RESUMO
BACKGROUND: As consent for data sharing evolves with the digital age, plain-text consent is not the only format in which information can be presented. However, designing a good consent form is highly challenging. The addition of graphics, video, and other mediums to use can vary widely in effectiveness; and improper use can be detrimental to users. OBJECTIVE: This study aims to explore the expectations and experiences of adults toward consent given in infographic, video, text, newsletter, and comic forms in a health data sharing scenario to better understand the appropriateness of different mediums and identify elements of each medium that most affect engagement with the content. METHODS: We designed mock consent forms in infographic, video, text, newsletter, and comic versions. Semistructured interviews were conducted with adults who were interviewed about their expectations for consent and were then shown each consent medium and asked about engaging elements across mediums, preferences for consent mediums, and the value of document quality criteria. We transcribed and qualitatively co-coded to identify themes and perform analyses. RESULTS: We interviewed 24 users and identified different thematic archetypes based on participant goals, such as the Trust Seeker, who considered their own understanding and trust in organizations when making decisions. The infographic was ranked first for enhancing understanding, prioritizing information, and maintaining the proper audience fit for serious consent in health data sharing scenarios. In addition, specific elements such as structure, step-by-step organization, and readability were preferred engaging elements. CONCLUSIONS: We identified archetypes to better understand user needs and elements that can be targeted to enhance user engagement with consent forms; this can help inform the design of more effective consent in the future. Overall, preferences for mediums are highly contextual, and more research should be done.
Assuntos
Pesquisa Qualitativa , Humanos , Adulto , Feminino , Masculino , Pessoa de Meia-Idade , Consentimento Livre e Esclarecido , Disseminação de Informação , Termos de Consentimento , AtitudeRESUMO
Digital public health applications are becoming increasingly popular; for example, about 45% of smartphone users have health or fitness apps on their devices. Most of these applications transfer the user's personal data to the provider of the health app. Application providers must comply with the relevant data protection statutes.In this article we provide a survey of important data protection requirements and the necessary technical measures for data security that the provider of a health app must observe. This includes - amongst other things - mechanisms for consent, determination of and compliance with the legitimate purposes of the processing, and the granting of so-called "rights of the data subject" (e.g. right of access). Furthermore, the provider of the health application must follow best practice recommendations from the area of data security. Therefore, the provider must ensure that, for example, unauthorized access, manipulation, loss, and destruction of personal data are prevented by appropriate technical and organizational measures. State-of-the-art procedures such as encryption, rights management, securing integrity, pseudonymization, and logging are some examples of technical and organizational measures. When implementing these measures, it must be taken into account that the processing of health data generally entails high risk for the rights and freedoms of the data subjects and that unauthorized access to and/or manipulation of data, for example, can lead to the publication of a stigmatizing diagnosis or incorrect medication.