Hi there,
don't know where to ask this. If anyone knows a better place to ask, or a way to get an offical answer by Apple that clarifies the legal parts of my question, that would be great.
I am developing a iOS app that uses HealthKit to access stored health data and sent that data to the projects server, after the user agreed. Question: is that allowed? From a technical standpoint it is possible, the app itself is pretty much finished.
I searched via google and read the parts about privacy in the legal document about this, but I am not an expert (i am just a student of medical informatics). So I would like to get a definitve answer what i can and can not do in this kind of matter. I also found this, but there aren't that many good answers: https://forums.developer.apple.com/thread/11860
For some more background information:
- The App is part of a far bigger system, that involves also Android, Server Backend, a website, and a lot of other components
- The whole system is hosted in the University hospital of Heidelberg
- We will have "formal ethical approval" by the hospitals ethic council in about a monh for the whole project
- The whole project involves several professors, students (like me) and doctors from the clinicum. It is intended as a research project for remotely monitoring patients, after their agreement to do so
- We had legal and technical experts double check what we are doing for the past 12+ months. We have a "go" from everybody involved and are thought to offer a reliable, safe, secure and legally valid (based on German law) system for medical research
Surely it shouldn't be any problem, if...
- The user agrees
- The data is safely stored on the server
- The data is only accessible by doctors of the University hospital of Heidelberg
- The server is an hospital-intern server
- Patients are able to delete the stored HealthKit data at any point in time completely from the server
- ... many more things we did to ensure privacy
...to be able to sent the queried HealthKit data to the projects server and nowhere else?
Our only goal is to support a medical research study in Heidelberg with this software. Our vision with the whole system is quite ambitious and we think we can add a super nice and convenient way for both sides to improve the daily patient life. We do not to intend to share / steal / or do anything bad with the data.
We put a lot of effort in this project. Thanks for any clarifications or helpful answers. We actually assumed that this was legally always possible but someone else came up a few weeks ago and suggested, that this kind of stuf is forbidden.
Thank you for your answers.
