BLOG: Reflections from the Mobile Health App Developer Workshop

Editor’s note: This post originally appeared on on Sept. 16, 2019.

By Kimberly Milla
Elektra Labs

Sage Bionetworks co-hosted their first Mobile Research App Developer Workshop on Sept. 12 at the New York Genome Center. The event, supported by a NIH grant for ethical, legal, and social implications (ELSI) in health research using mobile technologies, sought to engage stakeholders (app developers, patient advocate groups, and security researchers) to begin conversation on governance, reliability, and privacy of data collected from connected digital tools (i.e. digital specimens). In this post, I’ll share a summary of the workshop proceedings along with reflections and resources (e.g., developer toolkits and legal resources).

John Wilbanks, CCO at Sage, and Mark Rothstein, Founding Director of the Institute for Bioethics, Health Policy, and Law at the University of Louisville School of Medicine introduced the workshop by highlighting that current practices are not regulating apps collecting data for research through governing bodies such as an Institutional Review Board (IRB). This lack of governance can lead to detriments by relying on incorrect information as well as privacy risks, such as apps selling information to third parties.

Andy Coravos gave a keynote talk that addressed the gap in overseeing digital products and regulating data governance & rights, discussing how governing organizations such as the FDA regulate based on what a company claims their products do, not necessarily based on what the products actually do (slides).

The Sage Bionetworks team then held a series of talks addressing consent, privacy, design, and engagement & enrollment. Megan Doerr talked about consent and the importance of using accessible vocabulary to inform people as well as the ethical imperative to utilize the consent to inform rather than as a pseudo-contract. This lead to the creation of Sage’s consent toolkit geared to guide researchers, app developers, and designers.

Vanessa Barone reviewed a study done in data privacy that identified people’s perception on agency in data sharing. The results showed that people’s perceptions fall in 3 groups where they feel they have no other options than providing their data (no agency), or like their data is already out there and there is nothing they can do about it (apathy), or that they have an active role in deciding what data and how it is shared (agency). Based on this study, Sage created another toolkit to help biomedical researchers, app developers, and designers improve data privacy practices in digital studies. Check it out! Thursday marked the public launch of the Sage Privacy Toolkit — it’s an excellent resource for both start-ups and big companies.

Source: Sage’s Privacy Toolkit

Likewise, Woody MacDuffie presented on digital systems for mobile research, where the Sage design team standardized their app design systems to have the same way to execute an action, such as clicking “next”, and utilize animations rather than lengthy text to consent participants and explain procedures in digital studies. Abhi Pratap then presented preliminary data from his research work on engagement & enrollment in digital health studies, which will be publicly shared later this month — be on the lookout for the report!

Woody MacDuffie presenting on digital systems for mobile health.

An expert panel featuring Deborah Estrin, JP Pollak, Adrian Gropper, and Maria Ebling, discussed privacy considerations in app development. The conversation focused on challenges such as accessible end-user license agreements, separation of concerns, selective sharing of data, and agency vs. paternalism. Cindy Geoghegan highlighted the important point of helping people understand what role is played by each entity that has access to their data, for example some organizations might only be responsible for storing data rather than using such data.

Panelist discuss current issues in data privacy. Left to right: JP Pollack, Deborah Estrin, Adrian Gropper, Maria Ebling, and John Wilbanks.

Next up were four lightning talks from workshop participants. Talks covered difficulties accessing pre-processed data from commercial connected tools, adapting current wearable devices to specific populations, and Miso Technologies’s work developing the “first research AI assistant”. Elektra Labs team member, Christine Manta, covered the current landscape of health IT standards for the digital medicine community, sparking conversation on whether popular standards such as FHIR are appropriate for the format and exchange of data collected on digital tools. In particular, FHIR may not (yet) be capable of storing data sampled at greater than 1Hz (1 sample per second), which is critical for remote monitoring (h/t Jameson Rogers and Mark Shervey).

Christine Manta discusses the current standards in health IT. To learn more, check out Digital Medicine Standards 101.

Lastly, closing remarks by John Wilbanks and Mark Rothstein emphasized the importance of education and collaboration between security and biomedical researchers, app developers, and designers to protect the privacy of people’s data and uphold ethical practices in collecting and using such data. As someone new to the field of digital medicine, I was left with the urgency to shift our paradigm towards being data stewards, not data owners, particularly while the gap in regulation from governing organizations continues.

Elektra Labs and Sage Bionetworks team members: Left to right: Megan Doerr, Mark Shervey, Andrea Coravos, Christine Manta, John Wilbanks, Kimberly Milla.


LAUNCH: Privacy Design Toolkit for Mobile Health

A screenshot of the home page of the Privacy Toolkit. There's a faded out background image of a handshake between two people. Below the image are icons and text that describe what's in the toolkit.Sage Bionetworks announces our Privacy Design Toolkit for mobile health research. The project was led by Vanessa Barone, a research scientist on the governance team, and Woody MacDuffie, director of design.

This toolkit is aimed at designers who need to represent a privacy policy in an app. But it’s also intended to help nudge developers and designers to do the right thing. The toolkit contains a curated collection of established interface patterns and cases to provide biomedical researchers with clear examples of when and where these patterns should be used in an app.

The tools are available for use in Google Forms, GitHub, and Figma.

Bridging Privacy Policy with Product Design

There is a gap between translating privacy principles and legislation to guide how engineers and designers create the technology products that are used by billion of end users.

  • How might we reimagine meaningful, informed consent for sharing personal data?
  • How does civil society, practitioners, and policymakers frame privacy and privacy through design? What interventions are being implemented across industries, disciplines and practices?

The Harvard Shorenstein Center’s Big Tech & Democracy research group put out a call to experts and practitioners in design, tech, academia, public sector, and consumer advocacy groups to contribute concepts and visuals that illustrate how consumers could regain control over their personal information. A team from Sage – Vanessa Barone, Research Scientist; Woody MacDuffie, Director of Design; Stockard Simon, designer; and Yini Guan, graduate student and design intern – contributed The Privacy Toolkit for Mobile Health Research Studies.

Why You Should Care About Universal Informed Consent

By John Wilbanks

At the 2019 Pacific Symposium on Biocomputing, Megan Doerr, who’s a Principal Scientist on the Governance team at Sage, presented a poster and paper on the universal informed consent process we designed and implemented for the All of Us Research Program.

Here’s why you should care: First, it explains the structure of the All of Us Research Program consent process. (Most of that work is unfortunately only visible if you create an account and try to enroll, which is something we’re working on fixing.) We built a modular process, with significant investment in user-centered design, to try and communicate the concepts a potential participant would need to know before deciding whether or not to join. There are a series of videos as well as an “evaluation” that serves as a learning reinforcement tool, before enrollees are presented with a consent form to sign. This builds on our work in participant-centered consent that started with Apple and ResearchKit but goes much further, given the scope and duration and scale of the All of Us program.

Next, our mandate was to create the most consistent set of consent experiences possible given that people from all states and territories must be able to enroll and that those people will likely move over the ten years of the study – especially those in populations traditionally underrepresented in medical research. We therefore review a broad range of specific federal and state laws around informed consent, explore choice of law issues, and more. As we were unable to find a resource that collected and cross-referenced all the relevant legislation at the state and territory level, we created one, which we believe on its own represents a significant contribution to the legal commons around informed consent.

Third, we outline our implementation approach, which involves a “parent” consent form covering as many states and territories as possible, plus “child” forms that implement state-specific elements in the minimum possible sets of variations. Despite all the variation we were able to condense down to four consent documents and four HIPAA authorizations. These are in turn available in the public domain for reuse by other studies who would like to inherit and leverage this analysis.

Here’s the link to the paper and you might follow @MegDoerr and @DNAlawyer on Twitter if these topics interest you. Other key work at Sage was done by Shira Grayson, Christine Suver, and Sarah Moore. We are very, very proud of this paper and the resulting implementation.

Our toolkit The Elements of Informed Consent is available to download.

Read the mention in Politico’s Morning eHealth report.

Elements of Informed Consent


The Elements of Informed Consent is a toolkit that will help researchers think through what information participants should receive as part of the consenting process in order to make an informed decision about whether or not to join a study. Developed by the Governance Team at Sage Bionetworks, the toolkit shares basic information and best practices for developing an effective consenting process. We believe that informed participants make the best participants, because they understand the study, its risks and benefits, and how their data will be treated.

Download Toolkit


What’s In the Toolkit

We hope this toolkit will help you make your consent and informing experience the best that it can be. What you’ll find:

  • What We Know: Use cases describing our approach to the informed consent process, including eConsent.
  • Real Examples: What these ideas look like when they are put into practice.
  • Consent Checklist: Reminder questions to make sure you’ve thought through your approach.
  • Additional Resources: Tools we use when we develop consent forms.


About the Governance Team: The Governance Team explores the real-world implications of open-data sharing, and developing policies and procedures for the responsible collection, use, and reuse of research assets. We have developed and tested models for patient-centered consent in app-mediated research studies, data access, data protection, and data interoperability. We are thankful to our broad network of bioethicists, patient advocates, technologists, and an independent accredited Institutional Review Board (IRB) partners who collaborate with us at each stage of our design, implementation, and assessment processes.