Explanation before Adoption: Supporting Informed Consent for Complex Machine Learning and IoT Health Platforms
Rachel Eardley, Emma L. Tonkin, Ewan Soubutts, Amid Ayobi, Gregory J. L. Tourte, Rachael Gooberman-Hill, Ian Craddock, Aisling Ann O’Kane
Association for Computing Machinery: Human-Computer Interaction, 16 April 2023
Explaining health technology platforms to non-technical members of the public is an important part of the process of informed consent. Complex technology platforms that deal with safety-critical areas are particularly challenging, often operating within private domains (e.g. health services within the home) and used by individuals with various understandings of hardware, software, and algorithmic design. Through two studies, the first an interview and the second an observational study, we questioned how experts (e.g. those who designed, built, and installed a technology platform) supported provision of informed consent by participants. We identify a wide range of tools, techniques, and adaptations used by experts to explain the complex SPHERE sensor-based home health platform, provide implications for the design of tools to aid explanations, suggest opportunities for interactive explanations, present the range of information needed, and indicate future research possibilities in communicating technology platforms.
Privacy for IoT: Informed consent management in Smart Buildings
Chehara Pathmabandu, John Grundy, Mohan Baruwal Chhetri, Zubair Baig
Future Generation Computer Systems, August 2023; 145 pp 367-383
Smart Buildings (SBs) employ the latest IoT technologies to automate building operations and services with the objective of increasing operational efficiency, maximising occupant comfort, and minimising environmental impact. However, these smart devices – mostly cloud-based – can capture and share a variety of sensitive and private data about the occupants, exposing them to various privacy threats. Given the non-intrusive nature of these devices, individuals typically have little or no awareness of the data being collected about them. Even if they do and claim to care about their privacy, they fail to take the necessary steps to safeguard it due to the convenience offered by the IoT devices. This discrepancy between user attitude and actual behaviour is known as the ‘privacy paradox’. To address this tension between data privacy, consent and convenience, this paper proposes a novel solution for informed consent management in shared smart spaces. Our proposed Informed Consent Management Engine (ICME) (a) increases user awareness about the data being collected by the IoT devices in the SB environment, (b) provides fine-grained visibility into privacy conformance and compliance by these devices, and (c) enables informed and confident privacy decision-making, through digital nudging. This study provides a reference architecture for ICME that can be used to implement diverse end-user consent management solutions for smart buildings. A proof-of-concept prototype is also implemented to demonstrate how ICME works in a shared smart workplace. Our proposed solution is validated by conducting expert interviews with 15 highly experienced industry professionals and academic researchers to understand the strengths, limitations, and potential improvements of the proposed system.
REPRESENT: REPresentativeness of RESearch data obtained through the ‘General Informed ConsENT’
Cristina Bosmani, Sonia Carboni, Caroline Samer, Christian Lovis, Thomas Perneger, Angela Huttner, Bernard Hirschel
BMC Medical Ethics, 13 February 2023; 24(10)
We assessed potential consent bias in a cohort of > 40,000 adult patients asked by mail after hospitalization to consent to the use of past, present and future clinical and biological data in an ongoing ‘general consent’ program at a large tertiary hospital in Switzerland.
In this retrospective cohort study, all adult patients hospitalized between April 2019 and March 2020 were invited to participate to the general consent program. Demographic and clinical characteristics were extracted from patients’ electronic health records (EHR). Data of those who provided written consent (signatories) and non-responders were compared and analyzed with R studio.
Of 44,819 patients approached, 10,299 (23%) signed the form. Signatories were older (median age 54 [IQR 38–72] vs. 44 years [IQR 32–60], p < .0001), more comorbid (2614/10,299 [25.4%] vs. 4912/28,676 [17.1%] with Charlson comorbidity index ≤ 4, p < .0001), and more often of Swiss nationality (6592/10,299 [64%] vs. 13,813/28,676 [48.2%], p < .0001).
Our results suggest that actively seeking consent creates a bias and compromises the external validity of data obtained via ‘general consent’ programs. Other options, such as opt-out consent procedures, should be further assessed.
A GDPR-Compliant Dynamic Consent Mobile Application for the Australasian Type-1 Diabetes Data Network
Zhe Wang, Anthony Stell, Richard O. Sinnott
Healthcare, 8 February 2023; 11(4)
Australia has a high prevalence of diabetes, with approximately 1.2 million Australians diagnosed with the disease. In 2012, the Australasian Diabetes Data Network (ADDN) was established with funding from the Juvenile Diabetes Research Foundation (JDRF). ADDN is a national diabetes registry which captures longitudinal information about patients with type-1 diabetes (T1D). Currently, the ADDN data are directly contributed from 42 paediatric and 17 adult diabetes centres across Australia and New Zealand, i.e., where the data are pre-existing in hospital systems and not manually entered into ADDN. The historical data in ADDN have been de-identified, and patients are initially afforded the opportunity to opt-out of being involved in the registry; however, moving forward, there is an increased demand from the clinical research community to utilise fully identifying data. This raises additional demands on the registry in terms of security, privacy, and the nature of patient consent. General Data Protection Regulation (GDPR) is an increasingly important mechanism allowing individuals to have the right to know about their health data and what those data are being used for. This paper presents a mobile application being designed to support the ADDN data collection and usage processes and aligning them with GDPR. The app utilises Dynamic Consent—an informed specific consent model, which allows participants to view and modify their research-driven consent decisions through an interactive interface. It focuses specifically on supporting dynamic opt-in consent to both the registry and to associated sub-projects requesting access to and use of the patient data for research purposes.
A Comparative Data Protection Analysis of Healthcare Robots: On Informed Consent in Human-Robot Interaction
Frontiers in Artificial Intelligence and Applications, 1 January 2023
As societies across the developed world are dealing with problems associated with aging populations, a promising solution in the form robotics technologies that support elderly people in their daily healthcare has emerged. However, emerging technology are like a double-edge sword. Although healthcare robots can be used for elderly and disabled people with different levels of assistive supports, ie by monitoring their real time health for prompt interaction or by communicating with people to reduce their anxiety, they also bring with them many concerns from an ethical, legal and societal perspective. Among them, one serious issue is privacy and data protection. When healthcare robots are powered by machine learning and distributed databases, “data-driven” networked healthcare robots will be able to gather a huge amount of personal data in physical environments through their interactions with humans. There are several alternative approaches of data protection for “data-driven” networked healthcare robots, including privacy by design, de-identification of data and informed consent. In this article our focus is on the issue of informed consent in human-robot interaction. My argument is that specific conditions of intelligent robots (i.e., embodiment) will mean that the principle of informed consent cannot just be copied and applied to “data-driven” networked healthcare robots. I will make the comparison of the two types of informed consent to clarify our targeted “informed consent in human-robot interaction”. Furthermore, there is a need to discuss potential legal conflicts of this new type of informed consent when it is applied to different countries and their respective legal regimes. Hence, in this article I will conduct a comparative legal analysis of European, American and Japanese data protection law to investigate how such differences might influence the implementation of informed consent to data-driven healthcare robots.
Exploring the challenges of and solutions to sharing personal genomic data for use in healthcare
Lasse Parvinen, Ari Alamäki, Heli Hallikainen, Marko Mäki
Health Informatics Journal, January-March 2023; 29(1)
Boosted by the COVID-19 pandemic, as well as the tightened General Data Protection Regulation (GDPR) legislation within the European Union (EU), individuals have become increasingly concerned about privacy. This is also reflected in how willing individuals are to consent to sharing personal data, including their health data. To understand this behaviour better, this study focuses on willingness to consent in relation to genomic data. The study explores how the provision of educational information relates to willingness to consent, as well as differences in privacy concerns, information sensitivity and the perceived trade-off value between individuals willing versus unwilling to consent to sharing their genomic data. Of the respondents, 65% were initially willing to consent, but after educational information 89% were willing to consent and only 11% remained unwilling to consent. Educating individuals about potential health benefits can thus help to correct the beliefs that originally led to the unwillingness to share genomic data.
Evaluation of consent to link Twitter data to survey data
Journal of the Royal Statistical Society, December 2022; 185(S2) pp 364-386
This study presents an initial framework describing factors that could affect respondents’ decisions to link their survey data with their public Twitter data. It also investigates two types of factors, those related to the individual and to the design of the consent request. Individual‐level factors include respondents’ attitudes towards helpful behaviours, privacy concerns and social media engagement patterns. The design factor focuses on the position of the consent request within the interview. These investigations were conducted using data that was collected from a web survey on a sample of Twitter users selected from an adult online probability panel in the United States. The sample was randomly divided into two groups, those who received the consent to link request at the beginning of the survey, and others who received the request towards the end of the survey. Privacy concerns, measures of social media engagement and consent request placement were all found to be related to consent to link. The findings have important implications for designing future studies that aim at linking social media data with survey data.
Consent Codes: Maintaining Consent in an Ever-expanding Open Science Ecosystem
Stephanie O. M. Dyke, Kathleen Connor, Victoria Nembaware, Nchangwi S. Munung, Kathy Reinold, Giselle Kerry, Mamana Mbiyavanga, Lyndon Zass, Mauricio Moldes, Samir Das, John M. Davis, Jordi Rambla De Argila, J. Dylan Spalding, Alan C. Evans, Nicola Mulder, Jason Karamchandani
Neuroinformatics, 15 December 2022
We previously proposed a structure for recording consent-based data use ‘categories’ and ‘requirements’ – Consent Codes – with a view to supporting maximum use and integration of genomic research datasets, and reducing uncertainty about permissible re-use of shared data. Here we discuss clarifications and subsequent updates to the Consent Codes (v4) based on new areas of application (e.g., the neurosciences, biobanking, H3Africa), policy developments (e.g., return of research results), and further practical considerations, including developments in automated approaches to consent management.
An e-consent framework for tiered informed consent for human genomic research in the global south, implemented as a REDCap template
Tsaone Tamuhla, Nicki Tiffin, Taryn Allie
BMC Medical Ethics, 24 November 2022; 23(119)
Research involving human participants requires their consent, and it is common practice to capture consent information on paper and store those hard copies, presenting issues such as long-term storage requirements, inefficient retrieval of consent forms for reference or future use, and the potential for transcription errors when transcribing captured informed consent. There have been calls to move to electronic capture of the consent provided by research participants (e-consent) as a way of addressing these issues. A tiered framework for e-consent was designed using the freely available features in the inbuilt REDCap e-consent module. We implemented ‘branching logic’, ‘wet signature’ and ‘auto-archiver’ features to the main informed consent and withdrawal of consent documents. The branching logic feature streamlines the consent process by making follow-up information available depending on participant response, the ‘wet signature’ feature enables a timestamped electronic signature to be appended to the e-consent documents and the ‘auto-archiver’ allows for PDF copies of the e-consent documents to be stored in the database. When designing the content layout, we provided example participant information text which can be modified as required. Emphasis was placed on the flow of information to optimise participant understanding and this was achieved by merging the consent and participant information into one document where the consent questions were asked immediately after the corresponding participant information. In addition, we have provided example text for a generic human genomic research study, which can be easily edited and modified according to specific requirements. Building informed consent protocols and forms without prior experience can be daunting, so we have provided researchers with a REDCap template that can be directly incorporated into REDCap databases. It prompts researchers about the types of consent they can request for genomics studies and assists them with suggestions for the language they might use for participant information and consent questions. The use of this tiered e-consent module can ensure the accurate and efficient electronic capture and storage of the consents given by participants in a format that can be easily queried and can thus facilitate ethical and effective onward sharing of data and samples whilst upholding individual participant preferences.
Toward Dynamic Consent for Privacy-Aware Pervasive Health and Well-being: A Scoping Review and Research Directions
Hyunsoo Lee, Uichin Lee
IEEE Pervasive Computing, 2022; pp 1-8
Recent advances in sensor-enabled services have facilitated the use of mobile, wearable, and IoT devices; for example, an extensive range of sensor data are used to automatically track symptoms and diagnose health and well-being status of an individual (e.g., depression). As personal data are being continuously and unobtrusively sensed and collected at large scale, this raises privacy concerns in certain contexts (e.g., GPS data collection at privacy-sensitive places). Current one-off informed consent in such pervasive sensing scenarios does not offer context-awareness support that enables selective data disclosure based on a user’s needs or preferences (e.g., disabling GPS data collection when visiting hospitals). A lack of context-awareness support in informed consent would be a critical barrier to user acceptance of data-intensive pervasive computing for health and well-being. As an alternative method, we introduce the concept of “dynamic consent,” a type of informed consent that enables granular data consent and management, initially introduced in biomedical research for patient data management. We explore how this consent practice within biomedical research might inform usable privacy designs in pervasive computing by conducting a scoping review of dynamic consent literature and discussing future research directions.