Editor’s note: This post originally appeared on Medium.com on Sept. 16, 2019.

By Kimberly Milla
Elektra Labs

Sage Bionetworks co-hosted their first Mobile Research App Developer Workshop on Sept. 12 at the New York Genome Center. The event, supported by a NIH grant for ethical, legal, and social implications (ELSI) in health research using mobile technologies, sought to engage stakeholders (app developers, patient advocate groups, and security researchers) to begin conversation on governance, reliability, and privacy of data collected from connected digital tools (i.e. digital specimens). In this post, I’ll share a summary of the workshop proceedings along with reflections and resources (e.g., developer toolkits and legal resources).

John Wilbanks, CCO at Sage, and Mark Rothstein, Founding Director of the Institute for Bioethics, Health Policy, and Law at the University of Louisville School of Medicine introduced the workshop by highlighting that current practices are not regulating apps collecting data for research through governing bodies such as an Institutional Review Board (IRB). This lack of governance can lead to detriments by relying on incorrect information as well as privacy risks, such as apps selling information to third parties.

Andy Coravos gave a keynote talk that addressed the gap in overseeing digital products and regulating data governance & rights, discussing how governing organizations such as the FDA regulate based on what a company claims their products do, not necessarily based on what the products actually do (slides).

The Sage Bionetworks team then held a series of talks addressing consent, privacy, design, and engagement & enrollment. Megan Doerr talked about consent and the importance of using accessible vocabulary to inform people as well as the ethical imperative to utilize the consent to inform rather than as a pseudo-contract. This lead to the creation of Sage’s consent toolkit geared to guide researchers, app developers, and designers.

Vanessa Barone reviewed a study done in data privacy that identified people’s perception on agency in data sharing. The results showed that people’s perceptions fall in 3 groups where they feel they have no other options than providing their data (no agency), or like their data is already out there and there is nothing they can do about it (apathy), or that they have an active role in deciding what data and how it is shared (agency). Based on this study, Sage created another toolkit to help biomedical researchers, app developers, and designers improve data privacy practices in digital studies. Check it out! Thursday marked the public launch of the Sage Privacy Toolkit — it’s an excellent resource for both start-ups and big companies.

Likewise, Woody MacDuffie presented on digital systems for mobile research, where the Sage design team standardized their app design systems to have the same way to execute an action, such as clicking “next”, and utilize animations rather than lengthy text to consent participants and explain procedures in digital studies. Abhi Pratap then presented preliminary data from his research work on engagement & enrollment in digital health studies, which will be publicly shared later this month — be on the lookout for the report!

An expert panel featuring Deborah Estrin, JP Pollak, Adrian Gropper, and Maria Ebling, discussed privacy considerations in app development. The conversation focused on challenges such as accessible end-user license agreements, separation of concerns, selective sharing of data, and agency vs. paternalism. Cindy Geoghegan highlighted the important point of helping people understand what role is played by each entity that has access to their data, for example some organizations might only be responsible for storing data rather than using such data.

Next up were four lightning talks from workshop participants. Talks covered difficulties accessing pre-processed data from commercial connected tools, adapting current wearable devices to specific populations, and Miso Technologies’s work developing the “first research AI assistant”. Elektra Labs team member, Christine Manta, covered the current landscape of health IT standards for the digital medicine community, sparking conversation on whether popular standards such as FHIR are appropriate for the format and exchange of data collected on digital tools. In particular, FHIR may not (yet) be capable of storing data sampled at greater than 1Hz (1 sample per second), which is critical for remote monitoring (h/t Jameson Rogers and Mark Shervey).

Lastly, closing remarks by John Wilbanks and Mark Rothstein emphasized the importance of education and collaboration between security and biomedical researchers, app developers, and designers to protect the privacy of people’s data and uphold ethical practices in collecting and using such data. As someone new to the field of digital medicine, I was left with the urgency to shift our paradigm towards being data stewards, not data owners, particularly while the gap in regulation from governing organizations continues.