The application of mobile technologies (mobile phones or other remote monitoring devices) for health-related purposes is termed “mHealth”: a mobile tool for expanding access to health information and services around the world (K4Health 2014). According to the World Health Organization (WHO 2011:6) , mHealth is the “medical and public health practice supported by mobile devices, such as mobile phones, patient monitoring devices, personal digital assistants and other wireless devices”. Although mHealth has come to signify the use of any mobile technology to address health care challenges such as access, quality, affordability, matching of resources and behavioural norms (Qiang et al. 2011), most mHealth interventions use mobile phone technology, thanks to its versatility as an ICT tool (Leon and Schneider 2012:7).

With the pervasive growth in technology infrastructure, mHealth can reach communities in ways that conventional health services and other communication tools cannot. Mobile phones are described as potentially the most widespread embedded surveillance tools, especially due to the use of location sensors and the consequent possibility of documenting and quantifying habits, routines, and personal associations (Shilton 2009). This case study focuses on the potential ethical issues associated with the use of mHealth apps in medical research and health care. mHealth offers “attractive low-cost, real-time ways to assess disease, movement, images, behaviour, social interactions, environmental toxins, metabolites” (Collins 2012:1). It has the power to bring the research lab to the patient and obtain real-time, continuous biological, behavioural and environmental data (Collins 2012).

Mobile phones collect a wide range of personal information from their users, with or without their knowledge, which raises novel and complex ethical and practical challenges. Research teams (and clinicians) need to understand these challenges so that, without rejecting mHealth and related mobile technological advancements, they minimize any unintended harms (Carter et al. 2015). Wicklund (2015) observes that clinical studies that utilize mHealth devices and platforms are venturing into uncharted ethical territory.

Area of Risk of Exploitation

Software apps in the mHealth category can be used for collecting health-related data on a large scale for biomedical research ; the so-called “big data” (Park and Jayaraman 2014; Hsieh et al. 2013). In general, however, mHealth raises concerns regarding data security issues – from transmission of data to its local storage, and “ownership” of what is otherwise considered confidential patient data. This data is easy to obtain, but difficult or impossible to retract once shared. In addition to safety and security risks , mobile sensing also disrupts social boundaries and challenges distinctions between public and private (Shilton 2009). One of the key challenges of using mHealth in low- and middle-income countries (LMICs) is how to ensure workable approaches to privacy and security (Leon and Schneider 2012:19).

Carter et al. (2015) have identified a range of ethical issues raised by the use of mobile phones for research and clinical purposes. These are:

  • the protection of privacy

  • minimizing third-party uses of data

  • informing patients of complex risks when obtaining consent

  • maximizing benefits while minimizing the potential for disclosure to third parties

  • care in the communication of clinically relevant information

  • the rigorous evaluation and regulation of mHealth products before widespread use

In practical terms, the issues discussed below need to be considered carefully.

Context-Based and Fully Informed Consent Should Be Obtained

Researchers should seek and obtain informed consent before using mHealth technologies in research. Accordingly, participants must be informed about, and understand the risks and benefits of, mHealth technologies, and then make a free and voluntary decision to participate or not. The risks associated with mHealth are complex, and these need to be communicated and negotiated. If the study involves the collection of data from interaction with identifiable third parties, it may be necessary to obtain their informed consent as well. This in turn means that mHealth participants will have to disclose their condition and/or mHealth participation (Carter et al. 2015).

Only Necessary Data Should Be Collected

Compared with other health information systems, mHealth collects a much larger amount and broader range of data about patient lifestyles and activities, over an extended period (He et al. 2014). A potential danger to bear in mind in this regard is that of collecting excessive amounts of raw data to maximize the information extracted by the research team (Carter et al. 2015).

Any Tracking Should Be Proportionate and the Correct Person Should Be Tracked

Continuous or intermittent recording and transmission of detailed information about where a person is, and to some extent what they are doing, may breach privacy and confidentiality . There are risks of inadvertent insight into a participant’s behaviour revealing information beyond the profiles that are scientifically justified and for which data collection was employed. This also poses problems of informed consent , as privacy may be violated in ways unforeseen by either investigators or participants. Text messages (SMS) can be read by persons other than the intended recipient; messages can be forwarded and can remain on unsecured devices indefinitely. One result could be the unintended disclosure of a medical condition (Labrique et al. 2013).

Research Participants Should Know Exactly Which Data Is Collected and Who Will or Could Have Access to It

This is a great challenge, especially in a global research environment that increasingly requires the sharing of data in publicly available repositories. The case of an alleged breach of smartphone users’ privacy by manufacturers of popular smartphone apps for Apple and Android devices illustrates this risk. The manufacturers are alleged to have gathered information from personal address books on the phones of Kenyan users, stored it on their own computers, and transmitted it without the knowledge of its owners, all of which demonstrates how difficult it is to guarantee privacy when using smartphones (Mutula 2013; Wambugu 2012).

The security of data collected via mobile phones cannot be guaranteed either, in part because no strict privacy regulations exist.Footnote 1 Many mHealth apps do not use encryption when transferring data , and even when they do, hackers and governments can still gain access. Potential violations of privacy include hacking of personal data with the known likelihood of identity theft and financial losses, computer malware and virus programs, and malevolent apps planted by developers who steal data for commercial or criminal purposes (He et al. 2014).

Incentives to Take Part in Research Should Be Proportionate and not Result in Exploitation

Research involving mHealth apps often requires the participant to have a smartphone. If researchers specifically target those who do not already own newer devices or other modes of mobile technology, the prospect of being given access to such technology may unduly influence them to take part (Labrique et al. 2013:3). Patients should not, however, be excluded from mHealth monitoring benefits if they cannot afford a device capable of supporting the app or connect with networks capable of transmitting potentially large volumes of data . This requirement therefore needs very careful judgement.

Specific Case and Analysis

The details of a case of HIV/AIDS tele-counselling in South Africa were obtained from an interview with Cell-Life’s general manager, Peter Benjamin, conducted and published in 2011 by Boyle (2011). Additional information is available in a report that was prepared on the use of mobile technologies for the monitoring and evaluation of public sector community-based health services (Leon and Schneider 2012 ) .Footnote 2

Cell-Life, a non-profit organization, entered into a contract with the South African national Department of Health (DOH) for a big project. “Cell-Life started in 2001 as a research collaboration between staff of the engineering faculty of the University of Cape Town (UCT) and the Cape Peninsula University of Technology (CPUT)” (Loudon and Rivett 2013). It became a not-for-profit organization in 2006 (Loudon and Rivett 2013). In terms of the contract, the DOH set up a national mHealth system that used cellphones for monitoring an HIV counselling and testing (HCT) campaign.

Cell-Life used chat software called Mxit , which enabled users to send instant messages over a cellphone system. To do this, users had to download a small app that connected them to the Mxit server, enabling immediate communication with anyone else on Mxit. The app sent SMS-type messages through GPRS,Footnote 3 via which messaging was effectively free.

Cell-Life created a website within Mxit where it provided all the usual HIV content, information and interactive quizzes. An interesting feature that Cell-Life included was linking Mxit to South Africa’s National AIDS Helpline, so that users could text on Mxit and the message would go through to the computer screen of a professional HIV counsellor at the National AIDS Helpline. The counsellor would type a reply which would appear on the user’s cellphone screen.

Cell-Life was awarded additional contracts by the DOH for the design and implementation of a mobile monitoring and reporting system for the national HIV counselling and testing (HCT) campaign, and the national antiretroviral treatment expansion programme (Cell-Life nd) . These systems have been the subject of research into how software applications for the monitoring and evaluation of community-based care are used in a research and service delivery context (Leon and Schneider 2012).

The data processed and transmitted through the software apps related to patients’ personal information, which was subsequently stored and monitored through the system. The use of mobile phones in this process raises practical ethical issues, such as concerns about the protection of information and privacy , and consent to the potential use of such information for research purposes. As Labrique et al. (2013) have observed, although mHealth apps ensure the availability of real-time data that brings with it new and beneficial strategies, the rapid adoption of these technologies raises ethical issues that need careful consideration. Accordingly, existing standards and practices have to be supplemented with new guidelines to ensure that patients and vulnerable populations are adequately protected. The gap between technological innovation and the development of ethical standards and guidance needs to be reduced, so that researchers and other stakeholders have a reference framework for assessing and mitigating the risks of mHealth research and data collection.


The following measures could help avert the possibility of exploitation in the context of mHealth:

  • Developers should determine when, where and how sensitive data are uploaded and stored, to minimize the risk of privacy violations. In addition, they should take steps, by using encryption and anonymization (Carter et al. 2015; He et al. 2014), to ensure that data collected by an mHealth app are not available to other apps or programs installed on the phone or in third-party storage without security and privacy guarantees (He et al. 2014).

  • Participants should be able to control what they consent to and how their data may be used and stored. The data should be deleted as soon as no longer needed (Albrecht and Fangerau 2015).

  • Appropriate regulation of mHealth devices and apps should be developed to ensure their safety and effectiveness, including minimal privacy violations and guarantees that they provide clinically accurate information. Albrecht and Fangerau (2015), for instance, have recommended the transformation of the fundamental principles of medical ethics in order to make them applicable to mHealth.

  • Proven innovations for the improvement of data protection and privacy should be implemented by researchers as soon as possible after they become available.