Peter A Clarke

Privacy regulators throughout the world have highlighted the potential privacy problems associated with apps.  Often their security infrastructure is poor, their privacy policies tend to the inadequate and often the means by which data is transmitted is quite insecure.  But applications are hugely popular and often very useful.  The problem is getting app developers to keep privacy protections in mind while developing apps, privacy by design, rather than tacking something totally inadequate after the fact.

To show that it is not always the back room app developers that get it wrong, the Consumerist reports in Apple Clarifies Requirements For Medical Research Apps, that Apple has had to change its guidelines regarding its new app for medical research.  As originally formulated the app had inadequate provision for consent regarding the sharing of data.  Given medical information is sensitive information for the purpose of the Privacy Act this would constitute a major problem in the Australian setting.

The article provides:

Earlier this week, Apple announced HeathKit, an open-source software framework to help medical researchers use iPhones to gather data for medical research. This raised some concerns about researchers’ plans to share data collected from the apps, as well as consent and privacy. Now Apple has revised their App Store guidelines before the kit launches, but is that enough to keep study participants informed and safe?

Here’s the change made today to Apple’s review guidelines for new apps submitted to their App Store. They added a new requirement to the section on health-related apps:

Apps conducting health-related human subject research must obtain consent from participants or, in the case of minors, their parent or guardian. Such consent must include the (a) nature, purpose, and duration of the research; (b) procedures, risks, and benefits to the participant; (c) information about confidentiality and handling of data (including any sharing with third parties); (d) a point of contact for participant questions; and (e) the withdrawal process

To be clear, ResearchKit hasn’t officially launched yet for researchers and developers, other than the five apps that Apple introduced when they announced ResearchKit to the world on Monday. Perhaps they’ll continue adding requirements before it’s time to review any new research study apps. The important clause is the one about use of data: while Apple requires that users be told how to quit a study, they aren’t required to throw out that participant’s data.

Medical studies on human subjects require informed consent: people need to know what they’re signing up for, how the study and any interventions might affect them, and what purposes their data will be used for. Moving research from a lab to a screen that’s only a few inches wide presents challenges, and it’s impossible to force users to read anything.