The HealthyPregnancy app logs data from a variety of sources (see below) on a smart-phone. This data can be used to study a person’s physical movements, daily activities, and social interactions. Our goal, here, is to gather these data over the duration of pregnancy and shortly thereafter and investigate how they can provide a holistic picture of healthy and unhealthy pregnancies. We will use the results of the study to develop the next generation of tools for prenatal care.
Privacy and protection of participants’ data are critical to the success of this study. The HealthyPregnancy app is built upon an open source research platform, Beiwe , which was developed to comply with HIPAA standards. Efforts to safeguard and limit the exposure of personally identifiable data are discussed below.
Data Privacy & Security
Participants are provided a randomly generated ID and password in the form of a QR code. After installing the HealthyPregnancy app, available for Android and Apple devices, the QR code is scanned to register a participant’s smartphone in the study. The ID and password are unique to a participant and can only be used once to register a smartphone. All collected data is associated with this ID, rather than a participant’s name, number, email, etc. Participants may leave the study at any time. Clicking the “Leave Study” button on the main screen of the app will stop data collection and delete most files created to store data. Be sure to uninstall the app and contact the Research Coordinator to be formally removed from the study.
At the end of the one year enrollment period, participants will be asked to authorize the release of medical records pertaining to the their pregnancy. The storage and use of this data for research purposes will follow HIPAA compliance standards.
Collected data is temporarily stored on the smartphone and periodically uploaded over wifi (only when available). All data is encrypted on the smartphone and in transit. A two part key is used to encrypt the data. One part of the key is stored on the phone (i.e. public key) and used to encrypt data as it is being collected. The other part of the key is securely stored on the server (i.e. private key). Both parts of the key are needed to decrypt data and because they are kept separate, data on the smartphone remains secure and private as it can never be decrypted on the phone itself. Once data is uploaded to the server, the public and private keys are combined to decrypt the data. Data will be stored long-term on a HIPAA compliant server at the Texas Advanced Computing Center (University of Texas at Austin) behind a firewall and two-factor authentication. Only authorized study staff will have access to the data.
Potentially Identifiable Information
GPS. The HealthyPregnancy app collects GPS data from the smartphone throughout the day. This data can be used to accurately identify locations, however it would be non-trivial, but not impossible, to identify the person from this data. Security measures (e.g. encryption, limited data access) are in place to mitigate the exposure of potentially identifiable information. Additionally, in most circumstances raw GPS data will be processed to assess a persons mobility (e.g. daily distanced traveled).
Phone numbers, WiFi Routers, and Bluetooth. To study a person’s social behaviors, the HealthyPregnancy app collects certain data regarding incoming/outgoing phone calls and text messages and WiFi and Bluetooth IDs of nearby routers and devices, respectively. At no point will the content of calls or text messages be monitored or assessed. For the Android version, phone numbers of incoming/outgoing calls and texts are “hashed.” Hashing converts a phone number to a string of 32 letters and numbers (hashed phone number) and the same phone number is transformed to the same hashed version. In other words, if the same person called you three times one day from the same phone number, the app would log three phone calls from the same hashed phone number. There is no legitimate purpose for the research team to know the phone numbers of any of your contacts. In fact, it is essentially impossible to transform a hashed phone number back to the original phone number. This same process of hashing is performed for the IDs of WiFi routers and Bluetooth devices in the vicinity of the smartphone when a scan is performed. For the Apple version of the app, no information regarding incoming/outgoing texts, and IDs for nearby WiFi routers and Bluetooth devices are collected. The app will log if a call is incoming, outgoing, and its duration but there will be no hashed phone number or unique ID associated with it.
Certificate of Confidentiality
To help us protect your privacy we have received a Certificate of Confidentiality from the National Institutes of Health. With this Certificate, the researchers cannot be forced to disclose information that may identify you, even by a court subpoena, in any federal, state, or local civil, criminal, administrative, legislative, or other proceedings. The researchers will use the Certificate to resist any demands for information that would identify you, except as explained below. The Certificate cannot be used to resist a demand for information from personnel of the United States government that is used for auditing or evaluation of federally funded research projects or for information that must be disclosed in order to meet the requirements of of the federal Food and Drug Administration. A Certificate of Confidentiality does not prevent you or a member of your family from voluntarily releasing information about yourself or your involvement in this research study. If an insurer, employer, or other person obtains your written consent to receive research information, then the researchers may not use the Certificate to withhold that information. For more information please visit: https://grants.nih.gov/policy/humansubjects/coc/what-is.htm
Raw data from embedded sensor captures motion
Latitude and longitude sampled at fixed intervals
State of the phone: (un)locked, plugged in, charging
Timestamp, incoming or outgoing, length of call, encrypted phone number of contact (Android only)
(content never viewed)
Timestamp, incoming or outgoing, length of message, hashed phone number of contact
(content never viewed)
wifi address (encrypted), frequency and strength
Bluetooth address (encrypted), frequency and strength
Phone near user or not near user, timestamp
Raw data from embedded sensor captures rotation of phone
Timestamp, whether and how phone is connected to the internet
Data logged into Apple's Health App from wearables or the phone itself will be periodically retrieved. If available, only step count, heart rate, and distance travelled will be gathered.
Heart rate, step count, distanced travelled, if available
*IMPORTANT: At no point is the content of text messages or phone calls stored, recorded, or All data is stored and transferred in an encrypted state (i.e. someone cannot open and view the file unless they have the secret key). Only authorized researchers will decrypt the data, which will be necessary for analysis purposes. Maintaining your privacy and protecting your data is our top priority and it will only be used for research purposes.
Data collected from smartphones and any analyses of this data will be for research purposes only. This data will be combined and analyzed in conjunction with information from a participant’s medical records (e.g. pregnancy-related complications) in order to identify any patterns of social, and physical/mobility behaviors correlated with healthy and unhealthy pregnancies. Results of the study will be published in scientific journals, presented at conferences, and used to support further grant applications.