gustation are discovered, a complex view of the taste system is emerging with significant contributions from research using the fruit fly, Drosophila melanogaster, as a model organism. In this brief review, we ...
Role of transition metals in coinage metal nanoclusters for the
A difficult issue in chemistry and materials science is to create metal compounds with well-defined components. Metal nanoclusters, particularly those of coinage groups (Cu, Ag, and Au), have received considerable research interest in recent years owing to the availability of atomic-level precision via joint experimental and theoretical methods, thus revealing the mechanisms in diverse nano ...
Angewandte Chemie International Edition
Angewandte Chemie International Edition is one of the prime chemistry journals in the world, publishing research articles, highlights, communications and reviews across all areas of chemistry. Self-charging power systems are considered as promising alternatives for off-grid energy devices to provide sustained electricity supply.