Information security and confidentiality in health chatbots: A scoping review and development of a conceptual model

Abstract

Objectives

The present study aims to identify the key challenges related to information security and confidentiality in health chatbots, extract relevant solutions, and propose a conceptual model to ensure secure and confidential data management within such systems.

Methods

To achieve the study's objectives, a scoping review was conducted. This phase focused on identifying reported challenges and proposed solutions in prior studies regarding information security and confidentiality in health chatbots. In this context, we selected English-language articles in international journals and conferences related to information security and confidentiality in health chatbots. After that, relevant international frameworks, studies, and guidelines on information security, confidentiality, and privacy were systematically reviewed and analyzed and then, a conceptual model was created which was further developed and refined through validation by a panel of experts.

Results

Out of 1233 articles screened, 16 met the inclusion criteria. Recurring challenges in health chatbots, such as breaches of privacy, no transparency, incomplete consent, technical issues in data handling, lack of legal frameworks, and emerging threats, were identified in the results. The literature suggested measures like encryption, risk management, access control, standardization, and regular evaluations. Based on international frameworks, a comprehensive conceptual model with four key dimensions was developed, integrating software, hardware, and middleware layers to improve data security and confidentiality.

Conclusion

These findings can benefit users, health practitioners, the regulatory authorities, and chatbot developers who want to increase the safety and credibility of health chatbot systems.

Keywords

Chatbot conversational agent healthcare information security data confidentiality

Introduction

Recognizing intelligent systems and artificial intelligence (AI) as foundational elements of contemporary services and applications is widely used as a means of supporting individuals in their various activities.¹ An area with immense growth potential is the use of AI technology in chatbot development. A conversational agent, or chatbot, is a program that engages users in conversation by emulating a person's speech through AI technologies like natural language processing and machine learning. All kinds of businesses such as those in e-commerce, healthcare, and finance, as well as education, benefit greatly from the efficiency and ease that these bots provide.² Interactions with a human to a chatbot can occur in a voice, text, or a mix of both. The systems try understanding a user's queries and respond in an expected manner. At their core, chatbots are essentially input-output systems programmed to provide output, either text or speech, in a natural and user-friendly manner. Because of this, chatbots are seen by many businesses as effective tools to improve customer service and interrelations. From the perspective of the businesses, the primary benefit of chatbots is cost reduction. As repetitive processes are automated, employees can concentrate on more complicated, value-generating tasks.³

The use of artificial intelligence (AI) in medicine and healthcare is one of the most active and practical fields. In medicine, the adoption of technologies is expanding AI in medicine. Among these technologies, chatbots (or conversational agents) have been increasing employed to provide supportive healthcare services.⁴ There are several health-related areas where the use of chatbots.^5,6 Chatbots in healthcare can provide information on symptoms and management, schedule appointments, and provide reminders of medications. Another use involves chatbots in behavior modification for the patients to adopt a healthy lifestyle or chronic condition management.⁷ In terms of healthcare, chatbots designed to provide optimal support in appropriate, timely situations and social contexts can help modify behavior, e.g., smoking cessation, chronic condition monitoring, and proactive care assistance^5,6 Due to the high price and scarce availability of healthcare services, more and more people seek medical treatment on websites and smartphone applications. AI-powered chatbots are increasingly being adopted on these platforms. Often these chatbots use large language models (LLMs), which are the next generation of internet searches. The availability of these tools has further renewed the interest concerning the employment of AI technology in healthcare. Through the elimination of simple and repetitive works, conversational agents can alleviate physician burnout and enhance efficiency.⁸

On the converse, to access the advantages of health chatbots, users need to sign up and give their information, which includes sensitive health information. As a result, the increasing popularity and usage of health chatbot applications has exacerbated their security and privacy concerns.⁹ As noted before, every conversational agent is intended to minimize human contact. There is literature describing the use of chatbots during emergencies, such as the COVID-19 mandates and with the provision of ease in human resource allocation and process. Crisis does expose the patients to more personal and fearful information. These inputs can also be used by chatbots to “understand users better,” which poses even greater privacy and security concerns. People do not understand how their sensitive information is acquired through various methods, which include a lack of transparency regarding the processes of collection, storage, utilization, and sharing.^3,8,9

Current-day chatbots face other unmatched challenges such as lack of advanced tailoring capabilities, absence or unreliability of real-time monitoring, minimal reporting and customization for physicians, lack of comprehensive integrative mechanisms, restricted inter-system resource sharing, and fragmented knowledge transfer. Most of these problems stem from the rigid frameworks prevalent in most works. In addition, chatbot administration often utilizes a consolidated approach to data organization, making persistent adherence to privacy protocols exceedingly difficult. Data gathered during chatbot interactions is extremely sensitive, therefore necessitating that users regain control over their personal data. This empowers users while ensuring compliance.¹ Privacy in AI systems incorporates ethical and legal frameworks as well as user trust; therefore, it should not be neglected the responsible, ethical, and compliant development and implementation of AI systems, data trust policies support user trust and the overall success, acceptance, and resilience of these technologies. Focusing on the intersections of privacy and data security relating to chatbots, we can identify a few essential issues: ethics, compliance, trust, data quality, and preventing malignancy.¹⁰ Any security-related concern can broadly be categorized into two big buckets: threats and vulnerabilities. A security threat is some foreseeable risk that could impact an entity and its ecosystem. Computer security threats include spoofing, tampering, repudiation, information disclosure, denial of service (DoS), privilege escalation, and many others.^3,11

Many people are now paying close attention to information security issues. In relation to chatbots, one of the foremost concerns is securing sensitive user information. As chatbots are implemented in more businesses and use cases, the amount of personal information shared through these systems keeps increasing. Thus, these systems become an even greater target for cybercriminals.² The digitalization of healthcare processes has markedly increased the creation and analysis of healthcare data. Therefore, there is more focus on the areas of security and privacy of mobile health (mHealth) applications. Most publicly available mHealth applications, however, do not have adequate security and privacy safeguards during the critical phases of data collection, storage, or processing. For these issues, some recommendations have been formulated for mHealth application developers regarding secure mHealth application development. Additionally, security and privacy testing frameworks have also been introduced.¹² Although security and privacy in mHealth applications have been discussed briefly in various studies,^13–15 there remains a noticeable gap in the literature focusing specifically on conversational agents in healthcare. For example, Dastani and Mohseni briefly addressed privacy concerns within the broader scope of ethical challenges, highlighting that ensuring ethical use of AI in medicine -including data privacy, bias, and accountability- poses significant challenges that must be addressed.¹⁴ This study was on the ethical challenges of AI in medicine and examined privacy in general. Instead, health chatbots have specific characteristics (such as direct interaction with the patient, collection of sensitive data in real time, lack of transparency in data storage, and dependence on LLMs). Therefore, the findings of that study are not fully generalizable, and there is a need for a dedicated study on health chatbots. However, to the best of our knowledge, no study has explicitly focused on the security and confidentiality of health-related conversational agents powered by chatbot technologies. While privacy and security models have been developed for various technologies, such models appear to be lacking in the context of health chatbots.^16,17 These limitations highlight the need for a dedicated study on security and confidentiality in health chatbots. Although there is a growing number of studies that have focused on data security and privacy in both mHealth applications and general AI systems, very few comprehensive, future-oriented, model-based studies have been carried out with a special focus on privacy and security challenges presented by AI-driven health chatbots. Much of the existing literature merely views these systems as an extension of traditional mHealth platforms, failing to give due consideration to the real-time user interaction, dynamic data flows, and reliance on LLMs. This has very much narrowed the scope for developing systematic frameworks that could guide secure and confidential deployment of such chatbots within a healthcare context. On the other hand, despite studies having reviewed the security, privacy, and confidentiality challenges in health chatbots,^18–26 most of them have provided general analysis and have not presented comprehensive conceptual models or integrated frameworks for managing the security, privacy, and confidentiality of sensitive user data. Particularly, no previous study has yet presented a comprehensive conceptual model that can ensure data security and privacy in health chatbots, and the existing solutions often remain fragmented and domain-specific. Therefore, the objective of the present study is to identify the challenges related to information security and confidentiality in health chatbots, extract corresponding solutions, and propose a conceptual model aimed at ensuring secure and confidential information handling in health chatbot systems. To achieve this, the following objectives are addressed:

To identify the security and confidentiality challenges in health chatbots and solutions to overcome them

To propose a conceptual model for ensuring information security and confidentiality in health chatbot systems.

Methods

To achieve the objectives of this study, a two-phase approach was undertaken as follows: First, through a scoping review, existing studies on information security and confidentiality in health chatbots were examined to identify relevant challenges and corresponding mitigation strategies. In the second phase, aiming to propose a conceptual model for ensuring information security and confidentiality in health chatbot systems, international regulations, guidelines, and standards from reputable organizations were extracted and analyzed. Based on these findings, a conceptual model was developed by the authors and subsequently validated through an expert panel. Informed consent was obtained from all participants of the expert panel prior to their involvement. The details of each phase are explained in the following sections.

Scoping review of security and confidentiality challenges and mitigation strategies in health chatbots

The first purpose of the study was to identify pertinent literature, and for that, a scoping review was conducted on the databases PubMed, Scopus, IEEE Xplore, and ACM Digital Library without any time constraints. The retrieval process was done using keywords on the concept of security (Information Protection, Data Protection, Data Security, and Cybersecurity); confidentiality (Confidential Information, Privacy, and Confidential Data); the field of healthcare (Health, Medical, and Health); and chatbots (Chatbots, Chat Robots, Conversational AIs, and Virtual Agents). Boolean operators, truncation symbols, phrase searching, and other filters were creatively used to facilitate thorough and exact retrieval of the pertinent articles. Standardized keywords were selected based on Medical Subject Headings (MeSH) and terms used in related studies. In addition to automated electronic searches, backward snowballing was used to identify further relevant studies by reviewing the reference lists of retrieved articles. A sample of the search strategy is provided in Appendix A. This Scoping Review has been registered in the PROSPERO database with registration number CRD420251084354.

Selection process

After retrieving sources based on the search strategy, duplicate studies were first removed. Then, titles, abstracts, and full texts of the articles were independently reviewed by two researchers according to the study's inclusion and exclusion criteria, and irrelevant sources were excluded. In case of disagreement in article selection, a third reviewer was consulted for the final decision. This study included English-language articles published in international journals and conferences focusing on the challenges of information security and confidentiality in health chatbots. Studies were excluded if they met any of the following criteria: (1) observational studies, letters to the editor, short reports, posters, and newspapers; (2) articles without full-text availability; and (3) articles addressing chatbots outside the healthcare domain. Any disagreements that came up during the screening and selection of studies by the two reviewers were solved through discussion and consensus. In cases where consensus could not be reached, a third reviewer was consulted for the final decision.

Data collection, extraction, and synthesis

In this study, a data extraction form was used to collect information from the relevant texts. The form included components such as the author's name, study title, year of publication, country, security challenges, confidentiality challenges, proposed solutions for security, and proposed solutions for confidentiality. The data extraction form was designed using Excel 2016 software. Extracted data from the related articles were analyzed using a meta-synthesis approach and organized and classified into tables and charts. The synthetic report mainly followed the PRISMA Extension for Scoping Reviews (PRISMA-ScR) guidelines. After extracting concepts from selected studies, thematic analysis was conducted for categorization. Thematic synthesis was conducted in three main steps: line-by-line initial coding of the extracted data, organization of codes into descriptive themes, and development of analytical themes that reflected higher-level patterns and associations. All coding and synthesis were done manually and independently verified by two reviewers to ensure consistency and reliability.

Conceptual model for ensuring information security and confidentiality in health chatbots

In order to accomplish the study's second objective, the research team first gathered and classified information pertinent to laws and policies regarding information security and confidentiality. This includes HIPAA regulations, NIST security and privacy controls for information systems and organizations, the GDPR of the European Union, the Center for Internet Security Critical Security Controls for Effective Cyber Defense, and ISO/IEC 27001 standards. Formulated conceptual models were iteratively developed and then refined through an expert panel for evaluation. The expert panel consisted of seven specialists in the fields of digital health, information security, legislation, chatbot development, medical ethics, health information management, and medical informatics. These professionals represented academia, healthcare institutions, and technology companies. Their ages ranged from 32 to 58 years, with a mean of 44.6 years. There were four men and three women among the specialists. All experts had between three and twenty years of professional experience and held positions such as faculty members, cybersecurity officers, senior system designers, and health data governance specialists. This multidisciplinary composition ensured a balance in theoretical, practical, and technical perspectives, thus enhancing the evaluation process. The sampling method was purposive non-random sampling, selecting experts with a minimum of three years of relevant professional experience.

For the evaluation, a questionnaire containing eight closed questions using a Likert scale and one open-ended question for expert feedback was used (Appendix B). Prior to the panel meeting, the questionnaires along with the designed conceptual model were sent to the experts via email. After one week, the panel convened to review, critique, and finalize the model. Qualitative data from open-ended responses and panel discussions were analyzed using a systematic thematic analysis approach. Open coding, to identify recurring concepts within experts’ feedback, was performed independently by two members of the research team. Codes were compared, combined, and organized into broader themes through consensus-based discussions. These directly informed the subsequent refinement and restructuring of the conceptual model. The quantitative data from Likert-scale items were summarized descriptively.

Results

Overview of included studies

After the initial search, 1233 studies were identified from the databases. Following the removal of duplicates, 922 articles were screened based on their titles and abstracts, ultimately resulting in 16 eligible studies selected for inclusion. The study selection process, based on the PRISMA guidelines, is illustrated in Figure 1. In the subsequent sections, after summarizing all articles, the study results are categorized according to the general characteristics of the selected studies, the security and confidentiality challenges identified in these studies, relevant standards and regulations for information security and confidentiality, and the proposed conceptual model for information security and confidentiality in health chatbots.

Figure 1.

Prisma flowchart for article selection.

A summary of the general characteristics of the selected studies is shown in Table 1. From the data outlined in the table, it can be noted that the distribution of articles spans from 2017 to 2024, with the peak joint publication period occurring in 2023–2024 (n = 10). Most of the studies, however, were conducted in the United States (n = 4). Among the selected studies, 10 were review articles and six were original research studies. Regarding the application domain of chatbots, the most common use case was in the field of mental health (n = 6).

Table 1.

Matrix of included and characteristics of study (n = 16)

No.	Ref./country	Year/study type	Aim of the study	Scope of chatbot	Security and confidentiality challenges	Solutions provided for the challenges
1	²⁷/2021	Germany/original study	The aim of this study was to identify the benefits and challenges of Personalized Adaptive Conversational Agents (PACAs) in the mental health care, as the human-like features of these agents—particularly their personality and adaptability—may raise ethical concerns	Mental health	This intelligent agent deal with highly personal data that requires special protection The collected data may become accessible to third parties	Data must be transmitted and stored in an encrypted form Collected data should not be shared with third parties Only the most essential personal information should be collected and used Data should be deleted as soon as it is no longer needed The perceived benefits of using personal information must also be disclosed by the PACA and made visible to the user
2	¹⁸/ 2024	Canada/review study	This review study examines current trends, challenges, and future directions in medical chatbots based on large language models (LLMs)	All types of health chatbots	The regulations governing the use of data and information for LLMs are unclear and inadequate, making it impossible to fully prevent unauthorized access or misuse of LLMs LLMs require access to individuals’ health records in order to provide education and knowledge Although it is likely impossible to prevent LLMs from accessing potentially sensitive information, efforts should focus on improving the security of how that information is stored and used	Ensuring robust measures for data encryption, storage, and transmission Implementing strict protocols to prevent unauthorized access or breaches Regulating LLMs across various fields, not just healthcare Establishing global regulations, given the differing standards on such controversial issues Creating an appropriate balance between technological advancements and ethical principles
3	²⁸/ 2024	USA/original study	The aim of this study was to identify the potential benefits and challenges of incorporating LLMs in dental education	Dental education	The use of patient data, including medical records, diagnostic images, and clinical findings, in dental education may compromise the security and confidentiality of individuals’ data	Input data (including text and images) must be stripped of any identifying information before being fed into the AI model Images should be checked for copyright violations before being input into the AI model Ideally, models should be hosted on secure platforms with strong encryption and access controls to prevent unauthorized access and data breaches Some institutions may offer secure cloud services through compliant service providers, which can ensure a more private ecosystem for AI usage Chatbots must comply with various regulations governing the management and use of Protected Health Information (PHI) in healthcare, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the General Data Protection Regulation (GDPR) in the European Union
4	²⁹/ 2023	Australia/original study	This paper presents a critical review of key ethical issues raised by the emergence of mental health chatbots	Mental health	Unauthorized collection, use, and disclosure of data.	Assessing potential risks and benefits Providing solutions for the proper collection and use of data Anticipating and addressing potential data disclosures
5	³⁰/ 2023	USA/review study	This comprehensive critical review examines the ethical implications associated with the integration of chatbots in nephrology, aiming to identify concerns, propose policies, and offer potential solutions.	Nephrology	Inadequate measures for obtaining informed consent for data collection and use Potential breaches of patient privacy and data security Failure to provide accurate information about the limitations of chatbots Non-compliance with ethical guidelines and standards	Implementing explicit consent mechanisms and educating patients about data management practices Ensuring data security and confidentiality Establishing informed consent protocols (clearly communicating data use and obtaining informed consent) Protecting patient identity (pseudonymizing or anonymizing patient information) Enforcing encryption protocols Implementing strict access controls for data Applying stringent data protection measures Maintaining honesty and transparency regarding chatbot capabilities and accessible information Providing clear disclaimers about potential errors Adhering to relevant laws such as HIPAA and GDPR, as well as ethical codes specific to the healthcare profession
6	²⁰/ 2023	Thailand/review study	This study extensively examines the use of chatbots in ophthalmology, focusing on accuracy, reliability, data protection, security, transparency, potential algorithmic biases, and related ethical considerations	ophthalmology	Breaches of data security and confidentiality during transmission Inadequate data retention policies Unauthorized access to patient data Lack of adherence to informed consent and confidentiality Non-compliance with regulatory standards	Use secure protocols (such as HTTPS, SSL/TLS) for data transmission Implement data loss prevention mechanisms to monitor and control data transfer Update software and systems with the latest security patches Encrypt patient data using strong encryption algorithms Apply data minimization techniques to collect and store only essential patient data Regularly review and delete outdated or unnecessary patient data Implement strong authentication methods, such as multi-factor authentication Enforce role-based access control mechanisms to restrict access Conduct regular security audits and penetration testing to identify vulnerabilities Provide comprehensive training to staff on best practices for privacy and data security Obtain informed consent from patients before involving them in chatbot interactions and data collection Offer explicit options for participation in data collection and sharing Allow patients to withdraw informed consent at any time Enable the deletion of patient data upon their request Adhere to confidentiality protocols Provide disclaimers and warnings about the limitations of chatbot capabilities Comply with relevant regulations and guidelines such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the General Data Protection Regulation (GDPR) in the European Union Conduct thorough evaluations of chatbots by healthcare organizations and developers to ensure compliance with regulations, data management practices, security measures, and consent procedures
7	³¹/ 2022	Australia/review study	The aim of this study was to identify the key challenges in the design, development, and evaluation of conversational agents in healthcare and well-being research	Health and well-being	The use of voice assistants disrupts privacy Privacy challenges arise when conversational agents act as intermediaries between two or more users	In the use of voice assistants, some proposed solutions include using other devices or methods for input (e.g., taking photos or text input via phone or web), as well as implementing template features Since many healthcare conversational agents deal with user information and decision-making that are critical for safety, there is a need for more rigorous and standardized evaluation measures for them
8	²¹/ 2024	Czech Republic/review study	The aim of this study was to examine the benefits and challenges of AI-based large language models in gastrointestinal diseases	gastroenterology	Breach of patient privacy due to sharing sensitive health information with AI Risk of data security breaches and unauthorized access	Ensuring protection of data from unauthorized access Implementing strict data security measures, including anonymization and encryption of patient information Ensuring appropriate protocols and procedures are in place for the safe and ethical use of AI in medicine Striking a balance between the benefits of AI and the need to protect privacy and data security Fostering collaboration between AI developers and healthcare organizations to establish strong security measures and comply with relevant regulations Obtaining informed consent from patients and educating them about the use of AI, its purpose, and its limitations Regularly reviewing and updating ethical guidelines for AI in medicine Promoting collaboration among ethicists, technologists, clinicians, and policymakers to address the various challenges of chatbots
9	³² / 2019	England/original study	This study discusses young persons's perspective on the strengths and limitations of using chatbots to support mental health. It also outlines minimum ethical standards for these platforms, including issues related to privacy and confidentiality, effectiveness, and safety, and reviews three existing platforms: Woebot, Joy, and Wysa	Mental health	Unauthorized access to users’ personal information and conversations Concerns about ethical standards related to privacy and confidentiality, effectiveness, and safety	Keeping personal information confidential Ensuring conversations remain anonymous if shared Clarifying privacy arrangements and limitations Reminding users of privacy arrangements and limitations at every stage
10	²²/ 2023	USA/review study	The aim of this study is to identify the most critical security issues of AI chatbots and provide guidelines for protecting sensitive health information. It examines the impact of using ChatGPT in healthcare, identifies the main security risks associated with ChatGPT, and proposes key considerations for mitigating these risks. The study concludes with a discussion on the policy implications of using AI chatbots in healthcare	Healthcare	Data privacy breaches Intrusions into AI chatbots Lack of transparency Phishing or social engineering attacks, malware, and user interface vulnerabilities Security risks	Use of anonymized data, data masking, data desensitization, identity and access management, breach notification and enforcement Acceptable use policies, AI security awareness training, sharing the minimum amount of personal data necessary to achieve the intended goal (when in doubt, err on the side of sharing less) Security audits, proactive risk assessment, audit monitoring of algorithmic decision-making, and transparency in data management practices Technical safeguards such as encryption, secure authentication protocols, and network detection and response solutions; organizational measures such as user security awareness training, endpoint security implementation, and anomaly detection techniques Implementation of strict security measures for storing and transmitting protected health information, including encryption and access controls; business associate agreements; and limiting the use and disclosure of protected health information to the minimum necessary to achieve the intended purpose
11	²³/ 2024	England/review study	This study seeks to explore the latest advancements in AI chatbots, how they are transforming approaches to health behavior change, and the challenges that lie ahead	Health assistants	Unauthorized access to data Maintaining the confidentiality and integrity of sensitive health data Virtual health assistants must comply with numerous laws and regulations that vary between countries. Specifically, many jurisdictions stipulate that electronic health data should not be transmitted outside the country, potentially rendering many AI platforms non-compliant	Implementing robust cybersecurity measures Developing localized versions of AI platforms that enable data processing and storage within the user's country or region
12	³³ / 2018	USA/review study	This article focuses on the ethical challenges of delivering direct-to-consumer (DTC) digital psychotherapy that does not involve supervision by a mental health professional	Psychotherapy	Storage, sharing, and sale of behavioral health information to third parties in the consumer sector, outside HIPAA or traditional healthcare institutions that typically protect health information Sharing or selling user data by business models offering low-cost or free digital psychotherapy services for marketing or other purposes that users may not understand or anticipate Digital psychotherapy apps available through employer health programs can make users vulnerable to privacy invasions and workplace discrimination Treatment apps potentially use computational behavioral analytics and machine learning to analyze user information such as voice deviations, location data, or touchscreen interactions collected passively or actively via apps or wearables to assess and predict cognitive and behavioral states Non-professional DTC digital psychotherapy providers have no duty to keep consumer data confidential and generally state this in their terms and conditions Consumers may not thoroughly read the dense terms and conditions and thus might be unaware that their digital psychotherapy services do not keep data confidential. They may also not know that with many mental health apps, their data can be accessed via subpoenas and/or for legal proceedings For DTC digital psychotherapy services, disclosures about potential risks or data management are usually presented through terms and conditions or user agreements. These disclaimers are often written in dense, formal language that is difficult for many to understand. Most people do not take time to read the detailed language of terms and conditions on websites or apps. Since DTC digital therapy services present themselves as a form of treatment, consumers might assume their interaction includes ethical obligations typical of professional therapy, making it crucial to ensure users understand these obligations do not apply	Conduct further research to support guidelines for the protection and use of behavioral analytics data Clearly inform users about who will have access to the data, what types of data are collected, and how they are used and stored · Address legitimate use of consumer behavioral data at the policy level Consider appropriate limitations to ensure confidentiality Develop regulations and industry guidelines to protect consumer privacy and build a foundation of trust for direct-to-consumer (DTC) digital therapeutic interactions, involving policymakers, stakeholders, developers, mental health consumers, clinicians, and advocates Obtain informed consent from patients
13	¹²/ 2022	Switzerland/review study	This study aimed to investigate how and to what extent security and privacy are considered in current health chatbots	Mobile health applications	Information regarding data storage, data management, data security, and data privacy in current health chatbots is explained very limitedly Information from various cloud service providers has been misused, and data is exchanged with third-party services such as Facebook	Before implementing any healthcare-related conversational agent, an analysis must be conducted to determine which providers have access to the collected data Since collected data typically include sensitive personal information, it is essential to ensure that third parties neither reuse nor share the data Utilizing external data storage solutions, such as databases or cloud services, can provide efficient access to data by the conversational agent Data must be stored and transmitted exclusively in encrypted form to protect against unauthorized access Decentralized storage can offer a higher level of security compared to centralized storage solutions Employing complex decentralized architectures, such as blockchain, can ensure greater scalability relative to centralized approaches. Local storage and encryption of data minimize security risks for the conversational agent Both the usage context and data sensitivity should be considered when selecting the storage location to guarantee the highest possible level of security and privacy The selection of appropriate security methods for conversational agent data is essential to ensure confidentiality, integrity, and availability These requirements can be fulfilled through various encryption techniques, such as symmetric or asymmetric encryption, applied both server-side and client-side In addition to software-based encryption, the use of secure hardware components can enhance security Depending on the use case, the choice of storage architecture (centralized vs. decentralized) combined with selected security methods is critical Data privacy must be ensured in compliance with legal requirements, which vary by jurisdiction, such as GDPR in Europe and HIPAA in the United States The technologies employed in deploying the conversational agent must be carefully selected to align with these regulatory obligations
14	²⁴ / 2023	India/review study	The aim of this study is to understand the complex ethical issues related to the use of medical treatment chatbots based on natural language processing	Healthcare	Ransomware attacks, unauthorized access, and data breaches Furthermore, due to the interconnected nature of medical systems, vulnerabilities exist that can be exploited by malicious actors Employee errors Encryption blind spots Phishing attacks Deceptive websites Cloud-related threats	Implementation of encryption protocols Adoption of secure storage methods Utilization of strict access controls Transparent communication with users regarding data collection, processing, and storage policies consistent with the concept of informed consent Continuous updating and monitoring of safety measures Legal compliance for data security, such as adherence to the Health Insurance Portability and Accountability Act (HIPAA) Requiring healthcare institutions to foster a culture of oversight and transparency Robust procedures for data protection, consent management, and secure storage Addressing algorithmic biases to ensure ethical development and deployment
15	²⁵ / 2023	Canada/original study	The aim of this study was to compare the disclosure practices and security and privacy concerns between adopters and non-adopters of mental health chatbots	Mental health	Storage of user names, conversations, and conversation locations by chatbots User identity theft, data exploitation for extortion, loss of device control, and unauthorized access to devices	Enhancing transparency regarding data collection, retention, storage, sharing, and the technical implementation of chatbots Providing assurances of data confidentiality and security Granting users control and autonomy over managing their data
16	²⁶ / 2022	China/original study	The aim of this study was to propose a blockchain-based privacy-preserving framework combined with confidential computing to ensure comprehensive privacy protection for patients during the use of mental health chatbot services	Mental health	Not reported	Intel SGX provides a secure method for protecting data outside the trusted execution environment through a mechanism known as “sealing” The mental health chatbot utilizes this sealing mechanism to securely store patients’ chat data Authentication is required for connections between various services, and encrypted TLS connections are used. The storage service employs a decentralized blockchain-based identity (DID) service to manage user access permissions DID can offer appropriate decentralized authentication for patients and healthcare providers, and provides remote attestation for verifying the runtime environments of mental health chatbot services. The chatbot verification service audits mental health chatbots uploaded to the blockchain platform to ensure that patients do not inadvertently disclose private information during interactions The health chatbot does not transmit user-sensitive data within the blockchain application transactions. If sensitive data must be recorded on the blockchain, it is encrypted and stored in the storage service, while the blockchain application writes only the hash of the encrypted data to the blockchain When patients use the chatbot service, they are given the option to decide whether or not their chat records should be stored

Information security and confidentiality challenges and solutions in health chatbots

In order to evaluate the security and confidentiality of information in health chatbots, the study first examined existing literature to identify reported security and privacy challenges, noting proposed solutions to those challenges (Table 1). Most health chatbots don't have adequate safeguards when it comes to the privacy of users’ information. Medical, psychological, and identifiable personal information are processed and kept on systems. Also, there was a lack of transparency regarding the data collection, storage, and usage practices of the systems, which resulted in users being inadequately informed about the data processing operations. Furthermore, the consent-collection processes, along with the obtaining of consent from users, were incomplete in an informed consent context. Consent forms were generally long and complex, leading users to accept them without full comprehension. Another key issue identified was the presence of technical vulnerabilities in the transmission and storage of data, with some chatbots utilizing unencrypted channels and storing data on insecure servers. The review also revealed that many chatbots have insufficient policies for secure deletion and long-term data management. The absence of unified legal frameworks and international security standards has contributed to inconsistencies and confusion in privacy compliance when using such technologies. As also outlined in Table 1, most studies addressed security and privacy challenges only in a general manner. The identified challenges in the literature can be categorized as follows: disclosure and misuse of users’ personal information, unauthorized third-party access to chatbot data, unauthorized collection and use of user data, lack of proper or informed consent mechanisms, noncompliance with ethical guidelines and standards, security and confidentiality breaches during data transmission, inadequate policymaking for chatbot data security and privacy, lack of regular and systematic monitoring and evaluation, exposure to phishing attacks and malware, noncompliance with regulatory standards, data disclosure by cloud service providers, user and staff errors, collection, processing, and storage of unnecessary data.

On the other hand, the proposed solutions in this area can be grouped as follows: data encryption, compliance with third-party data sharing regulations, deletion of unnecessary or unused data, minimization of data collection and processing, adherence to technical standards and protocols, development of international policies and standardization for health chatbot security and privacy, de-identification or encryption of personally identifiable information during data transmission, risk management, implementation of precise mechanisms for obtaining informed consent, user management, access control, and auditing, periodic evaluation of health chatbots, network protection, secure software development lifecycle (SDLC), secure data storage.

Table 2 provides a thematic overview of the main security and privacy challenges associated with health chatbots extracted from the selected studies. These challenges can be grouped into eight thematic categories, including data privacy, system security, user authentication and access control, compliance and ethics, transparency and user consent, data management and storage, risks associated with AI and LLM models, and behavioral and interaction risks. Also, Table 2 depicts the key issues identified across the literature cited in the different categories, with their relative priority based on frequency and potential impact. Critical study challenges that need immediate attention include, but are not limited to, high-priority challenges like a lack of compliance with data protection laws and unauthorized access to sensitive data. There were also significant and medium-priority challenges, like insecure data storage and weak authentication, that will require streamlined efforts and actions. Lower-priority challenges, such as those associated with voice assistants, are less widely reported but still significant. On the other hand, for each challenge, risk mitigation strategies and solutions are also presented, including technical measures such as encryption and multi-factor authentication, as well as organizational and ethical measures such as informed consent protocols and regulatory compliance.

Table 2.

Thematic overview of security and confidentiality issues in health chatbots reported in selected studies.

Thematic category	Reported challenges	Priority (high/medium/low)^a	Frequency in selected studies (references)	Solutions/mitigation strategies
Data privacy/confidentiality	Unauthorized access to sensitive personal/health data/ disrupt privacy/privacy of voice data	High—Most critical and widely reported	13 (11,17,18,19,20,21,22,23,24,25,26,27,28)	Encrypt data during storage and transmission Minimize data collection Anonymize or pseudonymize data Delete data when no longer needed Inform users about data use
Data privacy/confidentiality	Unauthorized sharing or misuse of data with third parties	High	11 (11,17,18,20,21,22,24,25,26,27,28)	Restrict third-party access Obtain informed consent Transparency about data sharing Implement strict access controls
System security	Vulnerability to hacking, malware, phishing, ransomware	High	9 (11,18,24,26,28,29,30,31)	Use strong encryption Multi-factor authentication Network security protocols Conduct regular security audits and penetration testing Update software and systems
User authentication and access control	Weak authentication and insufficient access control	Medium—Important but less frequently reported	6 (19,22,24,26,30,31)	Implement strong authentication mechanisms Role-based access control Secure platforms for hosting models Limit access to authorized personnel
Regulatory and ethical compliance/standardization	Non-compliance with healthcare regulations (HIPAA, GDPR) and ethical guidelines/concern about ethical standards related to privacy and confidentiality	High	9 (19,21,22,25,26,27,28,29,30)	Ensure compliance with laws and ethical codes Maintain transparency Adopt informed consent protocols Establish institutional policies for data protection
Transparency and consent	Lack of clear user consent and awareness about data use/lack of transparency	High	12 (11,17,19,20,21,22,23,25,26,28,30,31)	Implement explicit consent mechanisms Provide clear explanations about data collection, processing, and storage Allow users to withdraw consent Use disclaimers
Data management and storage	Insecure storage, unclear retention policies, cloud-related risks/security and confidentiality during transmission	Medium	8 (11,18,22,24,28,29,30,31)	Use encrypted and decentralized storage Regularly review and delete outdated data Carefully select storage providers Apply blockchain or secure architectures
Model-specific risks	Risks specific to LLMs and AI models accessing sensitive health data	Medium	5 (18,19,24,28,31)	Implement strict protocols for LLM access Anonymize input data Regulate AI models across domains Balance technological advancement with ethical principles
Behavioral and interaction risks	Risks from voice assistants or conversational agents acting as intermediaries	Low – Less frequent or lower impact	3 (22,23,24)	Provide alternative input methods Monitor interactions Establish standardized evaluation measures for safety and privacy

Priority: The relative importance of each challenge based on its frequency in studies.

Conceptual model of information security and confidentiality in health chatbots

Following the extraction of data from the included studies, the second task was to search and categorize the information security and privacy laws, regulations, and standards. These included the Health Insurance Portability and Accountability Act (HIPAA), the National Institute of Standards and Technology (NIST) information systems and organization security and privacy controls, the European Union General Data Protection Regulation (GDPR), the Center for Internet Security (CIS) Critical Security Controls, and the ISO/IEC 27001 standards. Table 3 provides a summary of findings of this phase.

Table 3.

Guidelines, principles, and standards of information security and confidentiality.

Standard/reference	Description	Main dimensions	Details
HIPAA Security and Privacy Laws ³⁴	The HIPAA Privacy Rule and HIPAA Security Rule share the same goals regarding the protection of confidentiality, integrity, and availability of protected health information (PHI). The difference is that the Security Rule applies only to electronic protected health information (ePHI), while the Privacy Rule applies to PHI in any form.	Technical	Access: Refers to the ability/means to read, write, modify, and communicate data including files, systems, and applications. Controls should include unique user IDs and automatic logoff, emergency access procedures, and data encryption Audit controls: Mechanisms to record and examine activities related to ePHI within information systems Integrity: Policies and procedures to protect data from unauthorized alteration or destruction Authentication: Verification of the identity of the entity or individual seeking access to protected data
		Physical	Facility access controls: Policies and procedures to limit physical access to facilities housing information systems Workstation use: Guidelines for appropriate commercial use of workstations that access ePHI Workstation security: Physical protections for workstations to prevent unauthorized access, e.g., securing workstations in restricted rooms Device and media controls: Policies and procedures for the disposal and reuse of hardware and electronic media containing ePHI, including media tracking and data backup/storage
		Administrative	Security management process: Policies for prevention, identification, containment, and correction of security incidents, including risk analysis and risk management Assigned security responsibility: Designating a security official responsible for policy development and implementation Workforce security: Policies governing workforce access to ePHI, including authorization, supervision, and termination Information access management: Limiting unnecessary or inappropriate access to ePHI Security awareness and training: Implementing security awareness programs for all workforce members Security incident procedures: Procedures for identifying and reporting security incidents Contingency plan: Backup, disaster recovery, and emergency operations plans Evaluation: Periodic assessment of security measures for compliance Business associate agreements: Written contracts with vendors/partners handling PHI
NIST Security and Privacy Controls for Information Systems and Organizations ³⁵	NIST groups controls into 20 families, each addressing specific security and privacy safeguards. The framework is based on five core functions: Identify, Protect, Detect, Respond, and Recover. NIST standards are categorized into three main series.	SP 800	Computer security: Guidance and recommendations on computer, network, and internet security, covering risk management, network security, and data protection since 1990
		SP 500	Computer system technology: Standards focusing on computer system technologies, developed by NIST IT labs since 1997 to enhance IT and computing technologies
		SP 1800	Practical cybersecurity guides: Developed to address cybersecurity challenges in public and private sectors, complementing SP 800 series, published since 2015
EU General Data Protection Regulation (GDPR) ³⁶	GDPR is a legal framework that sets guidelines on collecting and processing personal data, aimed at protecting consumer rights by ensuring compliance with rules by websites, public institutions, and companies when handling individuals’ data.	Fundamental user rights	Right of access: Individuals can request access to their personal data and understand its use Right to be forgotten: Consumers can request deletion of personal data if dissatisfied or no longer customers Right to data portability: Individuals can transfer their data between service providers Right to be informed: Individuals must be informed about data collection and can opt-out Right to rectification: Individuals can correct inaccurate or outdated data Right to restrict processing: Individuals can limit data use for certain purposes Right to object: Individuals can object to data use without explicit consent Right to notification: Individuals must be informed promptly of data breaches likely to cause harm
EU General Data Protection Regulation (GDPR) ³⁶		Data protection principles	Lawfulness: Having legal basis, transparency, and acting in the individual's interest Data minimization: Collecting and retaining only necessary data Confidentiality: Only authorized persons can access data Accuracy: Taking responsible steps for data accuracy Accountability: Data processors must comply with GDPR Storage limitation: Deleting data no longer needed Purpose limitation: Processing data only for the specified purpose
Center for Internet Security (CIS) Critical Controls ³⁷	CIS Controls are prioritized safeguards organizations implement to improve security posture, regularly updated to address emerging threats and technologies. Defined as a prioritized set of controls to reduce common cyberattacks against systems and networks.	Access control, system configuration, vulnerability management	Asset inventory and control: Tracking all devices and software in on-premises, cloud, or hybrid environments Software asset inventory: Managing installed software and cloud apps to prevent unauthorized software Data protection: Protecting and encrypting data at rest and in transit Secure configuration: Establishing secure settings for hardware and software Account management: Managing user privileges, passwords, and account activities to ensure access is role-appropriate Access control management: Restricting access to critical systems and sensitive data based on least privilege Vulnerability management: Regularly assessing and addressing vulnerabilities Audit log management: Reviewing and retaining detailed logs to detect suspicious activities Email and web browser protection: Preventing phishing and malware Malware defenses: Detecting and blocking malicious software Data recovery: Maintaining backups to restore data Network infrastructure management: Implementing devices to protect network services Network monitoring and defense: Continuous traffic monitoring to detect threats Security awareness and skills training: Programs to build security-conscious workforce Service provider management: Evaluating and monitoring security practices of vendors Application software security: Secure coding practices for custom software Incident response management: Detecting and responding quickly to threats Penetration testing: Testing defenses by simulating attacks
ISO/IEC 27001 ³⁸	Specifies requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It helps organizations secure information assets with emphasis on risk assessment and management strategies.	Organizational (37 controls)	Focuses on policies, procedures, responsibilities, and organizational actions for effective information security, including: Information security policies Defined responsibilities for ISMS management and daily operations Contact with authorities and related groups Threat intelligence and monitoring Information classification and labeling Identity and access control Asset management
		People (8 controls)	Emphasizes the role of people, especially staff, including: Pre-employment screening Staff awareness and training non-disclosure agreements (NDAs) Remote working policies Security incident reporting
		Physical (14 controls)	Focuses on physical environment protections including: Secure environments and protected areas Clean desk and screen policies Utilities support Secure cabling Equipment maintenance
		Technological (34 controls)	Most related to IT security such as: Malware protection Backups Logging and monitoring Network security and segmentation Secure software development and coding practices

Information security guidelines and standards, each with its specific focus, provide organizations with guidelines that allow them to protect their information. HIPAA, being health information-specific, addresses technical, physical, and administrative safeguards such as authentication, access control, workstation security, risk analysis, and employee training. The NIST framework, comprising three series (SP 800, SP 500, and SP 1800), is based on five key functions: identify, protect, detect, respond, and recover-providing a full roadmap to information system security. GDPR, based on a user rights paradigm, places highest priority on rights such as the right of access, erasure, rectification, restriction of processing, and transparency, together with legal procedures for processing personal data. CIS Critical Security Controls are a list of prioritized actions such as asset management, network defense, malware defense, data backup, and security awareness training, with a pragmatic approach to preventing cyber-attacks. ISO/IEC 27001, finally, specifies a standard for the implementation of an Information Security Management System (ISMS), with a focus on risk assessment and an integrated set of organizational, human, physical, and technological controls for overall information security. As Table 2 shows, all of these frameworks emphasize access control, risk management, and employee awareness. However, HIPAA deals solely with health information; GDPR deals with the rights of data subjects; NIST and ISO offer general guidelines for all types of organizations; and CIS is operationally and technically oriented.

Then, and following the results of the first and second phases of the study, the research team constructed the conceptual model of health chatbot information security and confidentiality and subsequently presented it to an expert panel to evaluate and improve it. To assess the content validity and structural credibility of the conceptual model, a qualitative evaluation method was employed through an expert panel. In this regard, the initial conceptual model, which had been developed based on the findings from the first and second phases of the study, was documented both visually and descriptively, outlining its key components. The initial version of the model, along with a semi-structured questionnaire, was then distributed to seven subject matter experts. The panel members evaluated the model based on several criteria, including conceptual clarity, logical consistency among components, completeness of the model, consistency with standards, implement ability, and validity and feasibility of the model. Thematic analysis of experts’ qualitative feedback highlighted areas that require modification. The key themes were:

Emphasis on regulatory and contextual challenges: There was a suggestion by experts that the model indicate more explicitly the unique security and privacy needs for health chatbots, specifically those to do with compliance with patient data protection regulations.

Causal relationship clarification: There was an observation that some of the linkages among components should be better defined to enhance practical applicability in the real world.

Inclusion of ethical considerations: It was suggested to incorporate a distinct element focused on the ethical risks arising specifically from AI-enabled health technologies.

Reduction of conceptual overlap: Some components partially overlapped, and as such, suggestions were made to redefine or merge related elements where appropriate.

Data-security layers expansion: It was suggested to add a separate component focused on data security at all levels of interaction with a chatbot to be in compliance with international standards and legislative requirements.

Based on these thematic insights, several revisions were made to the conceptual model. These includined re-defining certain concepts, modifying specific terminologies, merging two overlapping components, and adding a new dimension and several subcomponents according to their operational applicability in the research context. Moreover, it was pointed out that causal links among the model components needed to be more precisely established, which was considered in the final version of the model. There was an absence of disagreement between the experts and that reflected a satisfactory level of validity for the conceptual model from a professional point of view. Overall, the expert panel feedback enhanced the model's structural validity and adherence to both scientific theory and practicality. The qualitative analysis results were summarized using average scores. All aspects of the model received acceptable mean ratings, with the lowest score pertaining to the model's comprehensiveness (mean = 4.25), and the highest score (mean = 4.75) related to its feasibility of implementation and value-added potential. The remaining components of the model also received an average expert rating of 4.5.

The final version of the conceptual model for information security and confidentiality in health chatbots is illustrated in Figure 2. As shown in this figure, the model comprises four main sections: levels of security and confidentiality, health data management, health chatbot design and development management, and individuals-constituting the core of the model. Each section is supported by layers of software, hardware, and middleware, and operates under the overarching domains of policy-making, risk management, and standardization. The dimensions are interconnected and interact in a synergistic manner. Health information management forms the basis of secure data handling, which, in turn, enables the design and development management of chatbots. These processes are further strengthened by mechanisms of information security and confidentiality that ensure compliance and technical protection. The individual dimension acts both as a beneficiary and an active participant, influencing and being influenced by the other dimensions through responsible use, awareness, and feedback. All these dimensions operate within and are led by overarching policies, risk management strategies, and standardization efforts that bring about an integrated, dynamic system for the protection of data security and confidentiality in health chatbots. The subsequent section provides a detailed description of the model's components.

Figure 2.

Conceptual model of information security and confidentiality in health chatbots.

Policy-making, risk management, and standardization

In the health chatbot data security and confidentiality theoretical model, the overall structure is provided by policy-making, risk management, and standardization as they influence all activities, tools, and stakeholders involved and therefore position them at the top of the hierarchy. Developing policies involves creating general policies, guidelines, and procedures pertinent to the security and confidentiality of information within chatbots, including awareness and educational campaigns, issuance of development and use permits for health chatbots, development of protocols to avert violations, and specifying penalties and sanctions for non-compliance. The collaborative efforts of legal personnel, policymakers, technologists, and healthcare practitioners are necessary to streamline the creation of effective security and privacy policies concerning health chatbot systems. Risk management involves actions aimed at detecting, controlling, preventing, mitigating, and rectifying threats and vulnerabilities concerning the security and confidentiality of data. Setting the necessary standard involves developing and promulgating specific context-oriented standards that revolve around the security and confidentiality of health chatbot data. These standards must accommodate the necessary global use, yet align with the local and national statutes. The necessary standards must be built around the established global use. Furthermore, they should comprehensively address all dimensions of electronic health data, artificial intelligence, and intelligent agents.

Health information management

Health information management encompasses the entire lifecycle of data, including collection, storage, transfer and sharing, and deletion. In this sector, numerous important measures are being undertaken to uphold the security and secrecy of information:

User management: Username allocation and assignment of unique identifiers for each user; obtaining informed consent (e.g., data use permissions, data transfer and storage permissions, right to require erasure of data, right to be forgotten, right to rectify data, right to object, right to be notified in case of security or privacy breach, and right to revoke consent); authentication, authorization, access control, and guest access control.

Session management: Using session security assurance, including automatic logout mechanisms.

Secure data transmission: Data encryption, anonymization during transmission, encrypted outputs, data classification and marking, third-party transfer guidelines, data reuse policies, and data transmission protocols.

Media and hardware security: Secure data erasure, secure device reuse, data recovery and backup procedures, workstation hardening, and hardware disposal.

Audit controls and data integrity: Utilizing audit controls to ensure data consistency, assurance, and anomaly detection.

Incident reporting and identification procedures: Implementing procedures for identifying and reporting data security and confidentiality breaches.

Periodic evaluations: Regular evaluations conducted by healthcare providers and health chatbot developers to assess security controls and adherence.

Data minimization: Reducing data amount at the collection point, storage, and processing, and deleting outdated or valueless data on a regular basis.

Secure data deletion: Maintaining strict and irreversible data erasure processes.

User training: Educating users about how to protect usernames and passwords, hardware and physical media, and preventing unintentional exposures of data.

Data-type-based security: Implementing security depending on data types, for instance, adhering to copyright laws for images or restricting the usage of voice communications.

Security in data storage: Encrypted storage of data, decentralized storage through options such as blockchain, external storage devices for storing data, customized storage based on data usage and sensitivity, and judicious use of cache memory.

Management of health chatbot design and development

The management of the design and development of health chatbots encompasses the phases of design, development and configuration, evaluation and implementation, and decommissioning. To ensure the security and confidentiality of data, the following measures are implemented:

Security of developers’ hardware assets: Protecting physical devices used in development processes from unauthorized access or tampering.

Security of developers’ software assets: Ensuring the safety of software components and source code through access control, version control, and secure storage practices.

Secure configuration: Adhering to security best practices in system configuration in order to reduce vulnerabilities during deployment.

Network security: Includes penetration testing, anti-malware protection, secure network infrastructure, network monitoring, hardware and workstation security, secure data transport protocols, and use of VPNs.

Monitoring and maintenance: Involve performing periodic reviews of the systems, upgrading technologies, and routinely applying security patches to the software

Safe Software Development Life Cycle (SDLC): Involves incorporating safe coding practices, extensive software testing, and end-user education prior to software deployment.

Innovative informed consent procedures on platforms: Techniques such as slowing down the consent process with interactive screens, displaying summaries of primary risks or warnings, and the use of audio/video content in presenting risks and benefits.

Safe decommissioning: Implementing safe and complete procedures for retiring chatbots to avoid data leakage.

Warning and disclaimers: Providing users with disclaimers and notifications about the limits of the skill of the chatbot and the type of information delivered.

Cooperation between developers and healthcare institutions: Joint efforts in creating and implementing health chatbots that are compatible with clinical, ethical, and technical guidelines.

Information security and confidentiality levels

In the subsequent section of the conceptual model, the various levels of ensuring information security and confidentiality in health chatbots are presented. These levels include technical, managerial, physical, and technological dimensions. This aspect provides essential guidance for implementing appropriate measures to ensure data security and confidentiality in all activities. Technical aspect consists of technical controls such as access control, audit control, authorization, and authentication controls. Managerial aspect emphasizes the management of people and organizations to be managed and controlled to implement security procedures and policies. The physical dimension pertains to hardware, media, and workstations involved in the storage and processing of health data. The technological dimension refers to the implementation and application of chatbot technologies and related software systems.

Individuals

This component identifies the stakeholders involved in ensuring the security and confidentiality of health chatbot data. Every single individual -from policymakers and investors to chatbot developers and end-users- plays an integral role in this. Every one of their duties depends on the specific role and level of interaction. Ongoing training programs and constant demands to keep data secure and safe are compulsory in order to achieve success towards the master goals of the model.

Software, hardware, and middleware

Finally, the foundational layer of the model comprises software, hardware, and middleware. These core components support all processes, dimensions, and levels of the model, and must be thoroughly considered and integrated into each stage of the health chatbot lifecycle to ensure effective and secure functionality.

Table 4 shows the components of a conceptual model for security and privacy in health chatbots. Unlike general information security models that only address general considerations such as encryption, access control, or risk management, this model is specifically focused on the health domain. For this reason, in addition to complying with well-known standards and frameworks (HIPAA, GDPR, NIST, ISO/IEC 27001), it also considers the unique characteristics of health chatbots, as described in the fourth column of the table. In particular, this section addresses issues that are not addressed or are of lesser importance in other areas of IT, including: clinical risk management and the potential consequences of treatment or diagnostic errors resulting from chatbot recommendations; the need for informed clinical consent tailored to the type of service (such as pharmaceutical, genetic or psychological counseling) that is quite different from general consent processes in other digital services; clinical event reporting that specifically relates to patient health outcomes, alongside traditional security reporting; access controls based on the type of medical data (for example, genetic or psychiatric data require a higher level of protection than general health data); and data-centric policies on the location of processing and storage that respond to the high sensitivity of health data at local, national and international levels. From this perspective, the conceptual model presented is not a generic and iterative version, but a specific model for health chatbots that integrates technical, managerial, legal and clinical dimensions and specifically responds to the risks and needs of this field. This fills a gap in the research literature and provides a clear added value compared to general security models.

Table 4.

Mapping the components of the conceptual model of information security in health chatbots to research findings and existing standards.

Conceptual model component	Key findings in phase 1	Relevant frameworks/standards (phase 2)	Unique feature in health chatbots
Policy making, risk management, standardization	The need for clear policies and guidance for data protection, the lack of uniform frameworks for privacy, the lack of a unified legal framework and the need for local/international regulations for LLMs and health services; the need for clear rules for data sharing and where data is processed, Lack of risk management and threat assessment	HIPAA—administrative safeguards (security management process) NIST—NIST cybersecurity framework (governance—GV.RM)/NIST SP 800-53 (risk assessment and management)/NIST privacy framework/NIST crosswalks ISO/IEC 27001—organizational controls GDPR—data protection principles	Formulate clear policies, clinical and legal, relating specifically to health chatbots Define legal responsibilities for developers, providers, and regulators Ensure data sharing and processing locations are transparent Perform clinical and security risk assessments; anticipate diagnostic/treatment errors Establish incident reporting systems for both clinical and data/security events Establish clinical performance standards and KPIs for chatbots Apply global frameworks ISO/IEC 27001, NIST, HIPAA with healthcare-specific adaptations Follow all relevant local and international regulations, including GDPR and HIPAA Continuously monitor and evaluate both clinical and security performance
Health information management—user management	Challenges in obtaining informed consent, controlling access and user authentication, storing identifiers and conversation history	HIPAA—administrative and technical GDPR—fundamental user rights ISO/IEC 27001—people, organizational, and technological controls CIS—account management and access control NIST SP 800-53 (access control—AC)	Use interactive and multimedia consent methods, such as video/audio, summaries Provide users with the ability to review, update, or withdraw consent at any time Simplify consent forms for non-technical users by using progressive disclosure and comprehension checks Enable granular, use-based consent (treatment, research, model training) Use clinical-specific consent for each health service Implement strong authentication: multi-factor authentication (MFA), role-based access with unique IDs Monitor access continuously and alert on unusual behavior Restrict access to sensitive profiles; put in place age and vulnerability protections Encrypt and anonymize data, use secure/decentralized storage Define retention periods and ensure secure deletion upon expiration or by request
Health information management—session management	Session security risks, weaknesses in automatic logout and meeting management mechanisms, session hijacking	HIPAA—technical NIST SP 800-53 (session control—SC) ISO/IEC 27001—technological, physical, and organizational controls CIS—secure browser	Employ end-to-end encryption on all sessions, using E2EE and secure channels: HTTPS/TLS Monitor every session in real-time for unauthorized accesses Introduce smart options for automatic logout and session termination Provide granular controls for users and professionals; prevent multiple simultaneous sessions Detect session takeover via behavioral analysis and short-lived session tokens Require MFA when sensitive health data is accessed. Utilize intrusion detection and rapid response systems for clinical consultations Manage clinical context retention through explicit policies and user control Link emergency sessions to clinical protocols immediately
Health Information Management- Secure data transmission	Use of unencrypted channels and leaks in transmission; need for end-to-end encryption and secure protocols	HIPAA—technical NIST SP 800-53 (SC-13: cryptographic protection, SC-28: protection of information at rest) ISO/IEC 27001—technological controls CIS—data protection	Use E2EE to encrypt all messages, files, and media to prevent unauthorized access Use secure channels for all communications: HTTPS/TLS, VPN, and secure tunnels Apply data loss prevention (DLP) and redact sensitive information before sending to external LLMs Monitor sessions for suspicious activity and unauthorized access Keep encrypted and audit-ready logs for incident investigation Comply with GDPR/HIPAA and local/international regulations in regard to cloud and server transfers
Health information management—media and hardware security	Risk of data leakage from recycled devices or media, insecure storage, problems with cloud providers, threat of device theft	HIPAA—physical ISO/IEC 27001—physical controls CIS—asset inventory control NIST SP 800-53 (MP-2: media access, MP-4: media storage, PE-18: location of system components, PE-19: physical access control)	Secure storage and deletion, management of all media containing PHI: images and audio Consider restricting BYOD (bring your own device) or use sandboxing/wipe tools on personal devices Secure authentication by hardware signature to enable data transfer from wearable devices Manage all devices/media under PHI-aware protocols and regulations Ensure that any external platforms or APIs used are compliant with HIPAA/GDPR and LLM security
Health information management—audit and integrity controls	Lack of or inadequate logs and anomaly detection mechanisms; need for auditing to identify unauthorized access.	HIPAA—technical CIS—audit log management NIST SP 800-53 (AU-2: audit events, AU-6: audit review, analysis, and reporting, AU-12: audit generation, SI-7: software, firmware, and information integrity) ISO/IEC 27001—technological controls	Maintain tamper-evident logs of all clinical interactions, along with model version and training parameters Document all input data, processing steps, and outputs. This will enable traceability of errors Log precisely what data is sent to external LLMs, and what redaction/ data loss prevention mechanisms have been applied Ensure audit trails capture both the data as well as chatbot responses to trace the source of any clinical error
Health information management—incident identification and reporting procedures	Lack of a reporting mechanism, and identification of incidents.	HIPAA—administrative ISO/IEC 27001—people controls GDPR—fundamental user rights CIS—incident response management NIST SP 800-53 (IR-4: incident handling, IR-5: incident monitoring, IR-6: incident reporting, IR-8: incident response plan)	Automatically detect sensitive data breaches and clinical errors Document incidents and report to appropriate authorities, supervisors, and patients according to legal requirements, such as under the GDPR Escalate serious incidents immediately to the clinical and security teams Maintain secure logs for all incidents, including time, data type, affected module, and potential patient impact, to facilitate root cause analysis and prevention
Health information management—periodic assessment	Lack of regular evaluation, and periodic evaluations.	HIPAA—administrative ISO/IEC 27001—organizational controls NIST SP 800-53 (CA-2: control assessments, CA-5: plan of action and milestones (POA&M), CA-7: continuous monitoring)	Perform periodic penetration tests, vulnerability scans, and audits of data transfers to third-party services Verify that they meet the current legal requirements concerning consent management Assess quality and accuracy of chatbot responses; review sample conversations for clinical errors Assess the users’ knowledge and behavior, particularly in patients with low digital literacy Document findings and report them to security and clinical teams for corrective actions
Health information management—data minimization	Recommending minimizing data collection and eliminating redundant data.	GDPR—data protection principles HIPAA—administrative NIST SP 800-53 (PL-8: information security and privacy policy, AP-1: authority to collect, AR-2: privacy impact assessment)	Collect only data that is absolutely necessary for a particular health service Store little conversation history; unnecessary data will auto-delete Redact or pseudonymize data before sending to the LLM Limit collection and retention of metadata, for instance IP, location, to what is strictly necessary Periodically clear health data that is no longer required, as per security and legal requirements
Health information management—secure data deletion	Secure deletion of health data.	GDPR—fundamental user rights/data protection principles HIPAA—physical NIST SP 800-53 (MP-6: media sanitization, SC-4: information in shared resources, SI-12: information retention/disposal)	Completely and irreversibly delete all the patient data when it will no longer be needed Apply a secure deletion for backups, caches, and local devices using multi-stage overwriting, encryption + key deletion Ensure, through contract, that cloud/LLM providers securely delete patient data Maintain auditable logs of deletion events including date, method, and data type
Health information management—user training	Insufficient user awareness of security, lack of user/employee awareness, and reported human errors; need for security training programs.	ISO/IEC 27001—people controls CIS—security awareness and skill training HIPAA—administrative NIST SP 800-53 (AT-2: awareness training, AT-3: role-based training, AT-4: training records)	Inform patients what information may be shared and what is sensitive Improve digital literacy: teach strong passwords, logging out, and safe interactions Train staff on data entry, including how to archive/delete conversations as well as report incidents Provide easy-to-read summaries of consent forms and patient rights Educate users about phishing and social engineering threats Build trust by demonstrating how data is protected, thereby enabling safe and confident interactions with chatbots
Health information management—data-type-based security	Need for special protection for images, files and audio data; copyright and identification issues in video/audio inputs.	HIPAA—physical GDPR—data protection principles ISO/IEC 27001—organizational controls NIST SP 800-53 (PL-2: system and communications protection policy and procedures, SC-12: cryptographic key establishment and management, SC-31: cryptographic module authentication, RA-2: security categorization)	Highly sensitive information, such as psychiatric history or genetic results, needs very strong layers of protection Apply end-to-end encryption and multi-layer access restrictions for data such as HIV status or genetic information Pseudonymize or tokenize identifiable information: e.g., name, phone number Less sensitive data, such as sleep or activity, can rely on lighter protection mechanisms Apply different retention policies depending on sensitivity: retain important clinical data over a long period while quick deletion of transient conversations Implement role-based access control (RBAC) or attribute-based access control (ABAC) to ensure that access levels match the sensitivity category of the data
Health information management—secure data storage	Insecure and opaque data storage, encrypted, decentralized and customized storage.	HIPAA—physical ISO/IEC 27001—technological controls GDPR—data protection principles CIS—data recovery NIST SP 800-53) SC-28: protection of information at rest, SC-12/13: cryptography and key management, CP-9: backup, MP-4: media storage)	Protected health information (PHI) must always be encrypted at rest and in transmission using strong algorithms, and secure transmission protocols Do not store encryption keys on the system; use hardware security module (HSM) or key management service (KMS) instead Granular encryption for highly sensitive data would include genetic and psychiatric data with dedicated keys Use a blockchain ledger to record access transactions in order to prevent unauthorized modifications and manage patient consent Crypto-shredding: To destroy data securely by rendering it unreadable, destroy encryption keys instead of deleting records directly
Management of the design and development—security of developer's hardware assets	Risk of theft/access to developer devices and presence of PHI in the development environment.	CIS—asset management HIPAA—physical ISO/IEC 27001—physical controls NIST cybersecurity framework (CSF)/NIST SP 800-53 (physical and environmental protection (PE), asset management (ID.AM))	Isolate development hardware: use separate laptops/servers for health chatbot work and ban personal devices Fully encrypt all storage Control physical access: locks, access cards, biometrics, and secure storage for laptops/devices Securing test devices: wiping sensitive data after each test, blocking unsecured networks, limiting apps Regularly patch and update operation system/software Enforce strict BYOD policy if personal devices are used: encryption, remote wipe, work/personal separation
Management of the design and development—security of developer's software assets	Risks of key/data leaks in repositories and training data; need for version control and code protection, Insufficient software control.	ISO/IEC 27001— technological HIPAA—technical CIS—software assets inventory, application software security NIST cybersecurity framework (CSF)/NIST SP 800-53 (ID.AM-2: software inventory, PR.DS-6: software/data integrity)	Version control security: encrypted repos, restricted access, Two-Factor Authentication (2FA) on all accounts Encrypt code/scripts dealing with patient data; anonymize test data Isolate development/test environments; block untrusted extensions/packages and insecure internet/API access Dependency management: check for security, update regularly and remove modules not in use Define strict access levels for read/write/execute operations Secure cloud development: encrypted storage, RBAC, HIPAA/GDPR compliance
Management of the design and development—secure configuration	Insecure configurations and cloud configuration errors leading to data leaks.	ISO/IEC 27001—technological controls CIS—secure configurations NIST SP 800-53 (CM-2: baseline configuration, CM-6: configuration settings, CM-3: configuration change control)	Utilize Cloud Security Posture Management (CSPM) to detect and repair cloud misconfigurations. Store keys in HSM/KMS and limit over-privileged accounts Hardening of systems: disabling unnecessary ports/services; strict enforcement of firewalls; patching regularly Configure LLM-specific settings: filter prompts/responses, use Data Loss Prevention (DLP) for PHI, log only what is needed
Management of the design and development—network security	Vulnerability to hacking, ransomware, phishing, and other reported network threats.	ISO/IEC 27001—technological controls CIS controls—network infrastructure management/network monitoring and defense NIST SP 800-53 (SC-7: boundary protection, SC-20: secure name/address resolution service)	Encrypt all network traffic; use user-level tokens for external APIs Isolate health traffic via VPN, or network segmentation Protect against attacks Mobile/Wi-Fi security: Warn users to use secure networks; implement certificate pinning
Management of the design and development—monitoring and maintenance	Requires regular updates, patches, and penetration testing; some studies reported maintenance deficiencies. Continuous monitoring of chatbot health and performance.	ISO/IEC 27001—technological NIST SP 800-53 (SA-3: system development life cycle, CA-7: continuous monitoring)	Continuously monitor chatbot responses and clinical outputs. Review random conversations via dashboards in order to detect unsafe or inconsistent advice Record all user activities in audit logs. Integrate with Security Information and Event Management (SIEM) for real-time detection of data leaks or intrusions. Monitor medical network traffic Periodically patch and update all LLM modules, databases, and servers; retrain models with updated clinical guidelines; delete old patient data according to GDPR/HIPAA regulations
Management of the design and development—safe SDLC	Lack of secure development protocols and pre-deployment evaluation standards in some studies, lack of a dedicated process for developing health chatbots.	NIST SP 800-53/NIST SP 800-218 (SSDF) ISO/ IEC 27001—technological controls	Analysis and design: Specify the requirements for a privacy-by-design approach; specify health-specific risks like PHI leakage; segregate sensitive data; create a record of compliance with HIPAA/GDPR/ISO Development: Use secure coding; mask/redact patient information; securely handle dependencies, use static code analysis Testing: Carry out dynamic security testing, medical-focused penetration tests, and fuzz testing against real-world scenarios Deployment: Harden server and API configuration; segregate production from test and development; apply Zero Trust. Monitor first interactions in real time Maintenance and upgrade: Release patches, review architecture for new threats, update encryption, log and analyze security events Decommissioning: Delete all the patient data securely; document the retirement; make sure no keys, models, or logs remain
Management of the design and development—innovation informed consent procedures on platform	Consent forms are long/complicated; suggest interactive methods and summarize risk for users.	GDPR—fundamental user rights HIPAA—administrative ISO/IEC 27001—people controls NIST privacy framework/NIST AT—awareness and training	Short, stepwise consent: Give consent in small, clear steps - collection → storage → processing Multimodal explanation: Utilize videos or audio to explain terminology to low-literacy users Interactive confirmation: Let users confirm each section, instead of a single checkbox Highlighting risks: Emphasize key risks such as data leakage or limitations within chatbots Granular options: allow explicit opting-in/out for each type of data Plain language: Avoid legal jargon; use simple explanations. o Dynamic management: Users can revoke consent at any time
Management of the design and development—safe decommissioning	Lack of secure policies for retiring services; risk of leaks during system decommissioning.	HIPAA—physical GDPR—data protection principles ISO/IEC 27001—organizational/technological controls NIST SP 800-53 (MP-6: media sanitization)/NIST SP 800-64 (security considerations in the system development life cycle)	Cryptographic deletion: Fully erase conversations, metadata, and backups using multi-pass or crypto-shredding Revoke keys and access: Remove all encryption keys, tokens and developer/operator access Hardware and infrastructure: Securely wipe or destroy disks, servers, and cloud storage Document and comply: Write down the steps of deletion in the audit report; be HIPAA/GDPR compliant; provide the certificate if needed Blockchain logging: Log the deletion process for transparency permanently Inform users: Let users know that their data has been deleted and the chatbot has retired Decommission checklist: Utilize a step-by-step checklist covering data, APIs, keys, and final security review
Management of the design and development—warning and disclaimers	Need to clarify chatbot limitations and provide users with information about capabilities/errors.	HIPAA—administrative/technical GDPR—fundamental user rights NIST SP 800-30 (risk assessment)/NIST SP 800-53 (SI-3: malicious code protection, SI-7: software, firmware, and information integrity)	Data usage notice: Specify what data is collected-symptoms, medicines, history-and for what purpose Security disclaimer: Inform the users about security limits Storage and transfer notice: State E2EE use and where data are stored (local, cloud, hospital). User rights: Describe rights to access, rectification, and erasure (e.g., GDPR) Dynamic warnings: Warn users before sending sensitive data: ID, medical files Security confirmation: User must confirm the privacy and security policies before use Acknowledgement tracking: Record when the user viewed and acknowledged notifications Incident notification: Alert users in cases of a security incident Multi-layer disclaimers include security and clinical warnings for clarity
Management of the design and development-cooperation between developers and healthcare instructions	Need for clinical involvement in design and testing for clinical compatibility of chatbots, incompatibility with treatment policies and protocols.	HIPAA—administrative ISO/IEC 27001— organizational controls	Co-design: Involve clinicians in design, collect necessary clinical data only Joint security audits: Penetration testing and security reviews with hospital IT; follow NIST/ISO 27001 and clinical checklists Data management and privacy: define storage location, retention policies Joint training: Instruct clinicians on safe use and developers on health data privacy/legal rules Security and ethics committee: Ongoing review by developers, clinicians, and legal experts Blockchain transparency: Record developer–hospital interactions in an immutable manner Shared sandboxes: Secure environments with anonymized data for testing Shared accountability: Well-defined roles and responsibilities regarding incidents-whether a data breach or a clinical error
Information security and confidentiality level—technical	The need to implement technical controls: encryption, MFA, logging, monitoring.	HIPAA—technical CIS—technical controls ISO/IEC 27001—technological controls NIST SP 800-53 (SC: system and communications protection)	Sensitive data focus: Health chatbots handle medical data and influence clinical outcomes. Advanced technical measures include the use of strong encryption, session management, prompt data leak prevention, and monitoring for conversation integrity
Information security and confidentiality level—managerial	The need for policies, accountability, risk management, and periodic assessments at the organization level	ISO/IEC 27001—organizational controls HIPAA—administrative safeguards NIST SP 800-53 (PM: program management, PL: planning, RA: risk assessment)	Defined roles and access control: Appoint a Data Security Officer, define all teams’ access levels, and enforce the least-privilege access Organizational policies: Develop security policies addressing PHI, create separate incident-reporting procedures for clinical and security, and establish clear collaboration guidelines with outside providers Workforce controls: Perform staff screening, require Non-Disclosure Agreement (NDAs), and monitor developer access to sensitive environments Clinical governance: Establish a governance framework that ensures health data is handled ethically, clinically, and securely
Information security and confidentiality level—physical	The importance of controlling physical access to servers, workstations, and storage devices	HIPAA—physical ISO/IEC 27001—physical controls GDPR—data protection principles NIST SP 800-53 (PE: physical and environmental protection)	Multi-environment protection: Protect all environments where the chatbot is operating—home, hospital, and cloud-against PHI exposure Security of devices and medical equipment: Security of connected medical devices ensures safe data exchange Geographical and legal controls: Apply restrictions dependent on location and/or specific legal compliance when handling health data
Information security and confidentiality level—technological	Storage architecture (centralized/decentralized), lack of use of up-to-date technologies to maintain information security and confidentiality	HIPAA—technical GDPR—data protection principles ISO/IEC 27001—technological controls NIST CSF—protective technology and data security	Enhanced protection of clinical data: Patient records and medical conversations are sensitive, hence requiring higher confidentiality Beyond classic IT security: Protection of health data from multiple sources, secure health cloud environments, prevention of specific attacks against LLMs, and explainable algorithmic processing Advanced techniques include dynamic anonymization, medical data watermarking, continuous HIPAA/GDPR compliance monitoring, and blockchain-based consent management
Stakeholders	Diverse stakeholder groups require different educational messages and distinct decision-making processes; access mechanisms and levels of clinical competence for those who have access to conversation history are required. Lack of awareness and training of users and employees.	ISO/IEC 27001—people, organizational controls HIPAA—administrative NIST SP 800-53	Stakeholder-centered security: Health chatbot security is based on well-defined roles across all stakeholders throughout the system lifecycle Policymakers and regulators: Establish clinical data protection policies, specify national and international requirements for LLM use, and establish governance frameworks Developers should implement secure design by using strong encryption, multi-level access control, and observing technical and legal standards Security teams: Monitor threats continuously, assess compliance, update defenses, and refine security policies Providers and end users: Use of chatbots needs to align with clinical ethics; users are responsible for credential management, informed consent, and understanding system limitations Investors: Verify compliance, assess privacy and business risks, and fund secure, regulation-aligned innovation Organizational managers: To align chatbot implementation with institutional policies, manage resources, and assure security and clinical requirements
Software/Hardware/Middleware	The need for data protection at all levels	HIPAA—technical/physical CIS—critical controls ISO/IEC 27001—physical/technological controls NIST SP 800-53	Software/Hardware/Middleware: In health chatbots, these layers need to be designed according to clinical protocols and legal requirements; they have to strictly control where sensitive data is stored, how it is processed, and how it is shared with LLM components Layer coordination: Proper alignment of these three layers with the rest of the conceptual model strengthens data protection and increases trust among users and healthcare organizations

Discussion

The current study was conducted with the aim of identifying the challenges and solutions related to information security and confidentiality in health chatbots and designing a conceptual model to manage these challenges. Findings from the scoping review indicated that despite the growing use of health chatbots across various domains—including psychotherapy, chronic care, and educational support—there remains an insufficient and fragmented approach to addressing user data security and privacy in a systematic and comprehensive manner. The findings of the present study are consonant with the results of prior review studies, which have consistently emphasized that unauthorized access, inadequate consent mechanisms, insufficient data encryption, and non-compliance with regulations are significant and persistent security and privacy concerns for health chatbots.^18–26 Yet, in comparison with prior reviews, which often focused on listing risks and proposing general solutions, the value added by the current study lies in the advancement of the field through its comprehensive conceptual model, which integrates technical, managerial, human, and legal dimensions. While previous reviews strongly recommended separate mitigation strategies, such as data encryption, secure transmission, or consent protocols, the present model provides a holistic, well-structured framework that covers the entire lifecycle of chatbot data, from collection and storage to deletion, mechanisms for continuous monitoring, policy enforcement, and user training. Moreover, it goes a step further than previous studies by including ethical considerations and specific AI-related risks, particularly for those chatbots based on large language models. It is for this reason that the present study represents one of the few works that, after explicitly mapping solutions with regard to identified challenges and operationalizing them within a validated conceptual model, offer a practical multi-dimensional tool able to guide developers, healthcare organizations, and policy makers in ensuring strong information security with confidentiality in deploying health chatbots. Also, it emphasizes data lifecycle management from collection up to secure deletion and considers concepts such as data minimization, distributed storage, and multi-factor authentication. Such features are particularly important in delicate contexts such as psychotherapy or medical consultations, where very sensitive user data is being dealt with.

The utilitarian uses of the model in this current research are also significant. Chatbot developers can utilize this model for building interactive systems for consent management, secure development lifecycle processes, and encryption of sensitive health information. Healthcare organizations will be able to implement local and global security and privacy policies, monitor user access and activity, and regularly monitor the performance of chatbots. Regulators and policymakers can also set legal procedures and guidelines specific to health and promote stakeholder education to enhance the level of acceptance and compliance with data protection regulations by harmonizing international and domestic standards.

Quite a number of caveats aside, there are still certain limitations that must be pointed out. The language limitation in the scoping review and the limited access to specific databases may have excluded relevant studies published in languages other than English. Attempts were made to have extensive coverage of renowned databases, but the review was restricted to English language studies. There is also a possibility of publication bias in this, like any other scoping review, where the chances of publication and, consequently, inclusion are higher for studies with significant or positive results. Further studies should be conducted covering more varied databases and phasing out the language restrictions in order to make the review broader. Another restriction is the narrow scope of implementing and operating the conceptual model as envisioned. Observe that the realization of the same would necessitate significant cross-sectoral cooperation between technology developers, regulators, healthcare establishments, and end-users. Among the top challenges in this regard is the lack of local legal tools in the majority of countries to implement health chatbots, and the inconsistency of international legislations, thus hampering the utilization of uniform national standards. Secondly, even though the proposed model has been tested via expert panels, practical experience-based empirical measurement is yet to be addressed. Future studies could involve field trials and longitudinal evaluations to determine the effectiveness of the model to reduce security incidents and user trust in quantitative terms. Also, another limitation is the panel size and its national limitation, which limits the generalizability of the findings to the international level. It is suggested that future research validate the model with larger, international, and multidisciplinary panels to improve generalizability and increase the external validity of the model. On the other hand, some resources and frameworks may be outdated and may not cover recent changes in laws and technologies, especially health chatbots. Also, most of the existing frameworks and standards are generic and do not cover the specific details of health chatbots, which the present study attempted to fill this gap.

Conclusion

With health chatbot applications growing exponentially, the need to address the security and confidentiality of users’ data has become imperative. The findings of the current study revealed that despite there being research that has recognized security concerns, few of them have been profound and sustained enough to outline technical, legal, and managerial remedies. The present study mapped out the literature gaps and developed a comprehensive conceptual model that addressed systematically all concerns pertaining to security in health chatbots. A primary feature of this model is its integration of technical solutions and human, legal, and strategic elements, possibly fostering increased user confidence and making it possible to use this technology in more widespread applications within healthcare systems. Nonetheless, in order to assess the actual usefulness of the model proposed, further field studies under natural conditions are necessary. Subsequent research is also invited to transcend language limitations and utilize more heterogeneous databases to extend and strengthen this framework.

Supplemental Material

sj-docx-1-dhj-10.1177_20552076251406637 - Supplemental material for Information security and confidentiality in health chatbots: A scoping review and development of a conceptual model

Supplemental material, sj-docx-1-dhj-10.1177_20552076251406637 for Information security and confidentiality in health chatbots: A scoping review and development of a conceptual model by Tahere Talebi Azadboni, Fahimeh Solat, Hanieh Hematti and Meysam Rahmani in DIGITAL HEALTH

Footnotes

Acknowledgments

This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors.

ORCID iDs

Tahere Talebi Azadboni

Fahimeh Solat

Hanieh Hematti

Meysam Rahmani

Competing interests

The authors declare that there are no conflicts of interest.

Authors’ contributions

Conceptualization: T.T., M.R., F.S., and H.H.; methodology: T.T., F.S., and H.H.; formal analysis: T.T., F.S., and H.H.; investigation: T.T., F.M, and H.H; writing—original draft: T.T. and F.S.; writing—review and editing: T.T. and M.R.; supervision: T.T. All authors have read and agreed to publish the manuscript.

Consent for publication

We confirm that the manuscript has been read and approved by all named authors and that no other persons have satisfied the criteria for authorship but are not listed. We further confirm that all have approved the order of authors listed in the manuscript.

Ethical considerations

This study was performed in line with the principles of the Declaration of Helsinki. Approval was granted by the Ethics Committee of Saveh University of Medical Sciences (IR.SAVEHUMS.REC.1403.063).

Funding

The authors received no financial support for the research, authorship, and/or publication of this article.

Declaration of Conflicting Interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Data availability

The data that support the findings of this study are available from the corresponding author [F.S, M.R], upon reasonable request.

Supplemental material

Supplemental material for this article is available online.

Appendices

References

Calvaresi

Calbimonte

J-P

Siboni

, et al. Erebots: privacy-compliant agent-based platform for multi-scenario personalized health-assistant chatbots. Electronics (Basel) 2021; 10: 66.

Yang

Chen

Y-L

Por

, et al. A systematic literature review of information security in chatbots. Appl Sci 2023; 13: 6355.

Hasal

Nowaková

Ahmed Saghair

, et al. Chatbots: security, privacy, data protection, and social aspects. Concurr Comput Practice and Experience 2021; 33: e6426.

Mosalanezhad

. Chat GPT in medicine and health: a comprehensive look at emerging technology as a double-edged sword of education in care and ethics in application. J Educat Ethics Nursing 2023; 12: 1–2.

Liu

, et al.

Mandy: towards a smart primary care chatbot application.

International symposium on knowledge and systems sciences. Singapore: Springer, 2017, pp.38–52.

Roca

Sancho

García

, et al. Microservice chatbot architecture for chronic patient support. J Biomed Inform 2020; 102: 103305.

Barreda

Cantarero-Prieto

Coca

, et al. Transforming healthcare with chatbots: uses and applications-A scoping review. Digit Health 2025; 11: 20552076251319174.

Marks

Haupt

. AI Chatbots, health privacy, and challenges to HIPAA compliance. JAMA 2023; 330: 309–310.

Surani

Das

. Understanding privacy and security postures of healthcare chatbots. Chi 2022; 22: 1–7.

10.

Sebastian

. Privacy and data protection in ChatGPT and other AI chatbots: strategies for securing user information. Int J Secur Privacy Pervasive Computing (IJSPPC) 2023; 15: 1–14.

11.

Deng

Wuyts

Scandariato

, et al. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng 2011; 16: 3–32.

12.

May

Denecke

. Security, privacy, and healthcare-related conversational agents: a scoping review. Informatics for Health and Social Care 2022; 47: 194–210.

13.

Anaya

Braizat

Al-Ani

. Implementing AI-based chatbot: benefits and challenges. Procedia Comput Sci 2024; 239: 1173–1179.

14.

Dastani

Mohseni

. Artificial intelligence chatbots in medical education: a literature review of potential benefits and challenges. Int J Med Rev 2024; 11: 710–715.

15.

Goumas

Dardavesis

Syrigos

, et al. Chatbots in cancer applications, advantages and disadvantages: all that glitters is not gold. J Pers Med 2024; 14: 77.

16.

Choudhury

Katal

J-S

, et al. Telemedicine: the computer transformation of healthcare. Cham, Switzerland: Springer, 2022.

17.

Sunarti

Rahman

Naufal

, et al. Artificial intelligence in healthcare: opportunities and risk for future. Gac Sanit 2021; 35: S67–S70.

18.

Chow

JCL

Wong

. Generative Pre-trained transformer-empowered healthcare conversations: current trends, challenges, and future directions in large language model-enabled medical chatbots. BioMedInformatics 2024; 4: 837–852.

19.

Garcia Valencia

Suppadungsuk

Thongprayoon

, et al. Ethical implications of chatbot utilization in nephrology. J Pers Med 2023; 13: 1363.

20.

Ittarat

Cheungpasitporn

Chansangpetch

. Personalized care in eye health: exploring opportunities, challenges, and the road ahead for chatbots. J Pers Med 2023; 13: 1679.

21.

Kral

Hradis

Buzga

, et al. Exploring the benefits and challenges of AI-driven large language models in gastroenterology: think out of the box. Biomed Pap Med Fac Univ Palacky Olomouc Czech Repub 2024; 168: 277–283.

22.

. Security implications of AI chatbots in health care. J Med Internet Res 2023; 25: e47551.

23.

Maher

Singh

Wylde

, et al. Virtual health assistants: a grand challenge in health communications and behavior change. Frontiers in Digital Health 2024; 6: Article.

24.

Ravindar

Gupta

Abdul-Zahra

, et al. Healthcare chatbots with nlp and cybersecurity: safeguarding patient data in the cloud. ICAIIHI 2023; 1: 1–7.

25.

Chametka

Maqsood

Chiasson

. Security and privacy perceptions of mental health chatbots. In: 2023 20th Annual International Conference on Privacy, Security and Trust, PST 2023; 1: 1–7.

26.

Tian

, et al. A privacy-preserving framework for mental health chatbots based on confidential computing. In: Raja

(ed.) Proceedings - 2022 IEEE SmartWorld, ubiquitous intelligence and computing, autonomous and trusted vehicles, scalable computing and communications, digital twin, privacy computing, metaverse SmartWorld/UIC/ATC/ScalCom/DigitalTwin/PriComp/metaverse. Haikou, China: IEEE, 2022, pp.1119–1124.

27.

Ahmad

Siemon

Gnewuch

, et al. The benefits and caveats of personality-adaptive conversational agents in mental health care. In: 27th Annual Americas Conference on Information Systems, AMCIS 2021, August 9–13: 1–20.

28.

Claman

Sezgin

. Artificial intelligence in dental education: opportunities and challenges of large language models and multimodal foundation models. JMIR Med Educ 2024; 10: e52346–20240927.

29.

Coghlan

Leins

Sheldrick

, et al. To chat or bot to chat: Ethical issues with using chatbots in mental health. Digital Health 2023; 9: e20552076231183542.

30.

Garcia Valencia

Suppadungsuk

Thongprayoon

, et al. Ethical implications of Chatbot utilization in nephrology. J Pers Med 2023; 13: 1363.

31.

Kocaballi

Sezgin

Clark

, et al. Design and evaluation challenges of conversational agents in health care and well-being: selective review study. J Med Internet Res 2022; 24: e38525.

32.

Kretzschmar

Tyroll

Pavarini

, et al. Can your phone be your therapist? Young people's ethical perspectives on the use of fully automated conversational agents (chatbots) in mental health support. Biomed Inform Insights 2019; 11: 1178222619829083.

33.

Martinez-Martin

Kreitmair

. Ethical issues for direct-to-consumer digital psychotherapy apps: Addressing accountability, data protection, and consent. JMIR Ment Health 2018; 5: e9423.

34.

U.S Department of Health and Human Services. Health Information Privacy, https://www.hhs.gov/hipaa/index.html (2024, accessed 14. NOV.2025).

35.

Computer Security Resource Center. National Institute of Standards and Technology (NIST). NIST Special Publication 800, https://csrc.nist.gov/publications/sp800 (2024, accessed 14,NOV,2025).

36.

European Union Regulation. Protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), https://eur-lex.europa.eu/eli/reg/2016/679/oj (2016, accessed 14,NOV,2025).

37.

Center for Internet Security (CIS). CIS Controls v8, https://www.cisecurity.org/controls/cis-controls-list (2021, accessed 14,NOV,2025).

38.

International Organization for Standardization (ISO). ISO/IEC 27001:2022 – Information Security, Cybersecurity and Privacy Protection, https://www.iso.org/standard/27001 (2022, accessed 14,NOV,2025).

Supplementary Material

Please find the following supplemental material available below.

For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.

For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.

0.00 MB

0.04 MB