Will mHealth, #HealthKit, #ResearchKit change the landscape for patient informed consent, HIPAA, and patient preferences?

US Federal Policy for Protection of Human Subjects in research began in 1953.  In today's world the process to obtain informed patient consent to become a "subject" in a study begins with the study consent process approval from the Institutional Review Board (IRB) of each research facility.  Research studies that are considered Significant Risk to humans, from either the Drug or Device, involves the Food and Drug Administration's review of the Patient Consent documentation and process as part of the approval of the clinical trials.

Yes a process. Overtime the patient consent process has evolved to include interviews with subjects and witnesses, with the industry best practice to videotape the interview.    The interview is multi-purposed: to ensure the subject is a candidate for the study based on their health and the protocol requirements, that the subject understands their role and responsibilities in the study, the risks associated with the study, the study process, and how their data will be used and shared. Special processes are required for candidates that are illiterate and foreign speaking. This is important as 32 million adults in the U.S. can't read. That's 14 percent of the population. 21 percent of adults in the U.S. read below a 5th grade level, and 19 percent of high school graduates can't read.

Excluding patients that do not "fit" the study goals, as well as the difficultly to obtaining post-treatment data from patients, have been criticisms of "ideal performance studies" lacking "real-world" data and limited data points. What has been missed in the criticism is that the interview provides the means by which to manage "data completeness". Since the study protocol development process determines and defines what patient information will be collected, the interview serves as a mechanism to know what data should be expected from patients.  This then allows the audit process of each study to identify 'holes in the data' and inform the researcher on the level of data integrity.

The actual data collection from patients is typically done via Medical Universities, contracted Clinical Research Organizations (CRO), more recently medical device/medical specialty registries, such as SVS VQI, TVT ACC, and ICOR, and MOST recently Apple's new ResearchKit.  The ResearchKit approach alters many of these traditional processes. 

Clinical Researchers in traditional studies have to travel to each research facility and audit the data for completeness and protocol adherence. This becomes cost prohibitive to conduct research at a large scale for "real world" studies.  Leveraging technology surveillance of medical devices in 'real-world' setting was introduced by Patient Safety Organization (PSO) registries.  After scrutiny of data incompleteness, they too have increased their auditing and validation processes, and thus expenses, so as to have their data taken seriously by researchers.

Yet with all the effort for the traditional studies to define the data, ensure data privacy and security, and manage data completion, the patient' control of their own data is next to zero. We all know from our visit to the doctor's office, services will not be rendered if the HIPAA paperwork is not signed, and the same general rule applies to research informed consent forms.  This places the organizations that conduct the research in the driver's seat in defining what will be collected, with whom it will be shared, and how to manage the completeness of the dataset.

The patients' control of health data has been steadily a growing topic of discussion of 'patient preference', since health data started to become electronic in the 1980's and 1990's yet often takes a side-line to the priorities of HIT adoption, the technical complexity of managing patient contradicting preference across all the systems in which their records reside and who owns the data.

Into this mix comes Apple HealthKit and ResearchKit, leveraging the user preference as a means to attract users to contribute to the larger data pool to generate "real world" data set for research and the ease to share data across apps.  Researchers can use the ResearchKit to develop studies, enroll patients and collect data. User data is collected via HealthKit and the users consent to sharing the data for research they select.  This may, bring the patient preferences conversation back to the forefront.

Users of HealthKit apps can "choose what studies [they] want to join," and both ResearchKit and HealthKit users "are in control of what information [they] provide to which apps, and [they] can see the data [they are] sharing."

As described on the website, "The user must explicitly grant each app permission to read and write data to the HealthKit store. Users can grant or deny permission separately for each type of data. For example, a user could let your app read the step count data but prevent it from reading the blood glucose level. To prevent possible information leaks, an app does not know whether it has been denied permission to read data. From the app's point of view, if the app has been denied permission to read data, no data of that type exists."

This means that researchers have access to hourly, daily or weekly data from users that are actively participating, rather than the scheduled "follow-up" visit.  Yet what that 'additional data' will balance against is the incomplete picture of the study subjects.  With the lack of the patient assessment interview, researchers may or may not have insights to the type of patient they are measuring, including whether the patient actually matches the study requirements.  When researchers analyze the data, they may not know if that it came from someone that is a diabetic training for a triathlon or a diabetic that recently had a heart valve replacement, depending on what data they have chosen to share, or be forthright about.

For example, while Smartphone based digital photography shows promise in reducing the error rate in diet intake studies, with underreporting at 70%  there still are open questions as to the accuracy of self-reported and self-measured data. This just may have to be the compromise in the re-definition of 'data integrity', assuming within the large volume of data granular insights can be detected amongst the noise.

The iPhone's advanced sensors like an accelerometer, barometer, and gyroscope, provides ResearchKit apps with richer data.  But, with all that additional data there are limitations.  First, one does not know if the inactivity comes from the user watching TV, the users foot wear*, alternative exercise (e.g. swimming) with the phone in the gym bag, or if the battery ran down.  Second, research is about discover and expanding the data and knowledge being collected. This argues for flexible and extensible data models. Yet HIPAA certification models, like that used by Apple's HealthKit, result in data schemas that are slow to change and the researchers will be limited to the data sets available.

With user preferences driving the excitement to participate, all of this data collection will be dependent on what the patient chooses to share.  If the app asks if they can share the accelerometer or 'location' sharing, does the user have the technical knowledge to understand the potential implications if the data is to be compromised? The informed consent is left to the developers to innovate with images and quizzes, but without an IRB to review the informed consent questions and process or an auditor to review the data, it leaves the process unchecked.

HealthKit and Researchkit may enable user preferences to move back to center stage, and have the hopes of collecting large pool of data for researchers to learn from.  While, they mostly address the technical aspects of data collection, omitting the human aspect to process introduces risks.  Process is important to risk management of privacy and security, assessing user literacy for informed consent, data integrity auditing and validation, and the judgement to add new data nomenclature.  This leaves some large holes to be filled.

To better understand the intricate processes, sign up for ClearRoadmap™ mHealth Pathways and follow us on twitter @ClearRoadmap  


 *Note: when JAMA published Accuracy of Smartphone Applications and Wearable Devices for Tracking Physical Activity Data, I was excited to use my smartphone as the pedometer.  My anecdotal experience is that the app only captures my steps when I am wearing walking or running shoes.  My steps wearing high-heels is not captured.  Since the study was conducted on treadmills, I doubt participants wore high-heeled shoes.  As an executive I spend a good portion of my 'active' time in high-heeled shoes, and this points back to studies, again, developed without women's perspective.

-- Vizma Carver, Founder and CEO, Carver Global Health Group