Most media coverage of Apple in April has been focused on the launch of Apple Watch. In addition to Apple Watch, however, Apple also launched ResearchKit, the company’s health research platform that promises to significantly expand the reach of many medical studies. During its last earnings call, Apple announced that over a thousand apps utilizing the platform for clinical studies are in development.
Both events build further Apple’s focus on health and medicine, which debuted in the form of the iPhone’s Health app that can aggregate data from a range of apps and connected devices, including Apple Watch, and can parcel that data out to other apps and connected services, including electronic medical records platforms used by doctors and hospitals.
Apple is by no means alone in building a mobile health platform nor is it the only company creating a rich ecosystem of health apps, devices, and services. Google, Microsoft, Samsung, and Fitbit are all following similar models, though Apple’s is probably the most expansive and medically oriented at this point.
Even outside of these coordinated ecosystems, there are thousands of apps and hundreds of devices on the market that allow users to manage general health, fitness, chronic conditions, stress, and even mental illness.
As mobile devices become not only more personal, but also the center of a person’s healthcare, enterprises need to consider the potential implications. This is particularly true in light of the serious conditions than can now be tracked and managed by smartphones.
ResearchKit, although designed primarily for medical studies, also allows participants to monitor progress of serious diseases like Parkinson’s in a way never before possible. There are several promising efforts around the use of mobile apps for some significant mental health issues. Serious chronic disorders like type 1 diabetes are seeing unique advancesthat would be impossible without smartphones.
- Privacy – Privacy is a major concern for most mobile workers, but it becomes even more paramount when devices include a raft of sensitive medical data. This is particularly important for workers with serious illnesses or with conditions that may have some associated stigma like mental health issues, substance abuse, or HIV, though even users tracking their weight and calorie intake are likely to feel uncomfortable with the idea that an employer might see that information.
- App inventory data – Privacy of actual health data is important, but another concern is the privacy of what apps are installed on a device. It’s easy to look at the name of many health and fitness apps and make an accurate assumption about the conditions or health goals of an individual. Even where it isn’t obvious, it’s easy to look up the app in the App Store or Google Play. Although app inventory can play a role in assessing device security or compliance, there should be some policy to ensure the overall privacy of personal app inventories on managed devices.
- Transparency – Privacy initiatives and policies are critical, but if employees aren’t aware of them or don’t understand them, their value is severely diminished. Simply having a policy doesn’t engender trust in and of itself. Workers need to trust IT with managing their devices and unless they understand what IT can or cannot see/do and why IT needs to see/do those things, there will be a sense of confusion and distrust. For some, that distrust might lead them to avoid allowing IT to manage or secure their devices at all.
- Device wipe – As devices become life-critical and contain crucial information about serious and/or chronic health conditions, users must be confident that they can trust that their data will be stored reliably as well as securely. Someone tracking blood sugar, blood pressure, or depression symptoms on a mobile device needs that data to manage the condition as well as to share with his or her doctor. A policy of wiping all data from a device, which is no longer needed in an era where business data can be selectively wiped, calls into question that reliability and could have serious negative consequences for an employee’s health.
- Bluetooth – Bluetooth is the glue that holds many mobile ecosystems together. In the realm of health, it can connect smartphones to fitness trackers, scales, blood pressure cuffs, glucose monitors and pumps, asthma inhalers, and even some smart pillboxes that ensure medication adherence. Although there may be some security concerns around various Bluetooth-connected accessories, disabling Bluetooth, particular without warning, can have significant implications for the health and safety of many workers.
- Wearable interaction – Many wearables serve double duty as fitness trackers and computing devices. Apple Watch, Android Wear, Microsoft Bend, Pebble, and even the Fitbit Surge are all examples. Some devices may simply have the ability to see notifications or answer a phone call, while others can contain fledged enterprise apps intended for business. Regardless of the level of sophistication, there will be a blending of work and very personal use that needs to be adequately balanced in acceptable use and mobility policies.
- Support and troubleshooting – There are any number of reasons that an employee may need support or education about using his or her devices for work. The challenge is that support staff may be put in a position where they see personal health data. That may simply be the names of medical or health apps. Support policies and procedures need to acknowledge this reality and ensure employee privacy during support events.
- Corporate wellness programs – Corporate wellness programs offer advantages to employers and employees alike and many programs now incorporate the use of fitness tracking wearables and apps. As these programs are being developed and implemented, it’s important to ensure any collected data is effectively anonymized and participants understand this. This is particularly important when data is shared with outside entities like health insurers.
- Upcoming medical appointments and contacts – With devices that do double duty for personal and business tasks, it’s very likely that workers will include medical appointments in the calendars on their devices and provider details in their contacts. Some users will place these events and contacts on separate personal calendars or contact groups, but many will also prefer the ease of entering this information once, particularly for appointments where they need to share free/busy information on a work calendar and don’t want to enter it multiple times. Much like with medical apps, it can often be easy to infer information about an individual’s health and devise policies to protect the privacy of this data is important.
As mobile becomes a core health engagement vehicle for individuals, doctors, and other providers, it stands to revolutionize both healthcare and medical research in groundbreaking and life-changing ways. It is important that IT ensure it doesn’t discourage users from making use of the health-related potential of these devices, either explicitly or by simple lack of communication. The better approach for security, management, and employee wellness is to be proactive in approaching these concerns, developing policies and processes around them, and clearly articulating them to workers.