The internet of things is increasingly spreading into the domain of medical and social care. Internet-enabled devices for monitoring and managing the health and well-being of users outside of traditional medical institutions have rapidly become common tools to support healthcare. Health-related internet of things (H-IoT) technologies increasingly play a key role in health management, for purposes including disease prevention, real-time tele-monitoring of patients functions, testing of treatments, fitness and well-being monitoring, medication dispensation, and health research data collection (Empirica 2010; Schmidt and Verweij 2013). At the same time, many preventative and clinical applications exist, from proactive self-monitoring of fitness and well-being (e.g. sleep quality, activity levels) to ‘smart home’ assistive devices that assist in ‘ageing at home’. Devices range from single-sensor mobile devices to complex spatial networks capable of measuring health (e.g. physiological parameters) and health-related behaviours (e.g. sleep, ambulation) for external- and self-management of health and well-being. In the same vain, apps and software updates can similarly transform existing networked devices into H-IoT.Footnote 1 Tens of thousands of such health-related apps are now available for consumption (Lupton 2015).

The applications of H-IoT are wide, including clinical, consumer, and research applications. H-IoT can be used for many purposes, including long-term monitoring and management of health and chronic illness, and consumer-level health and well-being management.Footnote 2 At-risk patients can be monitored for health emergencies or conditions, replacing time-consuming activities such as home nursing observations (E-Health Insider 2014). Chronic conditions often require long stays in hospital or hospitalization at short notice, the use of H-IoT may help patients to stay at home and live a more normal life (Empirica 2010; Remmers 2010; van Hoof et al. 2011) and to reduce costs and hospitalization rates (Henderson et al. 2013; Lomas 2009).

H-IoT can monitor parameters such as heart rate, respiration, blood oxygen saturation, skin temperature, blood glucose, blood chemistry, and body weight can be collected alongside behavioural parameters (e.g. motion, acceleration, mood) linked to health and well-being. The health and behaviours of users can be digitised, recorded, stored, and analysed, creating novel opportunities for clinical care and research, including alerts and medication dispensing by devices (Lupton 2014a). H-IoT analytics protocols, in turn, use these data to generate information about different aspects of the user’s health including emergencies (e.g. heart attacks) or health-related behaviour (e.g. exercise, sleep). Data streams from multiple sensors can be aggregated to facilitate linked-up care and health management. Novel connections can be found between areas of private life traditionally outside the scope of health and healthcare (Bowes et al. 2012).

Data produced by H-IoT create opportunities to advance the diagnosis, treatment, and prevention of diseases, and to foster healthy habits and practices (Costa 2014) among individual users and broader populations (e.g. patient cohorts). These data may also further the understanding of the contributing factors to disease and the efficiency and effectiveness of treatments and health organisations. Realising these opportunities requires responsible and permissive design of H-IoT data collection, analysis, and sharing protocols. Linking H-IoT data with other biomedical datasets, including aggregated clinical trials (Costa 2014), genetic and microbiomic sequencing data (The NIH HMP Working Group et al. 2009; Mathaiyan et al. 2013; McGuire et al. 2008), scraped and publicly accessible internet data (Lupton 2014b, p. 858; Costa 2014), biological specimens, electronic health records and administrative hospital data can allow for novels insights between traditional medical care and at-home behaviours.Footnote 3 H-IoT can be conceived of as a component of biomedical ‘Big Data’ (Mittelstadt and Floridi 2016) when the generated data are linked to other medical datasets.

As these examples show, H-IoT presents many possible benefits for patient health and healthcare, and may play a key role in meeting potential shortfalls in healthcare attributed to ageing demographics (United Nations 2008; Population Reference Bureau 2012). One of the main challenges of H-IoT is how to design devices and protocols to collect, share, process, and validate data across different application domains in ways that are economically efficient, technologically robust, scientifically reliable, and ethically sound.

H-IoT raises a host of ethical problems stemming from the inherent risks of Internet enabled devices, the sensitivity of health-related data, and their impact on the delivery of healthcare. A primary challenge of H-IoT is to ensure that devices and protocols for sharing the data that they create are technologically robust and scientifically reliable, while also remaining ethically responsible, trustworthy, and respectful of user rights and interests.

Privacy is also critical, as H-IoT devices can create a personal health and activity record of unprecedented scope and granularity. Once data have been generated by a device, they must be transmitted, curated, labelled, stored, and analysed for the benefit of the user, service provider, and other stakeholders. Protocols for each of these steps can similarly be designed in more or less ethically acceptable ways. A protocol that, for instance, retains data indefinitely without a clearly defined purpose may be more worrisome than storage with well-defined limitations, scope, and purpose. The role of the user (or data subject) in subsequent processing and control of data generated by H-IoT must be considered on ethical as well as legal grounds.

Ethical assessment is a key component for the adoption of new medical technologies. This paper provides a narrative overview of academic discourse, identifying three key themes in discussion of ethical issues concerning H-IoT, which we call the ethics of devices, data, and practices. “Methodology” section describes the narrative review methodology. “Ethical issues for H-IoT devices” through “Ethical issues for H-IoT mediated care” sections review ethical issues in H-IoT from device, data, and practice perspectives. “Conclusion” section concludes with reflections on future research.


In order to understand what ethical issues have already been identified and discussed in the context of H-IoT, a systematic survey of academic literature was conducted in November 2016. Results of the survey are presented as a narrative review of the field. The review is systematic insofar as the search methodology used consistent keywords across multiple databases to identify an initial sample of literature (see: Table 1). However, the results are presented as a thematic narrative, which intentionally does not assess the frequency of themes, theories, and concepts across the sample.

Table 1 Database search queries and results

Six databases were searched (Web of Science, Scopus, Global Health, Philpapers, PubMed and Google Scholar) to identify literature discussing ethical aspects of H-IoT. Search terms (with wildcards) were chosen to limit the review to articles addressing ethics, health or medicine, and the internet of things and related technologies (e.g. wearables, smart home technologies). The title and abstract of each returned article was reviewed by the author to determine relevance. Inclusion was based solely on the discussion of ethical issues in the article, with the goal of identifying themes in the literature. Limitations were not placed on the quality or length of the discussion, but rather on the mere presence of ethical concepts and issues. Additional sources were also located through hand-searching and backtracking of citations provided within the reviewed articles.

The search was limited to English language articles. Although most of the reviewed literature consisted of peer-reviewed journal articles, other types of publications including commentaries, working reports, white papers and scientific books were also located. Date restrictions were not imposed at the time of the database review. Despite this, the sample reflects a range of sources from 2000 to 2016. Figure 1 provides a breakdown of sources by year of publication.

Fig. 1
figure 1

Sources by year of publication

A total of 1108 non-unique sources were returned from the six database queries. Titles and in some cases abstracts for each article were assessed for initial sorting. A total of 128 sources were fully reviewed. Each fully reviewed article was analysed, and key passages highlighted for further interpretation and grouping into themes existing across multiple sources. The themes of the debate have therefore been identified ex post during the literature analysis rather than a pre-defined thematic framework being used.

After initial assessment of title/abstract combinations to remove off-topic sources, phrases and passages were highlighted that appeared to refer to ethical issues or concepts. Inclusion was thus based on discussion of issues of ‘right’ and ‘wrong’, or the clash of competing values or normative interests among stakeholders. Highlighted segments were then coded to reflect the author’s interpretation of the text (Gadamer 2004; Patterson and Williams 2002). Finally, similar codes were grouped and assigned to ethical themes.

Once themes had emerged from the literature, a second analysis was run using the NVivo 10 software package. A keyword frequency search was used to identify important concepts or themes that were missed in the first round of hand analysis. Multiple keyword searches based on themes and key phrases that emerged from the initial round of analysis were run across the sample. This approach ensured that the narrative overview reflected all sources discussing a theme, and not only those from which the theme in question was initially identified by hand.

Ethical issues for H-IoT devices

Ethical issues with H-IoT can be considered from a number of perspectives, each highlighting related but different concerns. In this article, we address the ethics of H-IoT at a device, data, and practice level. The following three sections provide a review of ethical issues with H-IoT centred on devices, data collection, analysis and sharing protocols, and the impact of H-IoT on medical and social care. Some overlapping among the three categories is to be expected. Nonetheless, they provide a useful organising structure for future discussion of ethical design and deployment of H-IoT.

Personal privacy

H-IoT is designed to operate in both private and public environments. Devices can be carried by the user or embedded in environments, such as the home, residential care, workplace or public spaces. In each case, a window into private life is created, enabling the collection of data about the user’s health and behaviours and the analysis by third parties. The lives of users can be digitised, recorded, and analysed by third parties, creating opportunities for data sharing, mining, and social categorisation (cf. Lyon 2003). These basic functions may improve healthcare through increasingly granular monitoring and personalised interventions (Pasluosta et al. 2015), yet they simultaneously create an opportunity for violating user expectations of personal and informational privacy.

Personal privacy is a multifaceted right. It refers to aspects of privacy not directly related to control of data and includes both physical and social aspects. On the physical side, privacy is determined by the physical accessibility of a person to others, defined by physical borders, such as doors and walls (Bowes et al. 2012; Brey 2005; Essén 2008; Little and Briggs 2009). This can also be interpreted as a right to possess and protect personal space (Kosta et al. 2010), such as a home. Personal privacy can refer to the right to be left alone or not monitored by a third party (cf. Demiris and Hensel 2009; Dorsten et al. 2009; Mittelstadt et al. 2011; Pallapa et al. 2007; Wilkowska et al. 2010). It concerns feelings of intimacy and control over ‘private space’ (Gaul and Ziefle 2009; Ziefle et al. 2011). Personal privacy can also be understood as a freedom, to “escape being observed or accessed when desired” (Essén 2008, p. 130), implying a social duty to respect the desire for isolation of others. The introduction of H-IoT may cause a gradual loss of personal privacy (Steele et al. 2009), particularly among smart home systems (Coughlin et al. 2007; Demiris 2009; Dorsten et al. 2009). Monitoring technologies can create a psychological disturbance, sometimes called obtrusiveness (Hensel et al. 2006; Nefti et al. 2010), expressed in a feeling of ‘being watched’. Perceived violations of personal privacy are often linked to the types of sensors used, with cameras often linked to severe violations (Caine et al. 2006; Leone et al. 2011; Zwijsen et al. 2011; Tiwari et al. 2010; Stowe and Harding 2010; Demiris et al. 2004). On the social side, personal privacy concerns control over social interaction through geographical distance, group membership, and location. It is connected to physical privacy (Bagüés et al. 2007b; Coughlin et al. 2007; Little and Briggs 2009) and can contribute to social isolation.

For H-IoT used in chronic illness management, potential violations of personal privacy can be justified on the basis of ‘need’ for the technology, derived from safety concerns (Zwijsen et al. 2011; Steele et al. 2009) or the delay of a move to residential care (Townsend et al. 2011; Remmers 2010; Essén 2008; McLean 2011). This type of ‘tradeoff’ highlights the potential for H-IoT to simultaneously violate and enhance privacy. A tradeoff has been observed between personal privacy and safety, particularly among the mentally impaired patients (Ojasalo et al. 2010; Stowe and Harding 2010; Landau et al. 2010), as well as frail elderly (Melenhorst et al. 2004; Courtney 2008; Courtney et al. 2008; Steele et al. 2009), and chronically ill persons (Salih et al. 2011; Neild et al. 2004). In these contexts, it has been stressed that personal privacy can be both protected by eliminating the need for in-person care (Ojasalo et al. 2010; Essén 2008) and violated by the presence of a monitoring device (Melenhorst et al. 2004; Steele et al. 2009; Salih et al. 2011). The tradeoff between privacy and safety may be seen as a necessary part of aging, with increasing susceptability to health problems (Steele et al. 2009), though this view should not be applied generally to associate aging with reduced expectations of privacy, or to justify increased privacy violating interventions.

Obtrusiveness, stigma and autonomy

The perceived obtrusiveness and visibility of H-IoT devices affects user acceptance and long-term use (Demiris 2009; Demiris and Hensel 2009; De Bleser et al. 2011; Townsend et al. 2011). Obtrusiveness has been defined as “a summary evaluation by a person based on characteristics or effects associated with the technology that are perceived as undesirable and physically and/or psychologically prominent” (Hensel et al. 2006, p. 430). The definition refers to the distinction between physical and mental obtrusiveness, as seen in non-medical ambient intelligence applications (cf. Brey 2005). A sense of obtrusiveness can lead to subversion of a system’s functions, for instance by walking around pressure sensors or otherwise disabling the system (Courtney et al. 2007).

The psychological disappearance of H-IoT when used in personal spaces such as homes or residential care can also cause ethical problems (Ebersold and Glass 2016). H-IoT embedded in a home or care environment may be forgotten following extended use (Essén 2008; van Hoof et al. 2011). Sensors ‘fading into the background’ may make users more comfortable in the home (Courtney 2008) and preserve its interpersonal character and meaning for residents (cf. Roush and Cox 2000). At the same time, the validity of consent is undermined if users forget that monitoring is occurring. Rather than consent being a one-off event, occasional renewals of consent may be necessary to ensure monitoring has not merely been forgotten. This is particularly important for cognitively impaired users unable to grant consent (Kenner 2008; Bowes et al. 2012). These concerns can extend to guests of a monitored individual, which suggests the possibility of inadvertent monitoring (Neild et al. 2004).

The related concept of visibility refers to the degree to which a H-IoT device is noticeable to the user and others, both at home and in public (Robinson et al. 2007; Landau et al. 2010; Essén 2008; van Hoof et al. 2011). Visibility is not equivalent to obtrusiveness. It describes aesthetic aspects of a device, and their impact on the perceptions of users and others. Characteristics affecting visibility included ease of use, size and weight (Landau et al. 2010).

Highly obtrusive or visible H-IoT devices can be ethically problematic insofar as both types of devices disrupt a user’s normal behaviour or autonomous decision-making. In residential care, monitoring has been seen to influence resident’s behaviour in monitored areas (Essén 2008), suggesting awareness of embedded H-IoT sensors may influence user behaviour. The presense of sensors in homes has similarly been shown to influence resident’s behaviour and daily routine (Tiwari et al. 2010). The perception of being watched is often to blame (Essén 2008). Similarly, risk taking among elderly users, which can represent a desire to retain independence at home despite safety risks, has been observed to lessen in the presence of H-IoT (Remmers 2010; Percival and Hanson 2006).

Obtrusive H-IoT can also impact a user’s sense of identity, including by exposing the user to stigma (Courtney 2008). Identity concerns a person’s concept of who they are, the moral and social beliefs they embrace and how they relate to others. Attached to the person’s body or installed in the personal environment, H-IoT can become an extension of the person and an embodiment of the illness or the physical activity being monitored (Courtney 2008). A person’s identity is often affected by an illness or concern which becomes part of their identity, e.g. I’m a schizophrenic or I’m a bad sleeper (Edgar 2005). The use of H-IoT may materialise these concerns.

A distinction can be drawn here between consumers using commercial devices (general for fitness or well-being) and patients using clinical devices. Concerns with obtrusiveness are more obviously relevant to clinical devices, to which stigma may be attached (Hensel et al. 2006; Courtney 2008). Consumer fitness and well-being trackers are designed to be observed or at least aesthetically attractive for users and are unlikely to carry a negative stigma. Similarly, devices re-purposed for H-IoT sensing, such as smart phones, need not be noticeable as H-IoT is different from their main functionality and, thus, they are unlikely to rain obtrusiveness or visibility concerns.

Clinical devices can carry stigma due to an association with a disease or health condition. Stigma can influence a user’s sense of identity and behaviours. Elderly users in residential care have, for instance, been seen to experience feelings of frailty when devices are publicly visible, insofar as they indicate ill health or a need for monitoring to others (Courtney 2008). Even when devices are not publicly visible (for instance, when they are worn under clothing, implanted or embedded in surroundings), alerts and reporting of abnormal behaviour or emergencies can have a similar effect. Behaviours indicating frailty are often hidden by elderly or infirm users to control how others perceive them (Percival and Hanson 2006). H-IoT can thus erode the ability to manage public identity.

Similar to consumer devices, design can minimise obtrusiveness to protect a user’s decision-making autonomy and sense of identity. Aesthetically pleasing or minimally visible devices, (Wu et al. 2012) can reduce such impact. However, this should not be achieved paternalistically; perceptions of obtrusiveness will vary between users, meaning design choice is essential to allow users to choose devices fitting their particular needs and values. Devices can, for instance, include ‘plausible deniability’ features that allow imprecise or false secondary data (e.g. location) to be entered by the user (Greenfield 2008; Bagüés et al. 2007a). A balance sensitive to the needs of specific user groups should nonetheless be struck; the inclusion of such a feature on devices designed for cognitively impaired users could, for example, pose a significant safety risk.

Community-wide implementation that ensures a ‘level playing field’ between residents is another possible solution (Courtney 2008). The ethical acceptability of the latter solution must, however, be questioned, as it violates the norm that H-IoT should only be used as needed, based on the particular situation of an individual (Mittelstadt et al. 2014) “monitoring for monitoring’s sake” (Bowes et al. 2012), or pursuing monitoring as an end in itself (Coughlin et al. 2007; McLean 2011) is to be avoided.

Ethical issues for H-IoT data protocols

H-IoT devices generate a large volume and variety of data describing the personal health and behaviours of users. Much of these data can be used for medical research and consumer analytics. The design of protocols to enable user and third party access to H-IoT datasets also raises ethical concerns.

Informational privacy

Informational privacy concerns control of data about oneself (e.g. Chan et al. 2009; Demiris 2009; Jea et al. 2008; Mitseva et al. 2008; Mittelstadt et al. 2011; Tentori et al. 2006; Tiwari et al. 2010; van De; Garde-Perik et al. 2006; van Hoof et al. 2007). At its narrowest, informational privacy can be equated with hiding personally identifiable data from unauthorised parties (Garcia-Morchon et al. 2011; Ahamed et al. 2007), and can be quantifiable (Srinivasan et al. 2008). As health data are normally considered as particularly sensitive both in an ethical and legal sense (Baldini et al. 2016), informational privacy is a central concern for the design and deployment of H-IoT, insofar as it contributes to gain control over the spread of information about the user’s health status and history.

Concerns over data control are common in research assessing the privacy experiences of H-IoT users (Coughlin et al. 2007; Courtney 2008; Little and Briggs 2009; Melenhorst et al. 2004; Wilkowska et al. 2010; Henze et al. 2016). Expectations of control must adapt to “a world of numerous interconnected machines constantly talking to each other and observing the real-world environment.” User’s privacy and decisional autonomy are challenged by the ability of H-IoT “to transfer decisions that impact an individual’s life to devices and algorithms and take action on those decisions without the awareness of the individual” (Ebersold and Glass 2016, p. 147).

Local anonymisation of data prior to communication may help prevent unauthorised access or identification of the user (Agrafioti et al. 2011; Clarke and Steele 2015). Similarly, allowing users to enforce privacy preferences before transmitting sensitive data can help protect context-specific expectations of privacy (Baldini et al. 2016; Henze et al. 2016). However, risks of re-identification of anonymised data through aggregation and re-purposing, and the tradeoff between the scientific or commercial value of data and de-identification must be taken seriously (Peppet 2014; Ebersold and Glass 2016; Jiya 2016; Baldini et al. 2016). For both identifiable and de-identified data, policies restricting access to identifiable data (Subramaniam et al. 2010; Bagüés et al. 2007b; Garcia-Morchon et al. 2011) only for acceptable purposes (Massacci et al. 2009; Chakraborty et al. 2011; Beaudin et al. 2006) can address privacy risks. For instance, access can be agreed upon ahead of time for researchers depending on the study to be developed (Master et al. 2014). At the same time, for instance, a user may allow differential access, permitting her data to be used for public health surveillance but not genomics. The transparency of relationships between data collected and purposes of collection is considered to be central to protecting privacy of users (Giannotti and Saygin 2010), who make decisions regarding acceptable uses.

Users may not be aware of the extent to which data can be accessed outside of the context in which they are created (boyd and Crawford 2012), particularly when ‘scraped’ from publicly accessible Internet platforms. A helpful distinction has been recognised by boyd and Crawford (2012) between ‘being in public’, in the sense that many forms of communication on the Internet (e.g. Twitter, forums) are publicly visible by default, and ‘being public’, or purposefully making something publicly known or accessible. Re-enforcing this distinction in the design of devices may help users form realistic privacy norms for H-IoT. ‘Offline’ privacy barriers, such as physical walls, can for example be replicated when considering access to data by requiring explicit action by users in order to upload or share data to publicly accessible locations (Mittelstadt and Floridi 2016).

Examples from the literature show that informational and personal privacy can overlap. Data transmission can, for instance, violate both information and physical privacy (Brey 2005; Friedewald et al. 2007). The transmission of personal data by H-IoT devices can transgress privacy protecting natural, social, spatial, temporal, ephemeral, and transitory borders (cf. Marx 2001). At the same time, by controlling the dissemination of personal information, a person may be spared future physical, social, and decisional disturbance from third parties, such as friends, family, and service providers (cf. Friedewald et al. 2007).

Despite the empowerment of users derived from informational privacy, control can justifiably be limited in certain situations. Empirical studies into attitudes towards H-IoT reveal a preference to forego informational privacy in emergency situations (Rashid et al. 2007, p. 191; Steele et al. 2009), which highlights the need to find a balance between the desire to control data and enjoying the benefits of services which require that data. A similar balance is expressed in preferences towards H-IoT for data gathering over human intrusion into the home (cf. Essén 2008). User-end policies have been proposed as a solution which allows users to pre-define a customized level of privacy meeting their expectations (Friedewald et al. 2007; Massacci et al. 2009; Garcia-Morchon et al. 2011). Privacy tools such as these are meant to enable users to freely move between and interact with a range of H-IoT systems without negotiating individual privacy agreements, while respecting the necessity of informed consent (cf. Bagüés et al. 2007b).

The security of H-IoT devices and protocols is a prerequisite for informational privacy and patient safety. In reference to security of data, ‘security’ and ‘privacy’ are often used interchangeably (e.g. Ahamed et al. 2007a; Armac et al. 2009; Busnel and Giroux 2010; Chan et al. 2008; Dhukaram et al. 2011; Elkhodr et al. 2011; Garcia-Morchon et al. 2009; Mana et al. 2011; Stuart et al. 2008; Wang et al. 2008). The concepts must be differentiated by their ends: security is concerned with guaranteeing the quality of the data collected by and passing through a system in terms of “confidentiality, integrity and availability” (Giannotti and Saygin 2010, p. 75), enabling users to protect privacy by controlling dissemination of their data and preventing hacks or breaches (Peppet 2014).

In reference to patient safety, concerns with the vulnerability of devices and protocols to external attacks, breaches, and leaks of data are relevant. Actuating functions are particularly important from a safety perspective, insofar as a breach can seriously compromise the user’s health.Footnote 4 One can imagine the harm following from a breached automated insulin pump, administrating the wrong dosage to the patient.

Breaches of H-IoT devices that could undermine users’ safety would also mine users’ trust in the technology, the producers, and the data controller (Sajid and Abbas 2016). Many existing H-IoT ‘apps’ lack robust privacy practices and policies, and thus fail to comply with data protection accreditation programmes intended to foster trust and protect user privacy (Huckvale et al. 2015). Trust is a prerequisite for H-IoT systems to be viewed as privacy enhancing in the context of informational privacy (Bagüés et al. 2010; Chakraborty et al. 2011; Coughlin et al. 2009; Dhukaram et al. 2011; Rashid et al. 2007; Wang et al. 2008; Yuan et al. 2007). In this case, trust involves the system collecting and processing data, users providing the data, and stakeholders accessing the data (Bagüés et al. 2010, p. 352; Little and Briggs 2009; Kosta et al. 2010; Taddeo 2010a; Taddeo and Floridi 2011). Lack of trust has been linked to reluctance among potential users to use a give technology and can, thus, undermine adoption of H-IoT (McLean 2011; Brey 2005).

Trust can be understood as a combination of the credibility, motivation, transparency, and responsibility of a system, understood as a combination of devices, developers, data controllers, and users. Credibility is linked to reputation (Little and Briggs 2009; Rashid et al. 2007, p. 190; Taddeo 2010b), insofar as a data controller must be seen as responsible or credible enough to handle sensitive personal data. Motivation refers to the intentions of stakeholders, or how they intend to use the data of users. Monitoring of parameters or putting data to uses beyond those explicitly agreed upon by users can undermine trust. These motivations, and intended uses of data, should be transparent to users, as should the sum of data collected and held about them. To achieve trust, systems must allow users to review and control their data (see also “Data sharing and autonomy” and “Ownership and data access” sections).

Data sharing and autonomy

Autonomy can refer to a right to make personal decisions (Demiris 2009), a right to freedom (Brey 2005), or a right to independence (Remmers 2010). Autonomy is often discussed in terms of freedom and independence, particularly in reference to assistive technologies (Remmers 2010; Zwijsen et al. 2011; Robinson et al. 2007), smart homes (Remmers 2010; Townsend et al. 2011; Brey 2005), and H-IoT embedded in residential care (Dorsten et al. 2009; Zwijsen et al. 2011). Generally speaking, the freedom of users may be impeded due to the presence of sensors or transmission of data generated by H-IoT devices.

Privacy can be considered a prerequisite for autonomy (cf. Floridi 2016; Wachter 2017). Undesired sharing of information or intrusions into physical spaces or social relationships can impede a user’s capacity to make decisions (Bowes et al. 2012; Essén 2008). H-IoT data can contribute to profiling of users as ‘health impaired’ or ‘at-risk’ (Rigby 2007; Percival and Hanson 2006; McLean 2011). In turn, this profiling influences the choices made available by other third parties with access to the profile (Kosta et al. 2010).

H-IoT used for chronic illness management can alternatively gradually reduce rather than outright impede user autonomy, for instance by automatically issuing alerts of abnormal behaviours, readings or emergencies. While undoubtedly important functions to ensure patient safety, alerts can similarly impact on a user’s sense of self-reliance (Percival and Hanson 2006; Remmers 2010) when it is perceived that a carer or medical professional will be alerted whenever something goes wrong (Bowes et al. 2012; Fugger et al. 2007; Demiris 2009). Carers given access to the data collected by a H-IoT device can assess the patient’s behaviour, such as whether a treatment plan is being correctly followed (De Bleser et al. 2011), or the user is engaging in risky behaviour. This type of oversight by carers can disrespect the patient’s self-determination and autonomy (Remmers 2010). Dependent users may also experience changes to their relationships with carers (Palm et al. 2012). In this context, Kenner (2008) suggests, for example, that carers should assess when interventions based on H-IoT data could potentially infringe upon the user’s rights to privacy and autonomy.

Consent and the uncertain value of H-IoT data

While recognising the inherent uncertainty of the future value of data in academic research and commercial analytics, manufacturers must nevertheless consider the potential value of data generated by their devices. Two related concerns must be addressed. First, does the device collect the minimal amount and types of data necessary to deliver the promised service, so as to minimize privacy risks to the user? Second, to what extent are users informed of the potential value and third party uses of the data they generate? The first concern has already been addressed above (see “Informational privacy” section).

Regarding the second, traditional models of informed consent are not directly applicable to H-IoT data. Terms of Service and other end-user agreements governing these applications tend to permit collection, aggregation, and analysis of usage and behavioural data without clear indications of how data will be used in the future, beyond general statements about third party access. H-IoT devices can generate ‘invisible data’ for which the user is unaware of the scope or granularity of parameters being measured (Peppet 2014; Denecke et al. 2015; Bietz et al. 2016). A lack of an explicit informed consent mechanism in end-user agreements between H-IoT manufacturers and users gives cause for concern (Fairfield and Shtein 2014), even when ‘participants’ are ‘de-identified’ (Ioannidis 2013), when the data generated are intended to be re-purposed for medical research or comparable consumer analytics (Taddeo 2016). Device manufacturers must design user agreements to represent fairly the uncertain value of data generated by users, and the potential for aggregation and linkage by third parties for both research and commercial purposes. Even if user agreements are designed in this way, the communication of limited but relevant and informative information based on user’s context- and cohort-specific needs remains a challenge (Pasluosta et al. 2015).

Consent is normally granted for participation in a single study, not covering unrelated investigations resulting from sharing, aggregating, or even repurposing data within the wider research community (Choudhury et al. 2014, p. 4). Such ‘single-instance consent’ is challenged by new opportunities for secondary analysis based on linked and aggregated data, and which often reveal unforeseen connections and inferences (cf. Peppet 2014; Mittelstadt et al. 2016). This is a pressing problem. While the initial risks and benefits of adopting H-IoT can reasonably be presented to potential users, the future utility and invasiveness of the data (i.e. what the data can reveal about the private life of the user) cannot be known at the point of adoption (Clayton 2005; Choudhury et al. 2014; Kaye et al. 2015; Peppet 2014).Footnote 5 Invasive inferences can be made about users based on collected data, potentially resulting in discrimination or exclusion from data-driven services, or decision-making based upon private knowledge the user would otherwise not choose to share (Peppet 2014; Haddadi et al. 2015; Kostkova et al. 2016). For example, secondary effects of pharmaceuticals can be identified by comparing data from multiple clinical trials as well as ‘informal sources’, such as incidental self-reporting via social media and search engine queries (Salathé et al. 2012). In this type of research, the connections that can be revealed by linking diverse datasets cannot be accurately predicted.

This uncertainty introduced by Big Data analytics means that single-instance consent is largely inadequate to foster the scientific value of data science in general, and H-IoT in particular. The uncertain risks of H-IoT should, however, be considered next to the potential benefits of aggregation and re-use, both for the user’s direct healthcare and well-being and for the development of medical knowledge (Bietz et al. 2016).

Ownership and data access

Data subjects and controllers share vague ‘ownership’ rights regarding the redistribution and modification of H-IoT data (Kostkova et al. 2016). These rights are guaranteed through privacy and data protection law, and may require extension according to prevailing ethical ideals concerning privacy, autonomy, and the right to identity (cf. Floridi 2011). In Europe for example, data subjects retain rights guaranteed through privacy and data protection law to be ‘kept in the loop’ regarding data processing and storage (Tene and Polonetsky 2013), meaning that data subjects retain rights to be notified when data about them are created, modified or analysed, and must be provided means to access and correct errors or misinterpretations in the data and knowledge derived from it (Coll 2014). When legal requirements do not result in meaningful and practically useful access for data subjects (e.g. Wachter et al. 2017a), ethical principles can be drawn upon both to ground changes to the law and to argue that responsible data controllers will go above and beyond legal requirements to ensure meaningful access.

H-IoT protocols can be designed to meet ethical standards that extend beyond legal requirements, for example by allowing data subjects greater access or opportunities to modify or correct their data than required by data protection law. Superficially, such ethical standards can be connected to the legally recognised ‘right to be forgotten’,Footnote 6 insofar as similar rights to modify privately held personal data (as opposed to public links) could conceivably be granted as an oversight mechanism. Hypothetically, it has been argued that a right to ‘self-determination’ can ground such connected data rights (Coll 2014) to contrast the ‘transparency asymmetry’ that exists when consumers lack information about how data about them are “collected, analysed and used” (Coll 2014, p. 1259; Richards and King 2013). Background social prejudices, inequalities, and biases can have greater influence in data processing where subjects lack oversight (McNeely and Hahm 2014; Oboler et al. 2012).

Accessibility does not come without risks. For instance, it has been noted that unrestricted access to raw data may be harmful if subjects lack the necessary expertise or resources for interpretation (boyd and Crawford 2012; Coll 2014; Pasluosta et al. 2015). Misinterpretation is a concern when data are assessed without assistance, e.g. from a trained clinician, carer or data scientist (Watson et al. 2010). Furthermore, revision rights undermine the accuracy and integrity of datasets due to modifications made by data subjects.

Data subject rights to access and modify data are reliant upon the subject being aware of what data exist about her, who holds them, what they (potentially) mean, and how they are being used. Assuming such rights are sought, significant technical and practical barriers to their realisation exist. ‘Big Data’ requires significant computational power and storage, and advanced scientific know-how (Burrell 2016; Mittelstadt and Floridi 2016). As with any type of data science, technical expertise and background knowledge is required to make sense of the data being shared. Expecting data subjects to acquire the necessary skills to derive meaning from shared data is unreasonable (Andrejevic 2014). If meaningful access rights are sought, alternative arrangements and assistance must be available.

Data subjects, thus, face considerable barriers to accessing and understanding the meaning of data produced by H-IoT. Meaningful oversight and control of personal data are unrealistic expectations under these conditions (Mittelstadt and Floridi 2016). Gaps exist between the ideal protections for informational privacy and the actual capacity of data subjects to exercise meaningful control over their data (Andrejevic 2014). Without further assistance from data controllers, data subjects will remain unable to understand the meaning and scope of their data being processed or request modifications and corrections. Domain-specific requirements are needed that describe reasonable access rights and barriers to access. Consideration should also be given to the need to alter legal and ethical standards for data controllers to provide meaningful access. Data controllers can, for instance, explain how categories, profiles or other criteria are used to make sense of H-IoT data (cf. Hildebrandt and Gutwirth 2008), which tells data subjects how they are being compared with other H-IoT users and patients. A full explanation of how a specific automated decision was reached based, at least in part, on H-IoT data is another option, albeit one currently lacking legal force (for a discussion of this problem in European data protection law, see Wachter et al. 2017a, b).

While modifications to data protection law are one possibility to the accessibility and visibility of H-IoT data collection and processing for data subjects, the development of ethical standards for data controllers handling H-IoT data may be more feasible in the short term. McNeely and Hahm (2014, p. 1654) have proposed a set of ‘core principles of expanded data sharing’ to be followed by “any system that is ultimately adopted for expanded access to participant-level data.” The principles focus on several norms and concepts, including responsibility, privacy, equal treatment of all data requesters/trial sponsors, accountability of data controllers and requesters, the practicality of the system in terms of transparent and timely responses to data requests, and a lack of other such unnecessary barriers to access. Alternatively, Nunan and Di Domenico (2013) have recommended enforcing a ‘right to be forgotten’, a ‘right to data expiry’, and the ‘ownership of a social graph’ by data subjects. The first refers to the ability of data subjects to request that links to information about them be deleted. The second refers to the automatic deletion of unstructured data after a set period of time if they no longer have any commercial or research value.Footnote 7 The third will detail what data exist about an individual, when and how they were collected, and where they are stored.

It can also be argued that data subjects should be allowed to derive personal benefit from their data beyond the products or services provided by the data controller (Tene and Polonetsky 2013). If a right to benefit from data about oneself is recognised, subjects should arguably be offered “meaningful rights to access their data in a usable, machine-readable format” (Tene and Polonetsky 2013, p. 242). Such steps allow subjects to find individual benefits from the data they produce and communities (or aggregated datasets) in which their data reside (Lupton 2014b). Currently, data subjects tend not to benefit directly from analysis of data collected about them—users of Facebook, for instance, do not share in the revenue derived from targeted advertisements. The continuing development of products and services based on secondary analysis of personal data, such as that generated by H-IoT, will raise questions over ownership rights to intellectual property developed from H-IoT data. Similar to R&D for pharmaceuticals (Chapman et al. 2003; Petryna et al. 2006), data subjects can make a strong ethical (but not necessarily legal) claim to share in the benefits of products and services developed from their data.

Ethical issues for H-IoT mediated care

Other ethical problems with H-IoT focus on the impact on the delivery of healthcare and the maintenance or augmentation of norms of ‘good practice’ in medical and social care.

Social isolation

The use of H-IoT to manage health conditions at home or in residential care can contribute to social isolation of users. Visits from medical personnel and carers may be less necessary if daily monitoring of conditions is controlled by H-IoT (Demiris et al. 2004; Stowe and Harding 2010; Tiwari et al. 2010; Wu et al. 2012). Studies involving older people have revealed a concern that H-IoT will replace personal and social interactions with carers (Chan et al. 2008; McLean 2011; Palm 2011; Zwijsen et al. 2011; Wu et al. 2012) rather than merely supplementing them, as it is often promised. Collection of contextual information about a patient’s condition via face-to-face interactions can be difficult to replicate with sensors (Percival and Hanson 2006; see “‘Good’ care and user well-being” section).

While a concern over increased social isolation was common, assistive homecare robots (which can in be considered H-IoT when Internet-enabled) and social networking features in clinical H-IoT have been proposed as solutions (Wu et al. 2012; Percival and Hanson 2006). Such solutions can only be considered sufficient if it is assumed that robots or social networking sufficiently replaces interactions between users and human carers. These different modes of interaction will not necessarily replicate face-to-face interactions, or similarly contribute to users’ mental health and well-being, and this brings about some fundamental ethical problems concerning the nature and the scope of medical and health-care practitioners.

Decontextualisation of health and well-being

H-IoT is often promoted as a way to improve the efficiency and quality of both clinical care and long-term management of health and well-being. These benefits rely upon a number of factors, including the parameters by which ‘good’ care and health management are measured. One risk presented by H-IoT is the simplification of health and patient care to parameters and processes that can be easily measured or automated.

H-IoT can limit assessment of a patient’s condition to a narrow range of easily measurable or quantifiable considerations, which could bias assessment towards an overly optimistic prediction of the technology’s effects (Mittelstadt et al. 2014; Coeckelbergh 2013). Conditions can increasingly be modelled and monitored through data, supplementing or replacing verbal accounts and physical care (cf. Morris 1996; Edgar 2005). A key challenge lies in reflexive examination of the epistemic limits of these data representations of the patient, which pre-emptively restrict the physician’s understanding of the patient’s case by filtering it through the interpretive frameworks designed into the monitoring systems that have constructed the data representation (cf. Lyon 2003; Hildebrandt 2008). Monitoring data can be communicated to the care team and patient in varying degrees of complexity and completeness. When systems simplify or summarise the data prior to it reaching the care team or patient, the data become value-laden (cf. Gadamer 1976). Monitoring physiological parameters reproduces a certain conception of ‘health’, whereby a patient’s condition is increasingly evaluated and understood in terms of parameters that can be monitored and related metrics. Devices that allow for continuous monitoring of blood pressure can, for example, change how ‘high blood pressure’ is classified compared to prior interval contingent measurements (Laurance 2011). Measurements which would indicate high blood pressure when measured once-off (for instance, in a doctor’s office) may instead come to be understood as natural fluctuations within a normal range. A related risk exists that monitoring data will increasingly be seen as an ‘objective’ measure of health and well-being, thereby reducing the importance of contextual factors of health or the view of the patient as a socially embodied person (Haggerty and Ericson 2000). H-IoT may create a ‘veneer of certainty’, in which ‘objective’ monitoring data are taken to represent a true representation of the patient’s situation, losing sight of the data collection context (Bauer 2004; Lupton 2013b, p. 398).

Assuming patients have a right to control over their personal data and inviolate construction of personal identity (cf. Floridi 2011), the obfuscation of such filtering processes and their normalizing effect on evaluations of health can be considered ethically problematic. The patient is unlikely and unable to be made aware of the categorisations and interpretations of the data that frame his treatment (Monahan and Wall 2007; Lupton 2012; Mittelstadt and Floridi 2016), yet she will be treated by medical professionals and institutions on the basis of this identity that has been constructed beyond her control or awareness.

A related problem concerns the quality of care provided to the patient, wherein H-IoT can be seen as ethically problematic if it undermines clinically effective or benevolent care. Monitoring data can complicate assessments of the patient’s condition, which would otherwise rely upon physical examination and tacit knowledge (Lupton 2013a; Coeckelbergh 2013). A patient’s condition has traditionally been understood through clinical tests and interactions, and the patient’s verbal account. H-IoT data introduces a new source of information. The amount and complexity of monitoring data makes it difficult to identify when important contextual information is missing from monitoring records (cf. Knobel 2010). Reliance upon H-IoT data as a primary source of information about a patient’s health can result in ignorance of aspects of the patient’s health that cannot easily be monitored by H-IoT, such as their social, mental, and emotional state (Coeckelbergh 2013). ‘Decontextualisation’ of the patient’s condition can occur as a result, wherein the patient loses some control over how her condition is presented and understood by clinicians and carers (Lupton 2013a; Coeckelbergh 2013; Stutzki et al. 2013). The risk is particularly acute when face-to-face encounters conducive to empathetic and compassionate care (cf. Gelhaus 2012a, b) are replaced by remote monitoring. Psychological aspects of well-being describable only by the patient would subsequently be lost from the clinical encounter (cf. Morris 1996; Barry et al. 2001; Edgar 2005), unless specifically requested through remote consultations or follow-up with the patient. Institutions and physicians may be tempted to ‘close down’ discourses with patients by placing greater importance on ‘objective’ H-IoT monitoring data than the patient’s subjective experience and voice (Coeckelbergh 2013; Mittelstadt et al. 2014).

‘Good’ care and user well-being

All of these possibilities suggest H-IoT can routinely produce a poorer view of social and contextual factors of a patient’s health, in particular relating to mental health and well-being (Lupton 2013a). Bauer (2004, p. 84) suggests that technologies which inhibit communication of “psychological signals and emotions” impede the physician’s knowledge of the patient’s condition, “retarding the establishment of a trusting and healing physician-patient relationship.” Care providers may be less able to demonstrate understanding, compassion, and other desirable traits found within ‘good’ medical interactions in addition to applying their knowledge of medicine to the patient’s case (cf. Pellegrino and Thomasma 1993; MacIntyre 2007; Beauchamp and Childress 2009). As a mediator placed between the physician and patient (Mittelstadt et al. 2014), H-IoT changes the dependencies between clinicians and patients by turning some degree of the patient’s ongoing care over to a technological artefact. At a minimum, responsive steps need to be taken to develop a trusting relationship between patients, medical professionals, and H-IoT manufacturers, for example by using monitoring as a way to initiate rather than replace dialogue between patient and doctor. The development of norms to govern H-IoT mediated or online medical communication may also help preserve the integrity of the doctor-patient relationship (Denecke et al. 2015).

Care via monitoring implies a loss of opportunities to develop trust and relational understanding between patient and carer, which traditionally develop via face-to-face care (Coeckelbergh 2013; Laplante and Laplante 2016). H-IoT can create epistemic and social distance between patients and health professionals. Such distance can be considered ethically problematic insofar as it contributes to misunderstanding of the patient’s health and well-being beyond physiological measurements (Lupton 2015). At a minimum, responsive steps need to be taken to develop a trusting relationship, for example by using monitoring as a way to initiate rather than replace dialogue with the patient. Monitoring does not need to develop into a barrier to good care relationships in itself (Coeckelbergh 2013); H-IoT does not undermine ‘good’ healthcare out of necessity. Rather, H-IoT is ethically problematic insofar as it is used poorly, without the limitations of its measurements being acknowledged and corrected for in the user’s overall care (Coeckelbergh 2013).

As a result of such qualitative differences in the types of care enabled by H-IoT, more efficient usage of limited healthcare resources can come at the cost of excellence-in-practice, or “craftsmanship” (Coeckelbergh 2013). A potential exists in professional healthcare for H-IoT to alter care relationships and displace responsibilities traditionally fulfilled by professional carers and clinicians. Despite this, existing academic discourse tends to conceive of the ethical possibilities of H-IoT in terms of harms and benefits for individual patients, clinicians, developers or medical organisations (Mittelstadt et al. 2013, 2014). As discussed above, some literature addresses the isolating effects of H-IoT, but further exploration of the normalizing effects and ‘decontextualisation’ of H-IoT data on medical encounters is badly needed.

Risks of non-professional care

Where H-IoT is used to reduce the burden on professional resources for social and medical care, a burden is implicitly shifted to family members, friends, and the community (‘informal carers’) to replace interpersonal and social interactions that would otherwise be lost. Additionally, informal carers can become, not necessarily willingly, the first point of contact for H-IoT alerts. Even if care duties are fully and readily accepted by informal carers, the same moral obligations that bind medical and social care professionals will not necessarily be met by informal carers (cf. Palm 2011), in part because informal care lacks a deontological code, moral and legal obligations, and training of medical professions. The nature of care experienced by the user is thus changed by H-IoT. Medical professionals have moral obligations placed upon them, for instance to act in the best interests of patients rather than self-interest or to not exploit the patient’s vulnerability in seeking out medical care (cf. Pellegrino and Thomasma 1993). Professionals develop norms of good practice over time, and come to appreciate the needs of patients beyond the physiological. This practical wisdom and professionalism are lost when care is shifted to informal carers (Coeckelbergh 2013). Professionalism and craftsmanship may be eroded through an isolation of care workers from the patient and other health professionals, where face-to-face interactions are replaced or modified by technologically-mediated work, reducing opportunities for skill development, community, and character building within medicine (Coeckelbergh 2013).Footnote 8

This change does not mean that non-professionals are ‘bad’ carers by default, or that patients will necessarily face greater risks from H-IoT mediated care. Informal carers can similarly develop norms of good practice over time. However, training in medical and social care emphasises the vulnerability of patients and the moral obligations placed upon professionals in these fields (Coeckelbergh 2013). This awareness will not automatically transfer to informal carers. When deploying H-IoT, it is critical to acknowledge the change and to re-evaluate what ‘good’ medical and social care look like when mediated by H-IoT, for instance by monitoring for deficiencies that impact both the patient’s health and psychological well-being. The impact of H-IoT devices and services autonomously interacting with one another or communicating data to third parties will be particularly difficult to predict (Ebersold and Glass 2016).

Entering into a care relationship requires trust (Pellegrino and Thomasma 1993; Pellegrino 2002); whether trusting ‘physician proxies’ (e.g. monitoring service providers) is wise can be determined only on a case-by-case basis. The moral obligations of the healing relationship (Pellegrino and Thomasma 1993) are displaced through the introduction of new devices or stakeholders that provide care, without clearly changing the patient’s experience of illness (e.g. fear, helplessness, dependency) or their expectations of care and carers (Edgar 2005). The patient’s ‘vulnerable’ position in the relationship (Pellegrino and Thomasma 1993) may not be evident to these new stakeholders or sustained throughout the relationship.

Users of H-IoT face new risks, many of which stem from inappropriate uses of collected data. Users may face unwanted personalised marketing and personalised insurance premiums (Percival and Hanson 2006; Kosta et al. 2010), exclusion from services or offerings due to limiting access to personal data (Brey 2005), or discrimination resulting from inferential analytics (Peppet 2014). To limit possibilities of data misuse and come closer to an ideal of informed consent, information about data retention and processing aims needs to be available to users before data are collected (Kosta et al. 2010).

Strong protection of users’ informational privacy (see “Informational privacy” section) can help restore a balance by limiting such unwanted disturbances and exploitation, such as advertising based upon the user’s medical history. Profiling, behavioural regulation, and social sorting all depend upon personal data (Kosta et al. 2010). Controlling data and information flows can thus enhance a user’s autonomy and privacy by acting as a check on the power of medical organisations, data controllers, and researchers (Friedewald et al. 2007; Moncrieff et al. 2009).

These concerns suggest that the degree to which H-IoT will inhibit ‘good’ medical practice hinges upon the model of service. If delivery is handled entirely by existing care teams bound by the moral obligations of the healing relationship, the problems created by ‘non-virtuous’ stakeholders entering the relationship are reduced, albeit not eliminated. As it stands, patients’ trust will be misplaced so long as equivalent norms of practice for providing healthcare-via-monitoring remain unspecified. Such norms require the communication of role-based obligations to new care providers, both informal carers and providers of H-IoT devices and services, including dialogue to define appropriate codes of conduct and related principles of good practice in H-IoT mediated informal care (Palm 2011; Mittelstadt et al. 2014). Alternatively, it can be argued that ‘good medicine’ (cf. MacIntyre 2007; Pellegrino and Thomasma 1993) should increasingly be re-defined around patients exercising greater control over their care in H-IoT-mediated relationships in the future to counteract reduced involvement of clinicians (as moral practitioners in medicine). The ideal of ‘self-responsibility’ can mean that patients gain greater autonomy in the healing relationship at the cost of increased responsibility for their health and well-being.


This paper reviews ethical problems arising from the design and deployment of H-IoT as described in the relevant literature. These problems can broadly be distinguished by their focal point on devices, data protocols, or medical and social care. The range of ethical issues described in this article are intended as a starting point for further discussion and specification of moral responsibilities and principles for responsible design and deployment of H-IoT. The discussion should be carried on in collaboration with designers of H-IoT devices and protocols targeting specific diseases, patient populations, and functionality.

Many ethical issues face both the design and deployment of H-IoT in healthcare. While some issues can be addressed by choices in the design process, many manifest in the actions and responsibilities of H-IoT providers post-deployment. H-IoT can be used to mediate healthcare and traditional medical relationships among patients, doctors, medical institutions, and professionals. Informal carers and private providers of H-IoT devices and services can increasingly be involved in the delivery of care and management of health. Medical researchers also have a stake in making sense of and creating value from the data produced by H-IoT (Denecke et al. 2015). Making explicit the expectations placed on each of these stakeholders in H-IoT mediated healthcare, broadly interpreted, can go some way to mitigating many of the post-deployment concerns described here.

What remains unclear is precisely how the moral responsibilities of medical care transfer to and are acknowledged by non-medical professionals. To address this issue going forward, it is necessary to describe how the moral responsibilities of medical care can be responsibly and fairly transferred to non-medical professionals contributing to the provision of care mediated by H-IoT.

In discussing the future ethical impact of H-IoT, one should not ignore potential benefits. Access to care can be increased for groups traditionally marginalised due to geographical distance, communicative abilities, or social status (e.g. Bauer 2004). Patient safety and engagement with medical care and health outcomes can also benefit from access to detailed personal health data records and feedback. Medical research can also benefit from the wealth of longitudinal, granular data produced by H-IoT, although data protocols that permit responsible but permissive sharing of data are key.

Despite these potential benefits, better understanding of patient attitudes towards self-care and self-responsibility enacted through technologies such as H-IoT is required to assess the technology’s impact on the delivery of healthcare, and to define adequate norms for good medical and social care. The existing assumption is that patients will welcome H-IoT if it is presented as improving their autonomy, the management of health and well-being, and the quality of healthcare. Whether patients will accept the underlying sense of self-responsibility and changes to professional and informal care remains unclear. The ethical themes discussed here provide a lens to highlight such issues in future discourses over ethically acceptable design and deployment for H-IoT.