Mobile Data for Health Research

Mobile cellular subscriptions had reached 87% of the world ’ s population by 2011 (ITU 2011). Notably, Africa has “ the fastest mobile phone growth rate in the world and … a proliferation of social media users ” (Mutula in Information ethics in Africa: cross-cutting themes. African Centre of Excellence for Information Ethics, Pretoria, pp 29 – 42, 2013:31). Mobile phones that can run software applications (apps) are increasingly used in health settings, for example, to improve diagnosis and personalize health care (Mosa et al. in BMC Medical Informatics and Decision Making 12(1):67, 2012). This fast-paced development saw the number of “ mHealth ” apps reach 97,000 as of March 2013 (He et al. in AMIA Annual Symposium Proceedings, pp 645 – 654, 2014).

With the pervasive growth in technology infrastructure, mHealth can reach communities in ways that conventional health services and other communication tools cannot. Mobile phones are described as potentially the most widespread embedded surveillance tools, especially due to the use of location sensors and the consequent possibility of documenting and quantifying habits, routines, and personal associations (Shilton 2009). This case study focuses on the potential ethical issues associated with the use of mHealth apps in medical research and health care. mHealth offers "attractive low-cost, real-time ways to assess disease, movement, images, behaviour, social interactions, environmental toxins, metabolites" (Collins 2012:1). It has the power to bring the research lab to the patient and obtain real-time, continuous biological, behavioural and environmental data (Collins 2012).
Mobile phones collect a wide range of personal information from their users, with or without their knowledge, which raises novel and complex ethical and practical challenges. Research teams (and clinicians) need to understand these challenges so that, without rejecting mHealth and related mobile technological advancements, they minimize any unintended harms (Carter et al. 2015). Wicklund (2015) observes that clinical studies that utilize mHealth devices and platforms are venturing into uncharted ethical territory.

Area of Risk of Exploitation
Software apps in the mHealth category can be used for collecting health-related data on a large scale for biomedical research; the so-called "big data" (Park and Jayaraman 2014;Hsieh et al. 2013). In general, however, mHealth raises concerns regarding data security issuesfrom transmission of data to its local storage, and "ownership" of what is otherwise considered confidential patient data. This data is easy to obtain, but difficult or impossible to retract once shared. In addition to safety and security risks, mobile sensing also disrupts social boundaries and challenges distinctions between public and private (Shilton 2009). One of the key challenges of using mHealth in low-and middle-income countries (LMICs) is how to ensure workable approaches to privacy and security (Leon and Schneider 2012:19). Carter et al. (2015) have identified a range of ethical issues raised by the use of mobile phones for research and clinical purposes. These are: • the protection of privacy • minimizing third-party uses of data • informing patients of complex risks when obtaining consent • maximizing benefits while minimizing the potential for disclosure to third parties • care in the communication of clinically relevant information • the rigorous evaluation and regulation of mHealth products before widespread use In practical terms, the issues discussed below need to be considered carefully.

Context-Based and Fully Informed Consent Should Be Obtained
Researchers should seek and obtain informed consent before using mHealth technologies in research. Accordingly, participants must be informed about, and understand the risks and benefits of, mHealth technologies, and then make a free and voluntary decision to participate or not. The risks associated with mHealth are complex, and these need to be communicated and negotiated. If the study involves the collection of data from interaction with identifiable third parties, it may be necessary to obtain their informed consent as well. This in turn means that mHealth participants will have to disclose their condition and/or mHealth participation (Carter et al. 2015).

Only Necessary Data Should Be Collected
Compared with other health information systems, mHealth collects a much larger amount and broader range of data about patient lifestyles and activities, over an extended period (He et al. 2014). A potential danger to bear in mind in this regard is that of collecting excessive amounts of raw data to maximize the information extracted by the research team (Carter et al. 2015).

Any Tracking Should Be Proportionate and the Correct Person Should Be Tracked
Continuous or intermittent recording and transmission of detailed information about where a person is, and to some extent what they are doing, may breach privacy and confidentiality. There are risks of inadvertent insight into a participant's behaviour revealing information beyond the profiles that are scientifically justified and for which data collection was employed. This also poses problems of informed consent, as privacy may be violated in ways unforeseen by either investigators or participants. Text messages (SMS) can be read by persons other than the intended recipient; messages can be forwarded and can remain on unsecured devices indefinitely. One result could be the unintended disclosure of a medical condition (Labrique et al. 2013).

Research Participants Should Know Exactly Which Data Is Collected and Who Will or Could Have Access to It
This is a great challenge, especially in a global research environment that increasingly requires the sharing of data in publicly available repositories. The case of an alleged breach of smartphone users' privacy by manufacturers of popular smartphone apps for Apple and Android devices illustrates this risk. The manufacturers are alleged to have gathered information from personal address books on the phones of Kenyan users, stored it on their own computers, and transmitted it without the knowledge of its owners, all of which demonstrates how difficult it is to guarantee privacy when using smartphones (Mutula 2013;Wambugu 2012). The security of data collected via mobile phones cannot be guaranteed either, in part because no strict privacy regulations exist. 1 Many mHealth apps do not use encryption when transferring data, and even when they do, hackers and governments can still gain access. Potential violations of privacy include hacking of personal data with the known likelihood of identity theft and financial losses, computer malware and virus programs, and malevolent apps planted by developers who steal data for commercial or criminal purposes (He et al. 2014).

Incentives to Take Part in Research Should Be Proportionate and not Result in Exploitation
Research involving mHealth apps often requires the participant to have a smartphone. If researchers specifically target those who do not already own newer devices or other modes of mobile technology, the prospect of being given access to such technology may unduly influence them to take part (Labrique et al. 2013:3). Patients should not, however, be excluded from mHealth monitoring benefits if they cannot afford a device capable of supporting the app or connect with networks capable of transmitting potentially large volumes of data. This requirement therefore needs very careful judgement. 1 Companies like Apple and Google have to comply with the privacy regulations in each of the countries where they collect data. Where little or no privacy regulation exists, the companies have wide scope regarding what data they collect and how they use it. Interestingly, Apple announced that with their new iOS10 operating system they would be introducing "differential privacy", which they claimed would enable them to collect much more personal user data while preserving users' privacy. This concept involves introducing numerical "noise" into the data collected in order to de-identify it (see Brandom 2016). However, it is questionable whether data provided this way will be suitable for research purposes (see Friedman and Schuster 2010).

Specific Case and Analysis
The details of a case of HIV/AIDS tele-counselling in South Africa were obtained from an interview with Cell-Life's general manager, Peter Benjamin, conducted and published in 2011 by Boyle (2011). Additional information is available in a report that was prepared on the use of mobile technologies for the monitoring and evaluation of public sector community-based health services (Leon and Schneider 2012). 2 Cell-Life, a non-profit organization, entered into a contract with the South African national Department of Health (DOH) for a big project. "Cell-Life started in 2001 as a research collaboration between staff of the engineering faculty of the University of Cape Town (UCT) and the Cape Peninsula University of Technology (CPUT)" (Loudon and Rivett 2013). It became a not-for-profit organization in 2006 (Loudon and Rivett 2013). In terms of the contract, the DOH set up a national mHealth system that used cellphones for monitoring an HIV counselling and testing (HCT) campaign.
Cell-Life used chat software called Mxit, which enabled users to send instant messages over a cellphone system. To do this, users had to download a small app that connected them to the Mxit server, enabling immediate communication with anyone else on Mxit. The app sent SMS-type messages through GPRS, 3 via which messaging was effectively free.
Cell-Life created a website within Mxit where it provided all the usual HIV content, information and interactive quizzes. An interesting feature that Cell-Life included was linking Mxit to South Africa's National AIDS Helpline, so that users could text on Mxit and the message would go through to the computer screen of a professional HIV counsellor at the National AIDS Helpline. The counsellor would type a reply which would appear on the user's cellphone screen.
Cell-Life was awarded additional contracts by the DOH for the design and implementation of a mobile monitoring and reporting system for the national HIV counselling and testing (HCT) campaign, and the national antiretroviral treatment expansion programme (Cell-Life nd). These systems have been the subject of research into how software applications for the monitoring and evaluation of community-based care are used in a research and service delivery context (Leon and Schneider 2012).
The data processed and transmitted through the software apps related to patients' personal information, which was subsequently stored and monitored through the system. The use of mobile phones in this process raises practical ethical issues, such as concerns about the protection of information and privacy, and consent to the potential use of such information for research purposes. As Labrique et al. (2013) 2 See also Cell-Life (nd).
3 "General Packet Radio Service (GPRS) is a packet oriented mobile data service on the 2G and 3G cellular communication system's global system for mobile communications (GSM)" (General Packet Radio Service 2017). have observed, although mHealth apps ensure the availability of real-time data that brings with it new and beneficial strategies, the rapid adoption of these technologies raises ethical issues that need careful consideration. Accordingly, existing standards and practices have to be supplemented with new guidelines to ensure that patients and vulnerable populations are adequately protected. The gap between technological innovation and the development of ethical standards and guidance needs to be reduced, so that researchers and other stakeholders have a reference framework for assessing and mitigating the risks of mHealth research and data collection.

Recommendations
The following measures could help avert the possibility of exploitation in the context of mHealth: • Developers should determine when, where and how sensitive data are uploaded and stored, to minimize the risk of privacy violations. In addition, they should take steps, by using encryption and anonymization (Carter et al. 2015;He et al. 2014), to ensure that data collected by an mHealth app are not available to other apps or programs installed on the phone or in third-party storage without security and privacy guarantees (He et al. 2014). • Participants should be able to control what they consent to and how their data may be used and stored. The data should be deleted as soon as no longer needed (Albrecht and Fangerau 2015). • Appropriate regulation of mHealth devices and apps should be developed to ensure their safety and effectiveness, including minimal privacy violations and guarantees that they provide clinically accurate information. Albrecht and Fangerau (2015), for instance, have recommended the transformation of the fundamental principles of medical ethics in order to make them applicable to mHealth. • Proven innovations for the improvement of data protection and privacy should be implemented by researchers as soon as possible after they become available. Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.