Should We Be Concerned about Privacy When Using Apple’s ResearchKit?

Dr. Wendy Tate
Director, Analytics, Forte
March 17th, 2016

This article is part two of a two-part series on how ResearchKit will affect both researchers and trial subjects. Click here to read part one.

ResearchKit: Changing the Clinical Research Landscape

The first article in this series discussed the serious technology made available to the research community through the iPhone and Apple’s ResearchKit to drive forward population-level, engaged subject research. What is very exciting about ResearchKit is its access to the general public. Research can be designed that represents the population (at least the Apple-using, smartphone population) rather than a subset of people. Individuals can provide real-time data regarding their activities, eating habits, sleep patterns, feelings, and symptoms rather than trying to keep a written diary or recall them at a later date. This reduces the effect of “recall bias” in research and can provide more accurate information regarding the effects of an intervention. It could also reduce the amount of missing data in a study, as information can be entered from virtually anywhere in the world. ResearchKit is an open source platform, so any developer can access it, allowing them to “collaborate, share their apps and methods”. This allows research entities all over the world, at universities, hospitals, and foundations to access a population immensely greater than previously accessible.

Know the Risks

However, with this great access comes concerns regarding privacy. With this truly transforming procedure of collecting data over smartphones comes the fact that a lot of data, much of it private information, is being transferred in an environment that is potentially vulnerable to hackers. You may ask, “Isn’t my data provided through ResearchKit protected through HIPAA (the Health Information Portability and Accountability Act)?” The answer is simply, “No.”

You may ask, “Isn’t my data provided through ResearchKit protected through HIPAA (the Health Information Portability and Accountability Act)?” The answer is simply, “No.”

HIPAA only protects the use and disclosure of protected health information by a covered entity (such as a health care provider). Information you disclose about yourself is not covered under HIPAA. Apple’s website states that a person is able to “Share your data. Keep your privacy.” This privacy is the phone owner’s ability to choose what studies they want to join, what information is provided to the app, as well as transparency with the data that is being shared.

While the phone owner maintains this level of control, Apple has gained media attention for its security policies and data secrecy. Recently, the FBI “demanded” that Apple create a security backdoor in the iPhone to access information on an iPhone connected to the San Bernadino shootings. Apple has publicly responded with a resounding ‘no’. This is good news for iPhone users who want to provide sensitive data but are scared that it could be subpoenaed. Apple states in an open letter to customers that they will provide data to law enforcement to the extent of the law, but the data available is limited.


ResearchKit has been out for quite some time, and we have yet to hear of any major privacy breaches; however, that doesn’t mean it isn’t a possibility. In the end, “caveat emptor” or “buyer beware.” Just like the other personal information you share on a smartphone (home address, credit card information, etc.), know where your data is going. Ensure the study is legitimate and conducted by a trusted entity. Call the IRB at the institution sponsoring the research and make sure it is in good standing. In order to keep bettering human health, research needs to move at the pace of technology, and the utilization of smartphones and other wearable technologies are just the beginning. In a society where privacy is diminishing rapidly, we must embrace being risk-tolerant instead of risk-adverse, and decide what risks we are willing to take to progress science and, ultimately, human quality of life.

Clinical Research Technologies Compliance and Regulatory Data Management

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *