Is there an IRB inside your Phone?

Apple’s interest in the healthcare space continues to grow. Although the implications of last year’s Health app and HealthKit SDK are still unclear, the company is now entering the crowd-sourced research space with the newly announced ResearchKit.

Apple’s Health app is a powerful health platform, the full promise of which won’t be proven until the imminent launch of Watch, Apple’s first wearable, or some powerful diagnostic apps rather than more mere FitBit clones. As discussed previously Apple, while astutely navigating FDA device regulation, seems to be stepping up to the plate in its embrace of patient privacy in the HIPAA-free mobile app space.

ResearchKit is another edgy innovation. And, again, one marked by the technology giant’s ability to forge partnerships with major stakeholders. ResearchKit was announced in concert with several apps from major healthcare research institutions including Stanford and Mass. General. Early reports suggest that research subjects are signing up in droves, cutting subject recruitment times dramatically.

One of the slides at Apple’s announcement was the stark “Apple Will Not See Your Data.” But how will ResearchKit’s partners deal with the regulatory complexities of human subjects research? First, as it did with HealthKit, Apple has amended its developer guidelines to provide basic protections. Not surprisingly ResearchKit apps must comply with local laws and, as is the case with HealthKit apps, acquired data may not be used “for advertising or other use-based data mining purposes other than improving health, or for the purpose of health research.” The amended guidelines also dip their toes into the knotty issue of subject consent, providing:

Apps conducting health-related human subject research must obtain consent from participants or, in the case of minors, their parent or guardian. Such consent must include the (a) nature, purpose, and duration of the research; (b) procedures, risks, and benefits to the participant; (c) information about confidentiality and handling of data (including any sharing with third parties); (d) a point of contact for participant questions; and (e) the withdrawal process.

I took a cursory look at the sign-up procedure for Stanford Medicine’s Why MyHeart Counts app. After navigating through basic qualification and informational screens the study applicant is presented with a relatively standard informed consent screen. Most of the required consent topics seem to be covered. However some, such as the number of study participants (hardly surprising), were not readily ascertainable suggesting there may be an IRB partial waiver operating in the background.

What about incidental findings? Both the app consent and the web FAQ are frank:

[The study] does not provide access to a Stanford physician and is not a substitute for clinical care. The data collected in the study is not reviewed by a physician for medical evaluation. Consult your physician for medical questions.

Crowdsourcing research is not new, as those who have observed the pivot of 23andMe into pharmaceutical research can attest. However, Apple’s involvement seems to raise the stakes because of the platform’s reach and the way the company minimizes friction. Lawyers and ethicists who specialize in human subjects research should take a careful look at this initiative (particularly its privacy protections). Equally, experienced researchers will need to weigh in with their thoughts about everything from the validity or usefulness of the announced research projects to any biases caused by the demographic-skew associated with iPhone ownership.

Be Sociable, Share!