April 8, 2015 | Written by: Staff Writer
Share this post:
Could an Apple a day actually keep the doctor away?
Penn’s Dr. Kathryn Schmitz’s demonstrates ResearchKit (Source: Apple)
Apple’s ResearchKit, announced in March, is designed to help medical researchers develop applications that gather and analyze medical data, by feeding personal health data from (potentially) more than 700 million iPhones to vast data warehouses. And, at least with the initial round of apps, the program is advancing the practice of collecting, storing, and analyzing individual health data in the cloud.
The origins of Apple’s ResearchKit reportedly came when an Apple executive was inspired by a 2013 speech at Stanford University’s MedX conference about an open-source system where users could upload their medical data to the cloud to be used for research. Since then, the company has been working on its ResearchKit software development framework to give researchers an easy way of developing apps that gather personal health data for the iPhone, Apple Watch, and other devices.
The hope is that these apps will take the concept of a medical study – traditionally done in a lab or hospital setting – out into the world, so participants can easily generate the huge quantities of data researchers need. By taking advantage of the iPhone’s accelerometer, microphone, gyroscope, and GPS sensors, the apps can collect data about the user’s gait, motor impairment, fitness, speech, memory, and other characteristics. The data can then be used to better understand conditions like asthma, stroke, Parkinson’s disease, or Alzheimer’s. Stanford University said that 11,000 people signed up for its iPhone-based cardiovascular study in the first 24 hours following ResearchKit’s debut.
Store in the (secure) cloud
A Parkinson’s patient performs a series of tests using ResearchKit. (Source: Apple)
Because much of this data will be stored and analyzed in the cloud, the project is casting new light on the security of personal medical information. In the past two years, cloud service providers have made huge strides to comply with healthcare regulatory standards like the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS). This is due in large part because in 2013, HIPAA designated cloud service providers as business associates of covered entities, meaning they too must be HIPAA-compliant if they want to do business with healthcare organizations.
For its part, Apple has been careful to stress that study participants can maintain control of their data, (and therefore their privacy), and stated it won’t be able to view personal medical information collected by these apps. However, the company doesn’t go into technical detail about how or where information is stored, apparently opting to leave that up to researchers.
Apple’s technical overview paper, written for app developers, says that while the framework’s feature list will grow, it currently does not include, “Secure communication mechanisms between your app and your server.” It also states that the framework doesn’t provide, “Automatic compliance with international research regulations and HIPAA guidelines. These are the researcher’s responsibility.”
According to a PC World article, the first five apps to be developed with ResearchKit will send data to a secure cloud server owned by Sage Bionetworks, a nonprofit biomedical research organization based in Seattle. That company is leading the charge to collect, de-identify, and store the health data from the five initial apps, and promises that even Apple won’t have access to it. (The five apps are MyHeart Counts, for heart research; Parkinson mPower; GlucoSuccess or diabetes research; Share the Journey for breast cancer research; and Asthma Health.)
Sage will receive the data and strip out personal information associated with the health data, encrypt it, and store it on its cloud server managed by Amazon Web Services, according to the article. A random code will be generated and associated with the person’s study data. Only the study organizers and IT staff will have access to the data.
Sage has been a strong advocate of collecting and storing medical data in the cloud, ensuring regulators in the U.S. and in Europe of the security capabilities of the cloud, and trumpeting the global benefits of collecting massive amounts of personal health data. In this whitepaper, Christine Suver of the Sage team, argues to the European Union that the benefits far outweigh the risks, and that safely collecting medical data in the cloud is the key to personalized medicine. “Use of de-identified or pseudonymised health and genomic data in research should be further explored, and policy should balance the need for individual privacy with the societal benefits of large-scale health research on integrated individual data sets,” says Suver. “We believe that the goal of personalized medicine can only be achieved if we empower research participants to contribute their data or specimen to the effort they select and influence research directions.”
By storing data in a secure cloud server, separating personal data from health information, and using encryption, these five initial apps will set the tone for privacy for future apps developed with ResearchKit, and possibly model how personal medical information can and should be stored in the cloud going forward.