Apple’s New ResearchKit App May Allow Personal Data To Spread

Yesterday, Apple announced a new set of free apps called ResearchKit, which collect a user’s health data. The data is used in medical studies focused on diseases such as asthma, heart disease and diabetes, conducted by some of the most reputable medical insitutions in the country. When users opt to participate in the research, they beef up the sample sizes so that scientists can come to the most accurate conclusions, helping them get closer to finding more effective treatments or even a cure.

But users should be skeptical of where their data may end up, says Michael Ostrolenk, the director of the Liberty Coalition, an organization focused on citizen rights and government transparency, and has done extensive work with health care policy. Ostrolenk is a big fan of health trackers and the “quantified self” movement, he says, but he worries about how this extensive, personal data might be used in a non-clinical setting.

There’s no way to know that institutions won’t send your data elsewhere.

Any time a person shares her medical data with a doctor or pharmacy, the federal government requires her to sign a consent form. Further down in the document, where patients don’t usually look, “the form usually says how [the organization] can release your data for treatment or healthcare operations—the scope is so wide that it destroys any thoughts we might have for privacy,” he says. “Especially now with so much information online, anything they say has medical privacy is mistaken to begin with.” Even though forms might say that the data collected from these apps is only going to the institutions conducting the study, there’s no way to know that the institutions themselves won’t send it elsewhere.

Should you sign here?

Medical information in the wrong hands can cause trouble for patients on scales large and small. Advertisers use health information to market different drugs or therapies to people who would be most likely to buy them. But the information can also be used to a patient’s detriment; people can be denied a job or healthcare coverage based on an offhand comment once made to a physician, for example citing a “history of drug use” if a patient told his physician about that one time he smoked pot in college. By voluntarily gathering their own health data to be shared, patients may be unwittingly giving these third parties more ammo to be used against them later.

On a broader level, more data that patients gather when they are being treated for these conditions may cause a change in the treatments themselves, and not always for the better. Data from these apps might allow doctors to catch non-functional treatments that may have put a patient’s life at risk. But sometimes, if doctors see that a treatment isn’t working well for an individual patient, they can deviate from the healthcare protocols mandated by the insurance company. “That’s going to be that much more difficult to try in the future when everyone’s info can be easily tracked to their medical records,” Ostrolenk says.

It’s unlikely that someone could sign up or participate in a study accidentally. Apple claims that the data is sent directly to the medical institution, but there’s no way to know how secure that transmission really is, or if it can be hacked, as Apple was last summer.

Ostrolenk advises users thinking of participating in studies through ResearchKit apps to carefully read the contracts they sign at the beginning of each study. Beware of loose or vague wording. “Even though they say the data they collect is narrow-focused, once it’s out there, there are no legal limitations. Those third parties own your info once you turn it over,” he says. Users that are wary of where their data goes but want to participate in the studies can still do so by contacting the medical institutions directly.