Table 1:
Privacy and Confidentiality Recommendations for HIV eHealth Research Teams
| Procedure | Researcher Responsibility |
|---|---|
| Online Recruitment | • Be informed as to whether the content of targeted ads or the linked study website may provide third-party companies with potentially stigmatizing information about the participant, including sexual and gender minority identifications, HIV status, or substance use • Be knowledgeable of updates to Terms of Service for third party services • Select secure servers for sending and receiving recruitment materials • Instruct participants to complete recruitment screeners in private and to delete website links afterwards • Provide peer recruiters with sufficient training and monitoring to protect the privacy of those they recruit through online snowball or respondent-driven sampling • Manually review online validity checks • Be mindful that people at greater risk for or living with HIV may have differing expectations and standards about their online privacy depending on how open they are about their sexual orientation, gender identity or HIV status, how tolerant the community they live in is, or their general views about how their online data is or should be used |
| Data Maintenance | • Use encryption for transfer of participant data to research servers over cellular data or wireless networks, especially for sensitive information specific to HIV eHealth interventions including HIV medication adherence, tracking of sexual activity, substance use, and mental health logs • Consider whether providing participants with mobile devices will allow researchers a greater degree of ensuring confidentiality of participant data • Implement protocol for remote locking or removal of data from intervention-specific mobile applications in the event of a lost or compromised device • Structure interventions to require additional pins, passwords, or finger-print recognition each time a user wishes to access them • Balance the fact that verification processes that are too cumbersome discourage participants from consistent use with participant desire for protection of sensitive data • Be aware that most smartphone users do not take advantage of comprehensive security features • Involve developers in conversations around usability to ensure integrated security features • In cases such as shared cell phone use, where there are limits to the intervention team’s ability to design sufficient participant protections, the use of eHealth modalities for HIV research may not be ethically appropriate |
| Informed Consent | • Conduct initial research on the technological competencies of the target population to help steer proper informed consent procedures • Include a thorough description of the key information participants will need to make a reasoned participation decision based on the extent and limits of confidentiality protections, and use comprehension quizzes to ensure participants understand privacy risks • Provide education or training that promotes appropriate understanding of an intervention’s privacy protection features and privacy risk • Include customization options for notification timing and reminder messaging content to help participants better-protect their privacy in eHealth interventions • Implement checkpoints for assessment of harm at every stage of the intervention; make relevant information known to study participants so they can reevaluate their involvement |