Automated Policy: mHEALTH & SOCIAL MEDIA
Lead Institution: New York University
Project Leader: Helen Nissenbaum
Research Progress
- Abstract
Rapid developments in health self-quantification via ubiquitous computing devices point to a future in which individuals will collect health-relevant information using smart phone apps and health sensors and share it online for purposes of self-experimentation, community building, and research. Worryingly, much self-generated health data falls outside of legal protections offered by federal health privacy laws. To better understand users’ privacy-oriented preferences and practices, we conducted background research and twenty-one structured qualitative interviews with users of the Fitbit, the most popular, commercially available self-generated health tracking tool. We found research participants to be exquisitely sensitive to the flow of their self-generated health data, but frequently unable to operationalize their preferences given information disparities and inadequate privacy tools
- Focus of the research/Market need for this project
Understanding users’ self-generated health information sharing attitudes, behaviors, and practices will encourage sensor and app services to adopt appropriately privacy-protective health IT tools, practices, and policies, including health and wellness tools that consumers are more likely to adopt and use regularly to foster individual engagement with health and wellness IT.
- Project Aims/Goals
To assess (1) How self-tracking individuals understand their privacy rights in self-generated health information versus clinically generated medical information; (2) How user beliefs about perceived privacy protections guide their data management practices; and (3) How user beliefs (and preferences) comport with actual existing legal protections and privacy policies. We also aimed to surface commercial practices and legal solutions that would encourage user engagement.
- Key Conclusions/Significant Findings/Milestones reached/Deliverables
- Key milestones of the mHealth project:
- Surveyed literature regarding user expectations of privacy in self-generated data;
- Developed three novel research instruments: a) Qualitative interview guide; b) Privacy questionnaire; c) Card sort task
- Completed long-form interviews with twenty-one mHealth users in New York City and San Francisco Bay Area
- Drafted manuscripts; Participated in workshops, conferences, and meetings
-
Key findings of the mHealth project:
- Consumer understanding of privacy rights. Research participants in our study…
- Express highly granular health information flow preferences that are tailored to specific social and business contexts
- Take a broadly expansive view of inappropriate health information flows, expressing concern for health information sharing with employers, insurers, marketers, and non-health related social networking sites such as Facebook and Twitter
- Understand broadly that health information collected in the clinical care environment is afforded greater legal privacy protection under HIPAA privacy rules than commercially-collected and tracked data
- Do not understand the boundaries between these ecosystems, particularly as concerning EMR access and data flows to insurers and employers via, e.g., workplace wellness programs
-
Consumer data-management practices. Research participants in our study…
- Are vulnerable to persistent health-tracking due to use practices such as wearing fitness tracking devices ubiquitously, sharing tracking information publically and with strangers, and linking their self-generated health profiles across multiple tracking services
- Deliberately withhold more sensitive types of health information (e.g., blood pressure, heart rate, mood) as a hedge against employment, insurance, or social harms resulting from accidental disclosures
- Express the desire to easily view, correct, and download their own data but are often uncertain about how to operationalize their health information management and sharing preferences in practice
- Adopt inefficient strategies for assessing company trustworthiness (such as overestimating altruistic motives and underestimating profit motives; or relying on media outlets, friends, and social networks such as Reddit for information about data breaches) that leave them susceptible to misinformation and bias
-
Alignment of privacy preferences and protections. Research participants in our study…
- Do not have a clear understanding of health privacy laws or commercial back-end information flows and thus adopt their own heuristics to guide their behaviors
- Underestimate and undervalue the amount and sensitivity of information they share with Fitbit and other health tracking services
- Lack sufficient tools—such as comprehensible privacy policies and other user privacy tools—to objectively evaluate health information flow practices
- Feel vulnerable to privacy harms in an unregulated environment
- Consumer understanding of privacy rights. Research participants in our study…
- Materials Available for Other Investigators/interested parties
This research has generated three research instruments, six public research presentations, one whitepaper, and three pending research papers. All are available upon request.
- Market entry strategies
We have engaged in conversations with providers and vendors to discuss their perspectives on social attributes of mHealth app user experiences; these typically followed conference presentations. In a whitepaper, we introduced user-generated insights about factors shaping consumer adoption of and adherence to mHealth apps and provided recommendations to commercial entities.
- Key milestones of the mHealth project:
Bibliography
-
Papers
When Health Information Goes Rogue: Implications of Decontextualized Information Flows from Mobile Fitness Devices to Insurers and Employers
Heather Patterson
Under Review, 2014Contextual Expectations of Privacy in Self-Generated Health Information Flows
Heather Patterson
Under Review, 2014Ensuring Contextual Integrity by Embedding Privacy in Biosensors
Heather Patterson and Helen Nissenbaum.
Book chapter in Preparation for Biosensors and Self-Tracking, D. Nafus, ed., 2014Contextual Expectations of Privacy in Self-Generated Health Information Flows
Heather Patterson
Telecommunications Policy Research Conference, March 30, 2013 -
Presentations
Consumer Privacy Expectations in Self-Generated Health Data
Heather Patterson
Consumer Generated and Controlled Health Data, Federal Trade Commission Workshop, Washington, DC, May 7, 2014User Expectations of Privacy in Health Data
Heather Patterson
Center on Law and Information Policy, Fordham Law, New York, NY, March 14, 2014Context Dependent Expectations of Privacy in Self-Generated Mobile Health Data
Heather Patterson
Telecommunications Policy Research Conference, Washington, D.C., September 28, 2013User Expectations of Privacy in Self-Generated Mobile Health Data
Heather Patterson
IEEE International Symposium on Technology and Society, Toronto, Canada, June 29, 2013Context Dependent Expectations of Privacy in Self-Generated Mobile Health Data
Heather Patterson
Privacy Law Scholars Conference, University of California Berkeley, June 8, 2013Contextual Expectations of Privacy in User-Generated Mobile Health Data: The Fitbit Story.
Heather Patterson
New York University’s Privacy Research Group, April 17, 2013 -
Press
Interview with Joe Walker
Heather Patterson
Wall Street Journal, March 11, 2014Interview with Stan Alcorn, Should Your Boss Track Your Fitness
Heather Patterson
NewTechCity, WNYC, September 25, 2013Interview with Lindsay Wise, Medical Apps Offer Cheaper, More Accessible Care – and Privacy Issues
Heather Patterson
McClatchy DC, August 22, 2013Interview with Dan Gottleib, Self-Tracking: Quantified Self Movement
Heather Patterson
Voices in the Family, WHYY, July 2013