How Could Commercial Terms of Use and Privacy Policies Undermine Informed Consent in the Age of Mobile Health?

doi:10.1001/amajethics.2018.864

Cited by 18 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, online data privacy has become another important discussion point, especially for providers who integrate mobile health apps and other online tools into clinical practice with patients. These apps and tools, especially commercially developed ones, frequently contain convoluted and complex terms of use and privacy policies that are not easily understandable to users yet allow companies to use data in ways they see fit, often without users' full knowledge (Schairer, Rubanovich, & Bloss, 2018). This is problematic, particularly for AYAs who have fewer privacy concerns or who might not perceive as many consequences from information disclosure.…”

Section: Implications For Health Care and Clinical Practicementioning

confidence: 99%

Privacy perceptions and norms in youth and adults.

Bietz¹,

Cheung²,

Rubanovich³

et al. 2019

Clinical Practice in Pediatric Psychology

View full text Add to dashboard Cite

Objective: This exploratory study examines privacy perceptions and preferences among adolescent and young adult (AYA) and adult individuals with an emphasis on health-related information. Method: Participants (N ϭ 112) completed surveys including measures of privacy concern, consumer control of information, online privacy concern and behavior, and sensitivity of personal information. Results: AYAs (n ϭ 36) and adults (n ϭ 76) showed similar levels of general privacy concern; specifically, their ratings of the sensitivity of non-health-related personal data did not differ. AYAs' ratings of various health information sensitivities were lower than adults' ratings, and AYAs reported less concern on subscales addressing online and consumer data collection. Conclusion: Discrepancies between AYA and adult responses to different privacy scales suggest contextual integrity at work. That is, AYAs' and adults' privacy perceptions differ based on the type of information being shared, and they draw on different norms to govern information flow. AYAs are more likely to feel they have control over their personal information and feel comfortable employing privacy protecting strategies. AYAs are less likely to see online information collection as a violation of an implied social contract. This study highlights differences in AYA and adult attitudes toward privacy and suggests that AYAs care about privacy but perceive certain types of information collection as less threatening than adults. Implications for Impact StatementAdolescents and young adults (AYAs) and adults follow different norms with regards to appropriate information flow. Policymakers, parents, educators, and others who are charged with protecting young people should be aware that AYAs may be more open to information flows that they perceive as appropriate, including health information flows. Healthcare providers who encourage AYAs to use mobile health apps and devices should be mindful of privacy concerns as they work to serve their patients' best interests.

show abstract

Section: Implications For Health Care and Clinical Practicementioning

confidence: 99%

Privacy perceptions and norms in youth and adults.

Bietz¹,

Cheung²,

Rubanovich³

et al. 2019

Clinical Practice in Pediatric Psychology

View full text Add to dashboard Cite

show abstract

“…As such, the EULA does not parallel the clinical or research-informed consent framework, and there is much that can be applied regarding the ethical use of eHealth technology. Though informed consent is required to cover aspects of privacy, risks, and ethical use of data, it still falls short in similar ways to the typical EULA, such as falling into the trap of long, technical, and difficult-to-understand language (ie, above recommended reading levels), and often requiring supplemental scripts describing the process in more granular steps, using plain layperson’s terms, and requiring comprehension checks [ 20 , 28 , 31 , 32 , 34 , 46 - 48 ], though this has historically not been a standardized process [ 49 ]. The goal of this project was to respond to previous EULA and consent framework limitations and address the concerns that users had.…”

Section: Discussionmentioning

confidence: 99%

“…EPI-CAL’s design relies on clients with EP “choosing” to share their data for analysis outside of standard clinical care by agreeing to a EULA that allows the software to be used to collect, transfer, and present client data. To create an adequate EULA in this setting, previous research suggests that EULAs should be relevant and understandable [ 27 ], use video explanations [ 28 , 29 ], set the reading level to sixth to eighth grade [ 27 , 30 ], include comprehension checks [ 31 , 32 ], offer explicit “opt-in” selections [ 16 , 30 , 33 , 34 ], and include options to request ending data collection or delete data entirely [ 30 ]. Unfortunately, such proposals are rarely implemented in practice [ 35 ], and therefore, our team sought to elicit feedback from relevant community partners to inform the design of a EULA that incorporates best practices for informed data sharing in an EP setting.…”

Section: Introductionmentioning

confidence: 99%

Incorporating Community Partner Perspectives on eHealth Technology Data Sharing Practices for the California Early Psychosis Intervention Network: Qualitative Focus Group Study With a User-Centered Design Approach

Tully,

Nye,

Ereshefsky

et al. 2023

JMIR Hum Factors

View full text Add to dashboard Cite

Background Increased use of eHealth technology and user data to drive early identification and intervention algorithms in early psychosis (EP) necessitates the implementation of ethical data use practices to increase user acceptability and trust. Objective First, the study explored EP community partner perspectives on data sharing best practices, including beliefs, attitudes, and preferences for ethical data sharing and how best to present end-user license agreements (EULAs). Second, we present a test case of adopting a user-centered design approach to develop a EULA protocol consistent with community partner perspectives and priorities. Methods We conducted an exploratory, qualitative, and focus group–based study exploring mental health data sharing and privacy preferences among individuals involved in delivering or receiving EP care within the California Early Psychosis Intervention Network. Key themes were identified through a content analysis of focus group transcripts. Additionally, we conducted workshops using a user-centered design approach to develop a EULA that addresses participant priorities. Results In total, 24 participants took part in the study (14 EP providers, 6 clients, and 4 family members). Participants reported being receptive to data sharing despite being acutely aware of widespread third-party sharing across digital domains, the risk of breaches, and motives hidden in the legal language of EULAs. Consequently, they reported feeling a loss of control and a lack of protection over their data. Participants indicated these concerns could be mitigated through user-level control for data sharing with third parties and an understandable, transparent EULA, including multiple presentation modalities, text at no more than an eighth-grade reading level, and a clear definition of key terms. These findings were successfully integrated into the development of a EULA and data opt-in process that resulted in 88.1% (421/478) of clients who reviewed the video agreeing to share data. Conclusions Many of the factors considered pertinent to informing data sharing practices in a mental health setting are consistent among clients, family members, and providers delivering or receiving EP care. These community partners’ priorities can be successfully incorporated into developing EULA practices that can lead to high voluntary data sharing rates.

show abstract

“…Users often agree on the assumption of minimal risk, as reading dense policies is onerous and time-consuming 118 119 120 . Moreover, while Article 7 of the GDPR specifies that information sharing as a condition of use may prohibit consent from being “freely given” if processing of data is not necessary for performance of such a contract 18 , the literature notes that users are frequently required to agree to data sharing in order to access relevant mHealth devices and services 79 121 , which may also predispose them to agree to privacy policies or terms without full perusal or understanding.…”

Section: Themesmentioning

confidence: 99%

Developments in Privacy and Data Ownership in Mobile Health Technologies, 2016-2019

Galvin

DeMuro²

2020

Yearb Med Inform

View full text Add to dashboard Cite

Objectives: To survey international regulatory frameworks that serve to protect privacy of personal data as a human right as well as to review the literature regarding privacy protections and data ownership in mobile health (mHealth) technologies between January 1, 2016 and June 1, 2019 in order to identify common themes. Methods: We performed a review of relevant literature available in English published between January 1, 2016 and June 1, 2019 from databases including PubMed, Google Scholar, and Web of Science, as well as relevant legislative background material. Articles out of scope (as detailed below) were eliminated. We categorized the remaining pool of articles and discrete themes were identified, specifically: concerns around data transmission and storage, including data ownership and the ability to re-identify previously de-identified data; issues with user consent (including the availability of appropriate privacy policies) and access control; and the changing culture and variable global attitudes toward privacy of health data. Results: Recent literature demonstrates that the security of mHealth data storage and transmission remains of wide concern, and aggregated data that were previously considered “de-identified” have now been demonstrated to be re-identifiable. Consumer-informed consent may be lacking with regard to mHealth applications due to the absence of a privacy policy and/or to text that is too complex and lengthy for most users to comprehend. The literature surveyed emphasizes improved access control strategies. This survey also illustrates a wide variety of global user perceptions regarding health data privacy. Conclusion: The international regulatory framework that serves to protect privacy of personal data as a human right is diverse. Given the challenges legislators face to keep up with rapidly advancing technology, we introduce the concept of a “healthcare fiduciary” to serve the best interest of data subjects in the current environment.

show abstract

How Could Commercial Terms of Use and Privacy Policies Undermine Informed Consent in the Age of Mobile Health?

Cited by 18 publications

References 18 publications

Privacy perceptions and norms in youth and adults.

Privacy perceptions and norms in youth and adults.

Incorporating Community Partner Perspectives on eHealth Technology Data Sharing Practices for the California Early Psychosis Intervention Network: Qualitative Focus Group Study With a User-Centered Design Approach

Developments in Privacy and Data Ownership in Mobile Health Technologies, 2016-2019

Contact Info

Product

Resources

About