Apple's ResearchKit: The Privacy IssuesCould Open Design Open the Door to Fraudsters?
For instance, while the ResearchKit platform makes it easy for researchers and developers to create apps for medical studies, "by the same token, the platform makes it easy for malicious developers to create apps that could capture an individual's most personal and private information - including genomic data - and make it available to employers, insurance companies, financial institutions, and anyone else who wants to pay for it - potentially transforming the individual's life forever," notes privacy and security expert Dixie Baker, senior partner at consulting firm Martin, Blanck and Associates. "Even if a consumer trusts the Apple platform, how does she know that an app can be trusted?"
Apple's new ResearchKit is a set of open source developer tools designed to enable researchers to develop applications for clinical studies. Consumers can choose to participate in studies by sharing with researchers select health data from their iOS-8 based Apple iPhones. ResearchKit taps into the specific health data consumers agree to share from HealthKit, a software tool that allows health and fitness apps to work on their iOS 8 devices.
If a consumer chooses to participate in a ResearchKit study, they download the study app, which contains an informed consent form describing the research, including patient eligibility, such as having type 2 diabetes, Parkinson's or another illness or condition being studied.
"If you're going to use the app, you go to the informed consent, which outlines the risks and benefits, and what we do with the data," says Stanley Shaw, M.D. a cardiologist and principal investigator at Massachusetts General Hospital. The Boston-based hospital is making available GlucoSuccess, an app enabling the study on how behavior, such as exercise and diet, affect the glucose measurements of patients with type 2 diabetes.
Patients who participate in GlucoSuccess agree to share information for the study, including includes height, weight, gender, blood glucose, steps, and diet, such as carbohydrates.
That data is encrypted when it's sent, and researchers cannot connect the health data back to the individuals who shared that data because it's de-identified, Shaw explains.
Sage Bionetwork designed the consent form used in ResearchKit studies, he says. After the one-year GlucoSuccess study is over, participants can choose to participate in secondary studies using their health data.
Back-end account information is maintained separately by Sage Bionetwork from the de-identified health data that's shared by the individuals and collected for the various studies, explains John Wilbanks, Sage Bionetwork's chief commons officer.
"No identifiable health information comes in," he says. And even with the health information that is shared by consumers for the research, "we can be very limited in the data we gather" for each study, WIlbanks says.
For instance, Sage Bionetworks is participating in a ResearchKit study, Parkinson mPower, in which Parkinson's patients are asked to "vocalize into the microphone" of their iPhone with a variety of sounds, he says. "But we don't ask them to say sentences because those recordings would be far more identifiable if I can recognize the voice," he says.
Also, utilizing data from a meter on their iPhone tools, "we ask [Parkinson's study participants] to take 20 steps forward and 20 steps back to measure gait - but we don't take GPS coordinates," to further ensure that individuals' information is de-identified, he says.
Despite the data protection steps Apple and its ResearchKit partners are taking, there are potential privacy and security pitfalls ahead, says Baker, the consultant.
"I strongly support the 'mission' of the ResearchKit framework - making it easier for individuals to make their health data available to support the advancement of biomedical knowledge," she says.
Positive measures for protecting patient health data include "the fact that Apple has made its ResearchKit software open source, which increases the likelihood that any security bugs in the platform software will be identified, reported, and addressed quickly," Baker says. She also notes that Apple hardware and the iOS operating system "offer security features not available from other mobile platforms."
Nevertheless, she says, "the principal privacy and security risks are the lack of regulation and control over apps built to run on the ResearchKit platform, and vulnerabilities relating to the storage and protection of collected data."
Baker notes that laws and regulations, such as HIPAA, that govern the collection, use and protection of health and medical data do not apply to data collected and shared by an app that a consumer chooses to use. "So as long as the apps don't offer medical diagnoses and advice, the apps are not currently regulated by the FDA. And for researchers outside the U.S., what privacy and security laws apply?"
ResearchKit is designed to interoperate with apps built on Apple's HealthKit framework, "which could make an enormous amount of health-related data available," Baker says. "It's not clear how ResearchKit and end users determine which apps have access to what data, for what purposes, and for how long. Nor is it clear how an individual withdraws her data or changes her permissions. If researchers are able to download data to their own computers, what rules apply?
"ResearchKit data presumably will be stored in clouds, which offer attackers rich reward, since health information is now considered far more marketable than financial data."
Deborah Peel, M.D., founder of advocacy group Patient Privacy Rights, has other concerns. "People should worry, but not about Apple's privacy or security, because Apple has proclaimed it will not use any health data it processes/touches/accumulates except to transfer it to others. Apple states that it will not sell or use our health information at all," she notes. "The entities to worry about are data holders or data generators - apps and devices - that use Apple's secure transport system to transfer our data to another entity such as a researcher or hospital or any other third party."
Another potential privacy issue is "that once an individual or business or healthcare company gets your health information, there is no way to know what they do with it," Peel says. "There is no chain of custody for health data. ... Our data is so valuable we can't trust anyone or any claims they make without verification."
But attorney Stan Crosely, director of the Indiana University Center for Law, Ethics and Applied Research in Health Information and counsel at law firm Drinker Biddle & Reath, calls the ResearchKit "a tremendously exciting development for researchers." He notes: "We have been discussing for many, many years the gap we have between traditional clinical research and epidemiological and lifestyle data - in essence trying to assess the impact of whether a participant takes therapy as prescribed for the trial, whether exercise, or diet, or sleep or other habits impact success or failure of a therapy."
When it comes to the consent that patients give to participate in the ResearchKit studies and actually sharing their data, the model provides potential benefits versus some traditional clinical research projects, he contends.
"This app-based data collection is certainly more straightforward than we have with data collected as part of patient treatment in a HIPAA setting where many chronically and seriously ill individuals struggle to get their data released to researchers to undertake research that the patient finds important. In other words, by interacting directly with researchers outside of HIPAA, patients are free to have their data used for "breast cancer research" rather than needing to specify a very specific trial.
Nonetheless, it's important that the consent forms are clear regarding the scope of use and the risks that attend to such data uses, he says. "If they are, then I believe participants will be sufficiently informed about its use. Of course, there can always be bad actors who use data outside the scope permitted in the consent, but such bad actors should simply be prosecuted and banned by Apple."