mHealth Research Group, Northeastern University
  • About Us
    • Overview
    • Lab Facilities
    • Northeastern
    • Boston
    • News
  • Research
    • Projects
    • Publications
    • Hand Hygiene Study
    • Datasets
    • Software
    • Study Privacy Policies >
      • Privacy Policies
      • Privacy Policy-SCI
  • People
  • Get Involved
    • Who Should Join?
    • Potential PhD Students
    • Open Positions
  • Contact Us

Privacy Policy


mHealth Research Group Privacy Policy

Last modified: September 4th, 2022

The mHealth Research Group and its collaborators understand the importance of protecting the privacy of personal information. Our research team conducts scientific research projects related to personal health informatics using mobile technologies such as mobile phones and smartwatches. The scientific research projects require recruiting human subject volunteers and collecting and analyzing data collected while those individuals use the mobile devices and our custom software. All projects are approved by an institutional review board (IRB) at Northeastern and/or our collaborating institutions, and participants in the experiments must provide informed consent. The IRB is responsible for the protection of the rights and privacy of human subjects who participate in experiments. 

Our Privacy Policy explains:
  • What personal data we collect and why we collect it.
  • How we use personal data collected.
  • How we secure data.

Information we collect

We collect information required to achieve our research goals. The details of exactly what data are collected are described in the informed consent document that study participants must read and acknowledge before using our software. 

The specific information collected by our application is described on a per-project basis, but all our research projects using this application could collect the following information.
  1. Device usage information, such as when a user interacts with a device, what apps are installed and uninstalled, when calls and messages are made/received, when WiFi is switched on and off, and when the mobile device is charged or discharged.
  2. Device-specific information (such as the phone’s hardware model, operating system version, unique device identifiers, WiFi status, Bluetooth status, data network usage and carrier, remaining battery and mobile network information).
  3. App log information. The deployed devices will automatically collect and store study-specific information from the installed research application or the operating system in log files. This includes:
    1. Details of how the application was used, such as when the app was running and not running, and when user data was uploaded to our research server by the app.
    2. Device event information such as app crashes and system activity.
  4. Sensor information. Depending on the specific study, internal sensor readings from the smartphone and/or smartwatch may be collected and uploaded. These data may include,
    1. Location. The application will request location information from Android, which may provide the app with information about current and past longitude and latitude, nearby devices, Wi-Fi access points and cell towers.
    2. Inertial sensors, such as accelerometer and gyroscope. 
    3. Environmental sensors, such as light, sound (audio amplitude) and proximity sensors.
  5. Survey information. For some projects, the app will prompt the user to fill out surveys on the mobile device that relate to the goals of the study.
  6. Location data. Some apps collect location data in the background to enable delivery of timely notifications and health interventions. This consists of latitude and longitude, and is encrypted and stored on our servers.
  7. Contacts saved on your phone. For our messaging applications AIM and SJITAI messaging, we use your contact list to find friends and family members you can message using these applications. Your contact list is uploaded to our server to check if you can message any of your contacts on the application, but this data is not stored on our server and is deleted immediately after the look up is completed.
  8. Audio recordings. For our Aphasia study, we use the microphone on the smartwatch to collect voice recordings during image naming sessions. Audio is only recorded when participants in the study are explicitly asked to name an image or set of images and agree to do so when prompted. The recording period automatically ends after each image naming session. Audio recording files are stored for the duration of the study, and they are only shared with our partners at the The Aphasia Network (TAN) Lab at Northeastern University, who are collaborating with us on this study.

How we use information we collect

We will use the collected information for scientific research purposes only, which are described in the informed consent document that all people using the software must agree to. 

This app was created by non-profit institutions for non-profit research purposes. 

The data collected are strictly controlled and limited to trained personnel on the research teams, all of whom have undergone special research training in the protection of human subjects and their data.   

Actual latitude and longitude associated with location data is never accessible to anyone outside of the research team.

Contact information accessed by messaging applications is not stored and is only used to find and connect with other individuals on the app.

The data collected are analyzed using various research methodologies, and the results of our work will eventually be published in scientific presentations and papers.

Data are always deidentified before presentation. 

Transparency and choice

All users of this application must consent to the use of the application. Those consent forms are study-specific and overseen by our institutional review board (IRB). The consent forms provide additional detail about the nature of data collected and how it is used. 

Although typically a protocol does not change during a study, if the protocol does change, it is only with additional approval from the IRB and re-consenting of the users of the application. At that time, they can choose whether to continue participating in the study or not. 

All collected user data are stored as encrypted files on the phone. Consent forms specify the rights of subjects with regard to data access. Participants always have the right to have their data deleted, should they change their mind about participation in a study. 

Information we share

Data are not shared with anyone outside of the trained research team, unless those data are completely deidentified, in compliance with procedures mandated by our IRB.  

Aggregated, de-identified data will be presented in research publications in scientific journals and conferences.  

Information security

We work hard to protect the users of this app from unauthorized access to or use of the data collected. In particular:
  • We store all collected data in encrypted files using AES 256 algorithm.
  • We use https for data uploading.
  • We use firebase (operated by Google) and our own secure server (operated by Northeastern university) to store uploaded files; identifiable information is always stored in an encrypted format.  
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to our systems and the data stored on them. 
  • We restrict access to personal information to the core research team, all of whom are trained in the protection of human subjects in experiments. These individuals are trained and certified to be able to understand the sensitivity of personal information.

When this Privacy Policy applies

Our Privacy Policy applies to all of the apps offered by the mhealth research group used in their scientific experiments. The policy applies to the following applications developed by the mHealth research group: 
  • ActiLabels
  • AIM: Activity-Initiated Messaging
  • Hand Hygiene Data 
  • Log My Life
  • SJITAI Messaging
  • TIMEStudy
  • SleepStudy
  • Aphasia Study

Changes

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without a user’s explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.

If you have questions or concerns about this Privacy Policy, please contact us. 
Picture
Copyright © 2022 mHealth Research Group