By Jeremy Block
Today, I attended a talk at Health Sciences Department, University of Pittsburgh. The original title of the talk was “Digital Health & mHealth Research: Design and eConsent Best Practices” and changed to the one as the title of this blog post by the speaker. I planned to attend this talk for this week, because it appealed me due to confidentiality, privacy and data security, and health key words in the abstract of it (Information security in medical cyber physical systems & pervasive health applications is my current research interest, so those keywords appealed me). I am giving the summary of the talk and my view below:
At the beginning of the talk, he expressed his view that all digital health, mHealth and health IT are the same, i.e. should be treated similarly from the aspect of ethical view. Platform may change, but they all should handle the consent and security&privacy issues related to legal and regulatory issues. Then he mention about how digital health solutions designed as he observed and participated on the studies of those systems. He highlighted the fact that digital health solutions are designed and implemented by teams, so it is an interdisciplinary work. He touched to the struggles of an interdisciplinary work and gave some recommendations. The person managing and orchestrating the interdisciplinary team should manage and understand the different cultures. In addition, s/he should identify and fill holes in development teams. Team members coming from different disciplines, like ones from IT department, and ones from IRB (institutional review board, wiki page: https://en.wikipedia.org/wiki/Institutional_review_board), may not come to a common point always due to their different concerns. Here, he mentioned about the importance of a good communication among community members.
Then, he continued with research ethics and digital health part of the presentation. He first elaborated on the eConsent issue. He talked about one of the research projects in which he involved: ResearchKit. ResearchKit was an asthma health application which users use it to learn about asthma and track/manage their asthma and which is downloaded by over 50,000 users. In this project, they took the consent of the users (eConsent) by using a layered approach. What they did is that they presented end user license aggrement document as a kind of interactive online training. They presented icons, short texts, charts and consent videos to the user. When the user wants additional detail, s/he click the icon for example and gets the detailed information, so the consent design is layered. In addition, they put a quiz in the application related to consent for regulatory purposes, i.e. to see whether the user is aware of what s/he read about the consent document. One more thing he presented as a best practice he distilled from their ResearchKit study is that, instead of providing the user with a long conset video, they seperated it into small parts and insterd questions between them. As they utilized from the acumulated experience of educationists, this was better for learning. He stated that people engage in consent in this way and this is a fun way of learning.
After consent issues, he continued with digital/m-health related risks which was a far long part and I do not want to overwhelm you with the details of this long talk. Overall, he mentioned roughly about privacy and data security issues. Some of the items in his list were: privacy&confidentiality, collecting information about bystanders, legitimacy of the consent, use of cloud for medical big data processing and so on. He also elaborated on issues which are not related to security and privacy such as mandating information from users to let them use a digital health system and justice considerations in health studies.
I think he intended the talk for the people familiar with the ethical and legal issues instead of aiming a general audience coming from many different disciplines like from computer/information science (like me). This somehow contradicts with the advices he gave at the beginning of the talk that interdisciplinary work requires good communication. I do not want to make a nonconstructive criticism, but the auditorium was crowded with people from different departments. Some concepts might be explained clearly for them like what IRB stands for, what its role etc. I had to search for it after the talk ended. However, I still gained many useful recommendation from the talk about best practices for consent and ethical issues while conducting a digital health research (not so deep information about security and privacy, and I do not find this odd due to the audience coming from different disciplines he spoke to).