Is Apple ResearchKit a “Powerful platform, dangerous playground”?

mHealthNews Apple ResearchKit

This mHealthNews “Analysis” of Apple’s ResearchKit by Gene Fry, the compliance officer and vice president of technology at Scrypt (a Document Management and Delivery Solutions company), is typical of the confusion that exists if you fail to appreciate that we live in a reputation economy where Communities Dominate Brands.

mHealth Insights

It’s hard to know where to start with this article as it’s peddling so many myths but a key thing to appreciate is that Apple’s ResearchKit endeavours are coming with ratings.

This past April, Apple launched ResearchKit – a framework used to develop apps that allow patients to participate anonymously in medical research studies. While these apps have the potential to advance medical research, there are concerns about privacy and security. In addition, the accuracy and integrity of the data being provided by participants is being questioned

I can’t understand why anyone thinks that a key feature of Researchkit is that medical research volunteers will want to be anonymous? I thought the opposite would be true eg. treat me like a statistic but if the efforts I go to help Kings College Hospital find the cure for cancer, or Oxford University understand depression so that thousands of lives aren’t lost to suicide every year I want my name in the history books thank you very much.

Perhaps there’s a confusion here with being able to participate privately eg. without having to tell everyone you’re doing it?

An organization or individual that wishes to create an app on the Apple ResearchKit or HealthKit framework does not need to meet HIPAA compliance, meaning that anyone can create an app providing it is IRB or ethics approved before it is available for download. The lack of compliance and regulation around these apps makes participants vulnerable. They are under the impression that they are providing medical information as part of a medical study to an authorized researcher, when in fact they could be sending data straight to a malicious developer who has created an app for the sole purpose of stealing personal medical information

I fail to see why particular lowering of barriers is thought to be such a big problem: Aren’t we all aware that there thousands of health tracking apps, millions of cookies & websites that already try to collect sensitive, private and personal information about Patients yet aren’t even traceable (never mind having IRB or Ethics approval)?

I’m intrigued to know why so many Health IT experts hold onto this idea that Patients want to give away all their personal information so easily when it’s clear most of the big failures in Health data theft have happened not through Patient failings but through the failure of healthcare organisations to protect this valuable data?

…With ePHI reportedly worth up to 10 times more than financial data on the black market, this method of harvesting data presents an easy opportunity for data thieves… …Apple states that the data collected from ResearchKit and HealthKit apps is not available to them – which, given the iCloud hacks they experienced recently, should reassure those providing healthcare data…

I sense from this that the author has an axe to grind with Apple or is just prepared to use any tenuous link to make a point. Follow the link and you find that it’s about ‘fake phishing emails‘ that ‘could‘ make customer passwords vulnerable and it’s clearly a non-story as it clearly states “Apple has yet to confirm the hack is authentic and no iCloud users appear to have been affected by the security bug“.

For those who have little idea about what a ‘phishing’ attack is: it’s typically a malicious email, SMS, pop-up message that asks you to enter your password. Look in your email spam folder and you’ll see at least 25,000 of them.

One look at the success of Apple Pay and it should be obvious this isn’t something Apple hasn’t started thinking about: they’ve got the best talent in the world working on it already. As healthcare platforms move to mobile we’ve actually got huge new opportunities to protect Patients from phishing eg. through multi-factor authentication via the device we all carry and leave turned on HealthKit is going to remove the need for all these vulnerable logins and passwords to even exist.

Another area in which ResearchKit has come under criticism is the data being collected from participants from a scientific and ethical standpoint. Firstly, to take part in the study the user has to be within a demographic likely to afford an iPhone. This would make the data collected from the studies too biased toward more homogenous populations, ruling out persons of a different ethnic or social background, which may include people who are potentially more susceptible to health problems

Winston Churchill famously said “A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty” and I think that’s really what’s going on here.

It should be obvious that the cost of an iPhone is insignificant when you appreciate the cost of a Clinical Trial. If it’s not think about the next 3 simple facts:

> Most clinical trials fail because they fail to recruit enough Patients to get started OR because Patients abandon the trial before it’s complete.

> 98% of data collection in clinical trials today happens within the four walls of research facilities.

> The average cost per Patient enrolled in a Oncology Trial in the US is somewhere in the region of $250,000.

When you realise how Researchkit has completely flipped the challenge of Patient recruitment and you realise the improvements in accuracy/reliability when data can be captured/shared anytime/anywhere it should be obvious that clinical trial designers can simply gift the latest Apple devices & connectivity to Participants.

We should not be surprised to learn that there are talented and passionate people working in the $100B/year Clinical Trial industry that are already doing this around the world and leaving behind their slow to adapt peers who are still using paper, faxes, etc.

Secondly, the participant only has to provide consent to take part in the study, meaning it is easier to lie on the initial screening questions to fake eligibility, as there is no way of vetting whether the participant has the condition being researched. This leaves it wide open to fraud, which in turn further undermines the integrity of the data

I find it hard to imagine how this is a challenge. Surely this is about as nonsensical as the Passport Office refusing to make application forms available in the post office as there would be no way of ensuring the people picking them up and filling them in are who they say they are.

What did you think on reading the article?

About David Doherty
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s