Automated Policy: mHEALTH & SOCIAL MEDIA

Lead Institution: New York University

Project Leader: Helen Nissenbaum

Research Progress

  • Abstract

    Rapid developments in health self-quantification via ubiquitous computing devices point to a future in which individuals will collect health-relevant information using smart phone apps and health sensors and share it online for purposes of self-experimentation, community building, and research. Worryingly, much self-generated health data falls outside of legal protections offered by federal health privacy laws. To better understand users’ privacy-oriented preferences and practices, we conducted background research and twenty-one structured qualitative interviews with users of the Fitbit, the most popular, commercially available self-generated health tracking tool. We found research participants to be exquisitely sensitive to the flow of their self-generated health data, but frequently unable to operationalize their preferences given information disparities and inadequate privacy tools

  • Focus of the research/Market need for this project

    Understanding users’ self-generated health information sharing attitudes, behaviors, and practices will encourage sensor and app services to adopt appropriately privacy-protective health IT tools, practices, and policies, including health and wellness tools that consumers are more likely to adopt and use regularly to foster individual engagement with health and wellness IT.

  • Project Aims/Goals

    To assess (1) How self-tracking individuals understand their privacy rights in self-generated health information versus clinically generated medical information; (2) How user beliefs about perceived privacy protections guide their data management practices; and (3) How user beliefs (and preferences) comport with actual existing legal protections and privacy policies. We also aimed to surface commercial practices and legal solutions that would encourage user engagement.

  • Key Conclusions/Significant Findings/Milestones reached/Deliverables
    • Key milestones of the mHealth project:
      • Surveyed literature regarding user expectations of privacy in self-generated data;
      • Developed three novel research instruments: a) Qualitative interview guide; b) Privacy questionnaire; c) Card sort task
      • Completed long-form interviews with twenty-one mHealth users in New York City and San Francisco Bay Area
      • Drafted manuscripts; Participated in workshops, conferences, and meetings
    • Key findings of the mHealth project:

      • Consumer understanding of privacy rights. Research participants in our study…
        • Express highly granular health information flow preferences that are tailored to specific social and business contexts
        • Take a broadly expansive view of inappropriate health information flows, expressing concern for health information sharing with employers, insurers, marketers, and non-health related social networking sites such as Facebook and Twitter
        • Understand broadly that health information collected in the clinical care environment is afforded greater legal privacy protection under HIPAA privacy rules than commercially-collected and tracked data
        • Do not understand the boundaries between these ecosystems, particularly as concerning EMR access and data flows to insurers and employers via, e.g., workplace wellness programs
      • Consumer data-management practices. Research participants in our study…

        • Are vulnerable to persistent health-tracking due to use practices such as wearing fitness tracking devices ubiquitously, sharing tracking information publically and with strangers, and linking their self-generated health profiles across multiple tracking services
        • Deliberately withhold more sensitive types of health information (e.g., blood pressure, heart rate, mood) as a hedge against employment, insurance, or social harms resulting from accidental disclosures
        • Express the desire to easily view, correct, and download their own data but are often uncertain about how to operationalize their health information management and sharing preferences in practice
        • Adopt inefficient strategies for assessing company trustworthiness (such as overestimating altruistic motives and underestimating profit motives; or relying on media outlets, friends, and social networks such as Reddit for information about data breaches) that leave them susceptible to misinformation and bias
      • Alignment of privacy preferences and protections. Research participants in our study…

        • Do not have a clear understanding of health privacy laws or commercial back-end information flows and thus adopt their own heuristics to guide their behaviors
        • Underestimate and undervalue the amount and sensitivity of information they share with Fitbit and other health tracking services
        • Lack sufficient tools—such as comprehensible privacy policies and other user privacy tools—to objectively evaluate health information flow practices
        • Feel vulnerable to privacy harms in an unregulated environment
    • Materials Available for Other Investigators/interested parties

      This research has generated three research instruments, six public research presentations, one whitepaper, and three pending research papers. All are available upon request.

    • Market entry strategies

      We have engaged in conversations with providers and vendors to discuss their perspectives on social attributes of mHealth app user experiences; these typically followed conference presentations. In a whitepaper, we introduced user-generated insights about factors shaping consumer adoption of and adherence to mHealth apps and provided recommendations to commercial entities.

    Bibliography

    • Papers
      When Health Information Goes Rogue: Implications of Decontextualized Information Flows from Mobile Fitness Devices to Insurers and Employers
      Heather Patterson
      Under Review, 2014

      Contextual Expectations of Privacy in Self-Generated Health Information Flows
      Heather Patterson
      Under Review, 2014

      Ensuring Contextual Integrity by Embedding Privacy in Biosensors
      Heather Patterson and Helen Nissenbaum.
      Book chapter in Preparation for Biosensors and Self-Tracking, D. Nafus, ed., 2014

      Contextual Expectations of Privacy in Self-Generated Health Information Flows
      Heather Patterson
      Telecommunications Policy Research Conference, March 30, 2013

    • Presentations
      Consumer Privacy Expectations in Self-Generated Health Data
      Heather Patterson
      Consumer Generated and Controlled Health Data, Federal Trade Commission Workshop, Washington, DC, May 7, 2014

      User Expectations of Privacy in Health Data
      Heather Patterson
      Center on Law and Information Policy, Fordham Law, New York, NY, March 14, 2014

      Context Dependent Expectations of Privacy in Self-Generated Mobile Health Data
      Heather Patterson
      Telecommunications Policy Research Conference, Washington, D.C., September 28, 2013

      User Expectations of Privacy in Self-Generated Mobile Health Data
      Heather Patterson
      IEEE International Symposium on Technology and Society, Toronto, Canada, June 29, 2013

      Context Dependent Expectations of Privacy in Self-Generated Mobile Health Data
      Heather Patterson
      Privacy Law Scholars Conference, University of California Berkeley, June 8, 2013

      Contextual Expectations of Privacy in User-Generated Mobile Health Data: The Fitbit Story.
      Heather Patterson
      New York University’s Privacy Research Group, April 17, 2013

    • Press
      Interview with Joe Walker
      Heather Patterson
      Wall Street Journal, March 11, 2014

      Interview with Stan Alcorn, Should Your Boss Track Your Fitness
      Heather Patterson
      NewTechCity, WNYC, September 25, 2013

      Interview with Lindsay Wise, Medical Apps Offer Cheaper, More Accessible Care – and Privacy Issues
      Heather Patterson
      McClatchy DC, August 22, 2013

      Interview with Dan Gottleib, Self-Tracking: Quantified Self Movement
      Heather Patterson
      Voices in the Family, WHYY, July 2013