Thursday, October 09, 2014

"Play by the Rules": Analysis of Ground Rules for 4HER Patient Connect App by Genentech

Genentech's 4HER iPhone App for women with HER2 breast cancer includes pages and pages and page of policies and terms and conditions that users are required to read (or at least agree to) before using the advanced features of the app. Yesterday, I reviewed the Privacy Policy (about 6 screens worth of text; see here). Today, I review the "Ground Rules" for the Patient Connect feature of the app.

Patient Connect allows users of the app to send email to other 4HER registered users located within a certain radius (e.g., 10 miles). You can select users you'd like to connect with based on a number of criteria that users enter when registering. Here's a view of those criteria:

As I mentioned yesterday, this app gives Genentech potential access to very, very sensitive personal health information coupled with location services, which raises a number of privacy and data security issues. I decided, therefore, not to reveal my dates of diagnoses nor my age group when I registered as "pharmagal." Unfortunately, Genentech doesn't know that I do not have HER2 breast cancer.

OK, so what are the "Ground Rules" for using the Patient Connect feature?

First, here are "key points to keep in mind:"

Ha! This advice is very appropriate, consider my participation: "Do not automatically assume everyone ... is a patient or is telling the truth."

Genentech makes some suggestions for protecting users' privacy:

Oh oh! Damn! I should have read this BEFORE registering! I did NOT create a new email account! I guess I'll have to go back and change my registration information after I figure out how to create another email account just for this app.

Good idea to to deactivate user profiles after three months of inactivity. But still, hackers may be able to hack Genentech's servers and access whatever data is still in them. But I suspect that most users of this app, like users of most other mHealth apps, will use the app once or twice and never again. Probably users will NOT use the Patient Connect feature but WILL read all the information provided by the app that they could have gotten from a health website without registering!

The Ground Rules next cover medical matters: e.g., consult with a medical professional. Genentech also recommends that users don't give medical advice to patients "with whom they connect in the app." Nice English grammar, but I'm thinking many cancer patients would like to share medical advice with one another. That, it seems, is the primary benefit of connecting with other patients.

Suppose I DO give medical advice to other users? If Genentech "does not have visibility into the interactions of those participating in Patient Connect," how do they know I violated the "Ground Rules?" I guess they rely on "snitches" - users who will notify Genentech if someone breaks the rules.  I'm not worried.

Meanwhile, Genentech can change the rules at any time and tells users to "Be open to changes," by which they mean you have accepted Genentech's rule changes when you continue to use the app after the rules have been changed. Not to worry. Genentech will provide "appropriate" notice by unspecified means.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...