Skip to main content
Download PDF

Opportunities and challenges of a dynamic consent-based application: personalized options for personal health data sharing and utilization

BMC Medical Ethics volume 25, Article number: 92 (2024) Cite this article

Abstract

Background

The principles of dynamic consent are based on the idea of safeguarding the autonomy of individuals by providing them with personalized options to choose from regarding the sharing and utilization of personal health data. To facilitate the widespread introduction of dynamic consent concepts in practice, individuals must perceive these procedures as useful and easy to use. This study examines the user experience of a dynamic consent-based application, in particular focusing on personalized options, and explores whether this approach may be useful in terms of ensuring the autonomy of data subjects in personal health data usage.

Methods

This study investigated the user experience of MyHealthHub, a dynamic consent-based application, among adults aged 18 years or older living in South Korea. Eight tasks exploring the primary aspects of dynamic consent principles–including providing consent, monitoring consent history, and managing personalized options were provided to participants. Feedback on the experiences of testing MyHealthHub was gathered via multiple-choice and open-ended questionnaire items.

Results

A total of 30 participants provided dynamic consent through the MyHealthHub application. Most participants successfully completed all the provided tasks without assistance and regarded the personalized options favourably. Concerns about the security and reliability of the digital-based consent system were raised, in contrast to positive responses elicited in other aspects, such as perceived usefulness and ease of use.

Conclusions

Dynamic consent is an ethically advantageous approach for the sharing and utilization of personal health data. Personalized options have the potential to serve as pragmatic safeguards for the autonomy of individuals in the sharing and utilization of personal health data. Incorporating the principles of dynamic consent into real-world scenarios requires remaining issues, such as the need for powerful authentication mechanisms that bolster privacy and security, to be addressed. This would enhance the trustworthiness of dynamic consent-based applications while preserving their ethical advantages.

Peer Review reports

Background

The advances in big data necessitate a complicated balance between protecting the privacy of individuals whose data are being used and leveraging the societal benefits provided by state-of-the-art data-driven technologies [1]. Personal health data are a valuable resource that significantly impacts biomedical research and digital health ecosystems [2]. The integration of sophisticated technologies with the widespread use of personal health data has resulted in groundbreaking work within the realm of medicine and tangible applications in the health care sector [3]. However, the combination of technology and personal health data has led to concerns associated with data privacy and security, as well as ethical implications in terms of consent and potential exploitation [4, 5]. Therefore, to encourage innovation and enhance healthcare outcomes through the use of data, the perspectives of both data subjects and consumers, whose interests sometimes conflict, must be thoroughly considered.

Data sovereignty is indispensable within a data-driven economy [6]. This concept emphasizes the need for data subjects to have control over the use of their shared data. The absence of such sovereignty could hinder the advancement of the data-driven economy by decreasing the desire for data sharing and utilization [7]. To ensure the full potential of data utilization, discussions regarding sovereignty have evolved in the digital era. The protection of individual rights and the promotion of trust in data sharing environments are both mandatory in certain regulatory frameworks, such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) [8, 9]. For instance, the fundamental tenet of the European Union data protection law is that individuals have authority over the sharing of their personal health data [10]. Provisions granting access, erasure, and transfer rights for personal data in specific circumstances in the GDPR help facilitate its fundamental aim of protecting data subjects. This current shift towards giving individuals autonomy over their data highlights the significance of data sovereignty in contemporary discussions in digital health ecosystems.

While obtaining consent from individuals before using their personal health data is generally crucial in clinical research, it may not always be feasible in every situation. Appropriate safeguards and ethical considerations should be implemented to protect individuals’ privacy in such cases. The fundamental basis of consent is respecting individual autonomy [11]. The Declaration of Helsinki and the Belmont Report aim to prevent exploitative and manipulative practices in clinical and medical research, and both highlight the importance of autonomy [12, 13]. Safeguarding autonomy involves more than just preventing manipulation; it also entails offering guidance and support for making autonomous decisions. These ideas have been incorporated into practice as informed consent, which includes providing comprehensive and precise information to empower individuals to make voluntary decisions [14, 15]. The All of Us research program in the United States provides individuals with adequate information to make well-informed decisions concerning their participation [16, 17]. This program ensures that potential participants are motivated to join based on their personal interests and the inherent value of their involvement by providing comprehensive details regarding program operations. This approach ensures that individuals make informed decisions according to their preferences. The Guidelines for Tailoring the Informed Consent Process in Clinical Studies (i-CONSENT guidelines) also emphasize the significance of implementing comprehensive and individualized consent procedures [18]. These guidelines advocate for ongoing, two-way communication, initiated at the outset of participant engagement and sustained throughout the duration of the study.

Dynamic consent, an innovative principle that emphasizes the protection of the data sovereignty of individuals, has attracted considerable interest [19]. Many academic studies have examined the potential benefits of dynamic consent, specifically regarding its ethical advantages in comparison to conventional consent methods [20,21,22,23,24]. Due to its functionality within digital interfaces that enable uninterrupted communication between data subjects and consumers, irrespective of temporal and spatial constraints, dynamic consent is regarded as the most appropriate approach for acquiring consent in digital health ecosystems [25]. Furthermore, dynamic consent provides a variety of personalized options for individuals to enhance their autonomy and self-determination with respect to the sharing and utilization of personal health data. Establishing resilient mechanisms through which individuals can exert authority over their personal health data while maintaining continuous communication is essential in the pursuit of genuine informed consent in digital settings. Nevertheless, further considerations of personalized options are still required [26, 27]. To assess the efficacy, usability, and ability to uphold individual autonomy of personalized options that are supported by dynamic consent principles, additional investigation is needed.

Therefore, in this study, user experiences based on dynamic consent principles are examined, specifically focusing on sovereignty over health data usage in various settings with personalized options. The evaluation was conducted using MyHealthHub, a digital consent application developed in this study based on dynamic consent principles. The primary objectives of this study are (1) to explore the viewpoints of individuals on the sharing and utilization of personal health data and (2) to assess user acceptance of MyHealthHub as a means for managing data sovereignty in a tailored manner while respecting individual autonomy. This study specifically focuses on individual patients, who are the principal subjects of personal health data. To analyze user acceptance, this study employed the Technology Acceptance Model (TAM), which has been widely used to understand user acceptance of information technology [28]. This study contributes to the exploration of processes to ensure data sovereignty with dynamic consent in the health care sector by examining user experiences associated with the MyHealthHub application, which facilitates the sharing and utilization of personal health data with personalized options in a tailored manner.

Methods

Study design

This study utilized a mixed-methods design, incorporating both a system usability test and questionnaires. MyHealthHub, a digital consent application designed in adherence with dynamic consent principles, was specifically developed for this study to facilitate the usability test. The study participants were provided with access to the MyHealthHub application, which facilitates experiences in a personalized data sharing process using virtual health data. The questionnaire included one open-ended item to elicit a wide range of perspectives from the participants, as well as multiple-choice items. The entire procedure was completed consecutively in a single session and adhered to the required ethical protocols under the necessary ethical clearance of informed consent from the Institutional Review Board of Kyungpook National University (KNU) (KNU IRB No. KNU-2021-0158).

Participant recruitment

Participants for this study were recruited through email invitations. Potential participants were defined as individuals who have interests or experiences in digital health services and were likely to utilize digital consent applications to generate personal health data during their daily lives and to share and utilize their data. Participants were eligible if they were 18 years of age or older, resided in South Korea, had internet access on personal devices, and were proficient in using websites for various activities, such as online shopping and internet banking. The potential participants were provided with basic information materials regarding the study through email. Email addresses of potential participants were obtained through the Smart Health Standards Forum, an organization supporting smart health standards and industry development. They were encouraged to voluntarily reach out to our research team to arrange an appointment if they were interested in participating. All participants provided informed written consent and received a gift voucher as compensation upon completion.

System usability test

MyHealthHub is a digital consent application designed based on dynamic consent principles. This application offers participants an all-encompassing experience of personalized data sharing and consent management. The prototype version of the application was available in the Korean language. The MyHealthHub application included functionalities for managing consent, monitoring data sharing history, and configuring personalized options regarding data usage (Fig. 1). Personalized options include specifying the scope of shared data according to the specific institutions and health data involved, conditions for automatic consent, designated representatives if necessary, and preferred communication methods or periods for receiving relevant updates on their data usage. These options were flexible and could be adjusted according to each individual’s preferences.

Fig. 1
figure 1

Screenshots of the English version of the MyHealthHub application

Full size image

The participants were provided with individual accounts and were instructed to access and log in to the MyHealthHub application. For the system usability test, the provided accounts were populated with temporary log-in credentials and comprised a variety of fictitious dummy personal health data. So that the participants could experience and understand the foundational attributes of dynamic consent, they were required to complete eight tasks via the MyHealthHub application. These tasks were determined through a combination of literature findings and insights from a scoping review on dynamic consent, as detailed in our previous study [29]. The tasks included providing consent, monitoring data usage history, and configuring personalized options. This approach ensures that the tasks reflected prior knowledge on dynamic consent, allowing for a comprehensive evaluation of the dynamic consent process. The participants were not specifically instructed to meticulously scrutinize each item of content available in the application during the execution of the designated tasks with the purpose of assessing real user interactions with MyHealthHub. The participants were given the autonomy to select the scope and variety of institutions that they wanted to share their data with, based on their individual preferences. After completing the tasks, participants evaluated their experience with a questionnaire designed to capture their feedback on the usability and functionality of the application.

Questionnaire

After the usability test, participants were prompted to complete a questionnaire. The questionnaire consisted of 30 items, which comprised a combination of multiple-choice and open-ended inquiries (Table 1). The multiple-choice questions were designed to investigate perceptions of the sharing of personal health data and to assess user acceptance of the MyHealthHub application. The questionnaire items were formulated by integrating findings from the literature and primary concepts derived from the TAM, specifically focusing on perceived ease of use, perceived usefulness, and intention to use. While advancements in the model, such as the Unified Theory of Acceptance and Use of Technology, are acknowledged, this study employed the original TAM for its simplicity and well-established use in similar contexts, which aligns well with the specific focus of this study [30]. Finally, participants were provided with an open-ended questionnaire to further explore their experiences and perspectives concerning the MyHealthHub application. The participants were encouraged to provide feedback on a multitude of application-related topics, such as interface design, content, usability, potential improvements, information quality, authentication and authorization procedures, and any other pertinent observations derived from the usability test. The full version of the questionnaire was originally written in Korean, and the English-translated version is available in Additional file 1.

Table 1 Overview of questionnaire items
Full size table

Data analysis

To validate the responses gathered from the multiple-choice questionnaire items, statistical methods were utilized. The internal, concentration, and discriminant validity of each category were validated in this process [31,32,33]. Subsequently, descriptive statistics were employed to analyze quantitative data derived from the responses to multiple-choice questions. The qualitative data acquired through the open-ended item were analyzed thematically [34]. Two of the authors first carried out the review, coding, and categorization of the gathered data to construct the initial themes. Then, all the authors reviewed and discussed the themes to enhance their coherence and reasonability. Discrepancies identified among the authors were discussed and resolved. The data analysis procedure was performed using SmartPLS 3.0 and Excel.

Results

Perceptions of the sharing and utilization of personal health data

A total of thirty participants accessed the MyHealthHub application for an average of thirty minutes to provide dynamic consent. The participants successfully accomplished the eight assigned tasks without requiring additional assistance or support. The demographic characteristics of the participants are available in Additional file 2.

Table 2 presents the participants’ perspectives on the sharing of personal health data. Twenty-four out of thirty participants agreed that the exchange of personal data is crucial to the advancement of the health care industry. Regarding the timing of requesting consent, twelve participants responded that consent is needed for each time data is to be shared, whereas three participants preferred providing consent only once, such as during the initial registration process for a specific service such as the MyHealthHub application. The remaining half of the participants indicated a preference for different frequencies of consent requests, contingent upon the purposes and subjects of data usage.

Table 2 Perspectives on personal health data utilization
Full size table

Table 3 presents the participants’ preferences concerning the sharing and utilization of their personal health data. Participants’ degrees of willingness to share their data varied by the type of institution or data. The average number of participants who expressed willingness to share basic health checkup data was 12.17, the highest result of any data type. In contrast, the average value for data concerning mental health was the lowest, at 9.83 individuals. Regarding the institution types, an average of 26.33 individuals considered medical institutions to be favour targets for data sharing. Additionally, private companies were given the lowest preferences, with an average of only 2.00 individuals.

Table 3 The willingness to share personal health data by institution and data type
Full size table

User acceptance of the MyHealthHub application

Table 4 presents the descriptive statistics of participant responses regarding the level of user acceptance of the MyHealthHub application. The responses were validated for internal consistency, convergent validity, and discriminant validity within each category (Additional file 3). Average scores of 6.10 and 5.62 out of 7.00 were obtained for self-evaluated health literacy and health-related interests, respectively. An average of 5.67 was obtained for system usability, whereas a lower average, 4.67, was obtained for system reliability. The average score for the overall intention to use was 5.26, with 5.20 for perceived usefulness and 5.46 for perceived ease of use.

Table 4 Overall evaluation results for user acceptance of the MyHealthHub application
Full size table

Thematic analysis results

Overview

Following an analysis of the responses to the open-ended questionnaire item, three themes were identified: the usability of the MyHealthHub application, the usefulness of the MyHealthHub application, and apprehensions regarding digital environments (Table 5).

Table 5 Summary of thematic analysis results
Full size table

The usability of the MyHealthHub application

In addition to the quantitative results presented in Table 4, the overall evaluation results for usability were favorable, as evidenced by the fact that every participant independently completed the assigned tasks. Moreover, participants shared some opinions about enhancing the usability of the MyHealthHub application.

Some participants believed that mobile interfaces would offer greater benefits than web-based environments. Although the prototype distributed to the participants was compatible with desktop and mobile devices, it did not have responsive interface capabilities catering to different device types. Some participants expressed the opinion that the width of the tables utilized to present a record of consent requests or data usage history was excessively large on mobile devices, requiring them to scroll to cover the entire piece of information. They expressed their desire for an iteration of the MyHealthHub application that incorporates user-interface optimization tailored for mobile devices, thereby augmenting accessibility and enabling its utilization from any location without relying on desktop computers.

In addition to mobile optimization, participants commented on the intuitiveness of the interface. The majority of participants expressed satisfaction with the level of information that the MyHealthHub application provided in relation to their decision-making process regarding data usage. On the other hand, certain participants who perceived themselves to be deficient in providing information reported facing challenges in understanding content that included medical terminology. They desired further user interface enhancement through the addition of straightforward icons or descriptions to assist them in making decisions based on a comprehensive understanding of the data types to be shared and the specific purposes for which institutions would utilize the data.

The usefulness of the MyHealthHub application

The participants expressed contentment with the ability to tailor the level of data sharing in accordance with the type of institutions and data. In addition, the study participants highlighted the potential advantages of the MyHealthHub application in health management, monitoring chronic diseases, and insurance payment processing.

Personalized options were found to be the most appealing aspect to participants. Furthermore, this feature complies with dynamic consent principles, which safeguard the autonomy and self-determination of individuals. Some participants who initially expressed a preference for providing consent only once during the registration procedure felt that the option to automatically set conditions for providing consent was quite attractive. Certain participants opined that a more granular degree of options would be beneficial in the selection process for institution types. For example, a participant expressed a preference for choosing a specific insurance company rather than the institution type when they desired to share data with only insurance company A but not insurance company B. On the other hand, a few participants felt that the administration of personalized options was occasionally cumbersome, impeding their motivation to engage in the process of data utilization.

The majority of participants acknowledged the benefits associated with exercising control over data through the MyHealthHub application. They valued the convenience of monitoring their consent and data usage history to help manage their data utilization, in addition to the ability to tailor the extent of shared data to their preferences. Conversely, a subset of the participants conveyed a feeling of inadequate motivation to use the MyHealthHub application. They stated that they were young and currently in excellent health, resulting in a lack of need to manage personal health data, in contrast to financial management services. Some of them suggested that it would be advantageous to employ rewards or incentives as a means of motivating individuals to share their personal health data, thereby fostering their interest in health data management.

Apprehensions regarding digital environments

While the participants expressed contentment with the personalized options, there were some concerns regarding security. The participants highlighted the significance of establishing security protocols to prevent disastrous data breaches in digital environments, with a particular focus on health data that may include sensitive personal information.

In response to the identification procedure, the participants provided mixed responses. The participants were able to access the MyHealthHub application through the login ID and password that were assigned for the usability test in this study. Some participants conveyed a desire to enable effortless login via the single sign-on (SSO) approach in practical situations. These participants were aware of the SSO procedure, which is an authentication approach that enables individuals to access different services with a single set of login credentials [35]. They perceived the SSO as a dependable and practical approach to accessing multiple applications, owing to its widespread adoption across various services. Conversely, certain participants expressed that they might be hesitant to use the MyHealthHub application in the future out of apprehension, citing a need for increased security measures. One participant suggested that enhanced security technologies be implemented at a level comparable to the authentication process utilized in financial applications, such as two-factor authentication [36].

An additional noteworthy opinion concerned the criticality of communication in fostering relationships of trust with system end-users. The majority of participants indicated that the functionalities provided by the MyHealthHub application are advantageous for safeguarding individual autonomy and ensuring data sovereignty over their health data. However, they also emphasized the need to provide more comprehensive information regarding data management procedures so as to enhance transparency. One participant underscored the importance of secure and permanent deletion of shared data once a contractual period has expired. Another participant contended that it is critical to convey both technical and emotional aspects pertaining to the secure storage and management of data to foster trust and assurance with system users. For instance, individuals may want to know how their provided data are transmitted to the designated institution in a secure way and how the shared data are protected within the institution.

Discussion

This study investigated the potential of a digital consent system that adheres to dynamic consent principles for safeguarding the autonomy and data sovereignty of individuals regarding their personal health data. Dynamic consent is an innovative approach to facilitating digital health ecosystems that helps balance the use of personal health data while simultaneously safeguarding individual autonomy [19]. Previous scholarly investigations have explored dynamic consent, such as its conceptual evolution, user acceptance, and technological advancements that facilitate its practical implementation [29]. Although previous research has recognized the ethical benefits of dynamic consent in comparison to conventional consent models, a need to assess user acceptance of systems based on dynamic consent for its practical use has been consistently expressed. Notably, very few publications have linked the TAM to dynamic consent, highlighting the originality of this study in understanding user acceptance within the context of personal health data management.

The results of this study provide valuable insights into participants’ preferences and perceptions regarding the sharing and utilization of personal health data through dynamic consent mechanisms. The study demonstrated a strong acceptance of the MyHealthHub application, with participants successfully completing tasks and expressing a preference for personalized consent options tailored to the type of data and institutions involved. Notably, participants showed a higher willingness to share data with medical institutions compared to private companies, and there was a clear preference for dynamic consent methods that allow for continuous and adaptable consent management. Despite the favorable reception, some participants indicated that the abundance of options could be cumbersome, suggesting the need for further refinement of user interfaces and the incorporation of more intuitive design elements. Additionally, participants highlighted concerns about security and the importance of transparent data management practices, underscoring the necessity for robust security measures and clear communication to build trust.

In particular, there has been little effort to investigate whether dynamic consent genuinely upholds individual autonomy through the sharing and utilization of personal health data. This critical question is central to the ethical considerations of digital health technologies and the protection of individual rights and privacy [37]. It is imperative to assess the efficacy of dynamic consent in preserving these principles amid the complex interplay of technology, healthcare delivery, and individual rights [38, 39]. Individuals should be able to modify and update their consent, including actions such as protocol shifts, alterations, and withdrawal [40]. Furthermore, addressing concerns about the temporal aspect and control over the pace of interaction is essential for maintaining individual autonomy.

The personalization and flexibility of consent are enhanced by dynamic consent principles, which permit individuals to modify their consent preferences as circumstances change. This study used a digital consent application, MyHealthHub that operates on dynamic consent principles. MyHealthHub enables continuous interaction with participants, promoting self-determination in accordance with their consent preferences. The study participants comprehended and accepted the dynamic consent model according to their performance on the usability test. Participants were able to make decisions regarding the sharing of data in accordance with their individual preferences, considering the information at their disposal regarding data usage, including target institution, purpose, and duration of data sharing. Additionally, the questionnaire responses revealed that the perceived usefulness and ease of use of the MyHealthHub application led to positive intentions to use it.

The findings from this study indicate the usefulness of dynamic consent by demonstrating that individuals’ preferences regarding consent are substantially affected by a range of factors, including the kind of data to be shared, the type of institution involved, and the context in which the data is shared. These findings align with the observations made in prior studies regarding individuals’ perspectives on the utilization of their health data [41,42,43,44]. One study has indicated that individuals may exhibit a preference for providing limited data to for-profit enterprises [45]. Similarly, significant disparities in consent preferences were observed based on the type of institution in this study. The participants exhibited a greater propensity to provide consent for the sharing of their data with medical institutions or research institutes than with private enterprises. The type of health data also influenced the participants’ inclination to share their data. There was a heightened reluctance to share mental health-related data with specific institutions compared to basic health check-ups and physical health-related data.

Another notable observation from this study is that the participants displayed a mixed reaction to the personalized options. The majority of participants expressed satisfaction with the ability to independently determine the scope and extent of their data sharing, allowing customization. Some participants expressed that the abundance of options available may deter individuals from engaging in their data sharing and utilization processes. They exhibited a greater preference for automatic consent, as it eliminates the need for frequent decision-making or consent provision. The expanded role of individuals in the dynamic consent approach with respect to conventional consent mechanisms may be perceived as burdensome due to the multitude of options available for selection [46]. This particular concern has been identified as a significant barrier to the widespread adoption of the dynamic consent model in prior scholarly investigations. However, it has been argued that these opinions stem from a misinterpretation of dynamic consent. The concept of autonomy, as outlined in the dynamic consent principles, pertains to the ability to adapt approaches to accommodate various circumstances. This includes allowing individuals to choose the level of involvement they wish to have in their data-sharing processes. For example, passive individuals have the option to utilize broad-informed consent as a means to adopt a more inclusive approach within the framework of the dynamic consent model.

There are several limitations to this study. The recruitment of participants was conducted via convenience sampling. Convenience sampling was carried out by distributing invitations to individuals who were easily accessible and met the study criteria, such as members or subscribers of smart health standard forum. The majority of the study participants expressed interest in utilizing digital health services and personal health data. In fact, since this innovative method, the dynamic consent mechanism, affects the entirety of society, it is crucial to solicit the general public’s opinion. However, despite the satisfactory validity of the questionnaire responses, which suggests their potential for future research, the sample size employed in this study was relatively modest. It was difficult to recruit many public individuals, as well as older individuals, in our sample due to recruitment challenges; consequently, the characteristics of this study sample may not be representative of the general population in South Korea. The presence of such a selection bias may lead to overly optimistic conclusions regarding the level of interest and engagement of participants in utilizing the application.

Additionally, this study did not evaluate uninterrupted communication, a critical component of dynamic consent. The average duration of the participants’ experience was only 30 minutes, which is insufficient for a thorough evaluation. It is imperative to evaluate whether consent is altered over an extended period and whether participants prefer to continue utilizing the system. This limitation should be recognized, as it affects the comprehension of the continuous interaction necessary for dynamic consent systems. Furthermore, the experience was constructed using fictitious data rather than the actual data of the participants, which could potentially influence their responses and engagement. These aspects should be the focus of future research in order to conduct a more comprehensive assessment of dynamic consent systems.

Given the potential for data sharing to expand globally, it is required to address the specific contents of dynamic consent items. Previous studies have defined these items using the Data Use Ontology (DUO) developed by the Global Alliance for Genomics and Health (GA4GH) [47,48,49]. Additionally, international standards such as the Fast Healthcare Interoperability Resources (FHIR), developed by Health Level Seven (HL7), offer structured standards for representing consent directives in healthcare, emphasizing the importance of interoperability and consistency [50]. The Basic Patient Privacy Consents (BPPC) profile by Integrating the Healthcare Enterprise (IHE) also provides a mechanism for managing patient privacy consents, further supporting the need for standardized approaches [51]. Standardizing and clearly defining the items within dynamic consent, including the types of data shared, the purposes of data use, and the entities involved, is crucial for establishing trust among users and ensuring transparency. However, this study primarily focused on the user experience and did not explore the detailed standardization and definition of dynamic consent items, which constitutes a limitation. Addressing these aspects would enhance the scalability and interoperability of dynamic consent mechanisms on a broader scale.

Nevertheless, a notable aspect of this study was the simulation of real-world scenarios regarding the use of personalized options through the MyHealthHub application. Although the personalized option is an aspect of dynamic consent principles that safeguards individual autonomy in sharing and utilizing personal health data, it has received comparatively less attention than other features, such as withdrawal of consent, contactless communication, and unlimited communication. Participants in this study were not required to carefully read or view any particular page or information; rather, they used the application as usual and completed the assigned tasks by themselves. This statement underscores our endeavors to acquire a more realistic depiction of the circumstances in which individuals are anticipated to operate the application in the future. As evidenced by the fact that not all participants preferred to select personalized options each time rather than specifying conditions for automatic consent, it would appear that the intended reflection of a variety of realistic perspectives in this study was achieved, at least to some degree. Further research that juxtaposes the perspectives of active and passive individuals should provide a more holistic understanding of the effects of dynamic consent protocols on participation rates as well as whether such protocols yield more favorable outcomes while preserving individual autonomy.

Conclusions

In a data-driven economy, personal health data facilitate progress in digital health ecosystems beyond their potential value as an asset. In digital health environments, dynamic consent is a promising strategy for protecting the autonomy and data sovereignty of individuals regarding their personal health data. The findings of this study indicate that by utilizing dynamic consent principles in the implementation of a digital consent application, individuals can be adequately informed regarding the manner in which their data are shared and used, thereby empowering them to make well-informed decisions. Participants highly valued the ability of digital interfaces to modify individual preferences in response to changing circumstances; this feature should be expanded to its fullest potential. Nevertheless, digital consent has certain challenges, such as apprehensions about the identification process and a lack of establishing trustworthy relationships with individuals. Therefore, while embracing the personalized and flexible advantages of the dynamic consent model, it is imperative to continuously contemplate technological and legal measures to ensure individual rights and privacy in the ever-evolving digital landscape.

Availability of data and materials

The datasets used and/or analysed during the current study are available from the corresponding author on reasonable request.

Abbreviations

HIPAA:

Health insurance portability and accountability act

GDPR:

General data protection regulation

TAM:

Technology Acceptance Model

SSO:

Single sign-on

DUO:

Data use ontology

GA4GH:

Global alliance for genomics and health

FHIR:

Fast healthcare interoperability resources

HL7:

Health level seven

BPPC:

Basic patient privacy consents

IHE:

Integrating the healthcare enterprise

References

  1. Graef I, Petročnik T, Tombal T. Conceptualizing Autonomy in an Era of Collective Data Processing: From Theory to Practice. Digit Soc. 2023;2(2):19.

    Article  Google Scholar 

  2. Mirchev M, Mircheva I, Kerekovska A. The academic viewpoint on patient data ownership in the context of big data: scoping review. J Med Internet Res. 2020;22(8):e22214.

    Article  Google Scholar 

  3. Alonso SG, de la Torre Díez I, Zapiraín BG. Predictive, personalized, preventive and participatory (4P) medicine applied to telemedicine and eHealth in the literature. J Med Syst. 2019;43(5):140.

    Article  Google Scholar 

  4. Abouelmehdi K, Beni-Hssane A, Khaloufi H, Saadi M. Big data security and privacy in healthcare: A Review. Procedia Comput Sci. 2017;113:73–80.

    Article  Google Scholar 

  5. Piasecki J, Cheah PY. Ownership of individual-level health data, data sharing, and data governance. BMC Med Ethics. 2022;23(1):104.

    Article  Google Scholar 

  6. Tang C, Plasek JM, Zhu Y, Huang Y. Data sovereigns for the world economy. Humanit Soc Sci Commun. 2020;7(1):1–4.

    Article  Google Scholar 

  7. Opriel S, Fraunhofer I, Skubowius GE, Fraunhofer I, Lamberjohann M. How usage control fosters willingness to share sensitive data in inter-organizational processes of supply chains. In: International Scientific Symposium on Logistics. vol. 91. Bremen: Bundesvereinigung Logistik (BVL) e.V.; 2021.

  8. Regulation P. Regulation (EU) 2016/679 of the European Parliament and of the Council. Regulation (EU). 2016;679:2016.

    Google Scholar 

  9. Cohen IG, Mello MM. HIPAA and protecting health information in the 21st century. Jama. 2018;320(3):231–2.

    Article  Google Scholar 

  10. Graef I, van der Sloot B. Collective data harms at the crossroads of data protection and competition law: Moving beyond individual empowerment. Eur Bus Law Rev. 2022;33(4).

  11. Pugh J. Informed consent, autonomy, and beliefs. In: Autonomy, rationality, and contemporary bioethics [Internet]. Oxford(UK): Oxford University Press; 2020.

  12. Goodyear MD, Krleza-Jeric K, Lemmens T. The declaration of Helsinki. BMJ. 2007;335:624. London: British Medical Journal Publishing Group; 2007. https://doi.org/10.1136/bmj.39339.610000.BE.

  13. Sims JM. A brief review of the Belmont report. Dimens Crit Care Nurs. 2010;29(4):173–4.

    Article  Google Scholar 

  14. Koonrungsesomboon N, Laothavorn J, Karbwang J. Understanding of essential elements required in informed consent form among researchers and institutional review board members. Trop Med Health. 2015;43(2):117–22.

    Article  Google Scholar 

  15. Yusof MYPM, Teo CH, Ng CJ. Electronic informed consent criteria for research ethics review: a scoping review. BMC Med Ethics. 2022;23(1):117.

    Article  Google Scholar 

  16. All of Us Research Program Investigators. The “All of Us” research program. N Engl J Med. 2019;381(7):668–76.

  17. Doerr M, Moore S, Barone V, Sutherland S, Bot BM, Suver C, et al. Assessment of the All of Us research program’s informed consent process. AJOB Empir Bioeth. 2021;12(2):72–83.

    Article  Google Scholar 

  18. i CONSENT Consortium, et al. Guidelines for tailoring the informed consent process in clinical studies. Spain FISABIO Generalitat Valencia. 2021;10:1–63.

  19. Kaye J, Whitley EA, Lund D, Morrison M, Teare H, Melham K. Dynamic consent: a patient interface for twenty-first century research networks. Eur J Hum Genet. 2015;23(2):141–6.

    Article  Google Scholar 

  20. Wee R, Henaghan M, Winship I. Ethics: Dynamic consent in the digital age of biology: online initiatives and regulatory considerations. J Prim Health Care. 2013;5(4):341–7.

    Article  Google Scholar 

  21. Steinsbekk KS, Kåre Myskja B, Solberg B. Broad consent versus dynamic consent in biobank research: is passive participation an ethical problem? Eur J Hum Genet. 2013;21(9):897–902.

    Article  Google Scholar 

  22. Budin-Ljøsne I, Teare HJ, Kaye J, Beck S, Bentzen HB, Caenazzo L, et al. Dynamic consent: a potential solution to some of the challenges of modern biomedical research. BMC Med Ethics. 2017;18:1–10.

    Article  Google Scholar 

  23. Wallace SE, Miola J. Adding dynamic consent to a longitudinal cohort study: a qualitative study of EXCEED participant perspectives. BMC Med Ethics. 2021;22:1–10.

    Article  Google Scholar 

  24. Mascalzoni D, Melotti R, Pattaro C, Pramstaller PP, Gögele M, De Grandi A, et al. Ten years of dynamic consent in the CHRIS study: informed consent as a dynamic process. Eur J Hum Genet. 2022;30(12):1391–7.

    Article  Google Scholar 

  25. Appenzeller A, Rode E, Krempel E, Beyerer J. Enabling data sovereignty for patients through digital consent enforcement. In: Proceedings of the 13th ACM International Conference on PErvasive Technologies Related to Assistive Environments (PETRA `20); 2020 Jun 30-Jul 3; Corfu, Greece. New York: Association for Computing Machinery; 2020. ISBN: 978-1-4503-7773-7. https://doi.org/10.1145/3389189.

  26. Prictor M, Teare HJ, Bell J, Taylor M, Kaye J. Consent for data processing under the General Data Protection Regulation: Could ‘dynamic consent’ be a useful tool for researchers? J Data Prot Priv. 2019;3(1):93–112.

    Google Scholar 

  27. Villalobos-Quesada M. Participative consent: Beyond broad and dynamic consent for health big data resources. Law Hum Genome Rev. 2019;(Extraold.I2019):485–510. https://bioderecho.eu/sumarios/.

  28. Davis FD. Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quart. 1989;13(3):319–40.

  29. Lee AR, Koo D, Kim IK, Lee E, Kim HH, Yoo S, et al. Identifying facilitators of and barriers to the adoption of dynamic consent in digital health ecosystems: a scoping review. BMC Med Ethics. 2023;24(1):107.

    Article  Google Scholar 

  30. Venkatesh V, Morris MG, Davis GB, Davis FD. User acceptance of information technology: Toward a unified view. MIS Quart. 2003;27(3):425–78.

  31. Tentama F, Anindita WD. Employability scale: Construct validity and reliability. Int J Sci Technol Res. 2020;9(4):3166–70.

    Google Scholar 

  32. Ahmad S, Zulkurnain N, Khairushalimi F. Assessing the validity and reliability of a measurement model in Structural Equation Modeling (SEM). Brit J Math Comput Sci. 2016;15(3):1–8.

    Article  Google Scholar 

  33. Ab Hamid MR, Sami W, Sidek MM. Discriminant validity assessment: Use of Fornell & Larcker criterion versus HTMT criterion. In: Journal of physics: Conference series. vol. 890. Bristol: IOP Publishing; 2017. p. 012163.

  34. Kiger ME, Varpio L. Thematic analysis of qualitative data: AMEE Guide No. 131. Med Teach. 2020;42(8):846–854.

  35. De Clercq J. Single sign-on architectures. In: International Conference on Infrastructure Security. Berlin: Springer; 2002. p. 40–58.

  36. Wong ZSY, Rigby M. Identifying and addressing digital health risks associated with emergency pandemic response: Problem identification, scoping review, and directions toward evidence-based evaluation. Int J Med Inform. 2022;157:104639.

    Article  Google Scholar 

  37. Vedder A, Spajić D. Moral autonomy of patients and legal barriers to a possible duty of health related data sharing. Ethics Inf Technol. 2023;25(1):23.

    Article  Google Scholar 

  38. Verreydt S, Yskout K, Joosen W. Security and privacy requirements for electronic consent: a systematic literature review. ACM Trans Comput Healthc. 2021;2(2):1–24.

    Article  Google Scholar 

  39. Saksena N, Matthan R, Bhan A, Balsari S. Rebooting consent in the digital age: a governance framework for health data exchange. BMJ Glob Health. 2021;6(Suppl 5):e005057.

    Article  Google Scholar 

  40. Appenzeller A, Hornung M, Kadow T, Krempel E, Beyerer J. Sovereign digital consent through privacy impact quantification and dynamic consent. Technologies. 2022;10(1):35.

    Article  Google Scholar 

  41. Mont MC, Sharma V, Pearson S. EnCoRe: dynamic consent, policy enforcement and accountable information sharing within and across organisations. HP Laboratories Technical Report. 2012.

  42. De Sutter E, Zaçe D, Boccia S, Di Pietro ML, Geerts D, Borry P, et al. Implementation of electronic informed consent in biomedical research and stakeholders’ perspectives: systematic review. J Med Internet Res. 2020;22(10):e19129.

    Article  Google Scholar 

  43. Tosoni S, Voruganti I, Lajkosz K, Habal F, Murphy P, Wong RK, et al. The use of personal health information outside the circle of care: consent preferences of patients from an academic health care institution. BMC Med Ethics. 2021;22:1–14.

    Article  Google Scholar 

  44. Kalkman S, van Delden J, Banerjee A, Tyl B, Mostert M, van Thiel G. Patients’ and public views and attitudes towards the sharing of health data for research: a narrative review of the empirical evidence. J Med Ethics. 2022;48(1):3–13.

    Article  Google Scholar 

  45. Cumyn A, Barton A, Dault R, Safa N, Cloutier AM, Ethier JF. Meta-consent for the secondary use of health data within a learning health system: a qualitative study of the public’s perspective. BMC Med Ethics. 2021;22(1):81.

    Article  Google Scholar 

  46. Ploug T, Holm S. Meta consent: a flexible and autonomous way of obtaining informed consent for secondary research. BMJ. 2015;350:1–4.

  47. Haas MA, Teare H, Prictor M, Ceregra G, Vidgen ME, Bunker D, et al. ‘CTRL’: an online, Dynamic Consent and participant engagement platform working towards solving the complexities of consent in genomic research. Eur J Hum Genet. 2021;29(4):687–98.

    Article  Google Scholar 

  48. Haas MA, Madelli EO, Brown R, Prictor M, Boughtwood T. Evaluation of CTRL: a web application for dynamic consent and engagement with individuals involved in a cardiovascular genetic disorders cohort. Eur J Hum Genet. 2024;32(1):61–8.

    Article  Google Scholar 

  49. Dyke SO, Philippakis AA, Rambla De Argila J, Paltoo DN, Luetkemeier ES, Knoppers BM, et al. Consent codes: upholding standard data use conditions. PLoS Genet. 2016;12(1):e1005772.

  50. HL7 International. Resource Consent. 2023. [cited 2024 April 16]. https://www.hl7.org/fhir/consent.html.

  51. IHE International. Basic Patient Privacy Consents (BPPC). 2023. [cited 2024 April 16]. https://profiles.ihe.net/ITI/TF/Volume1/ch-19.html.

Download references

Acknowledgements

This research was supported by a Government-wide R&D Fund project for infectious disease research (GFID), Republic of Korea (grant number: HG22C0024, KH124685).

Funding

Not applicable.

Author information

Authors and Affiliations

  1. Office of eHealth Research and Business, Seoul National University Bundang Hospital, 172, Dolma-ro, Seongnam-si, 13605, Gyeonggi-do, Republic of Korea

    Ah Ra Lee, Dongjun Koo, Sooyoung Yoo & Ho-Young Lee

  2. Interdisciplinary Program in Bioengineering, Seoul National University, 1, Gwanak-ro, Seoul, 08826, Seoul, Republic of Korea

    Dongjun Koo

  3. School of Computer Science & Engineering, College of IT Engineering, Kyungpook National University, 80, Daehak-ro, Daegu, 41566, Daegu, Republic of Korea

    Il Kon Kim

  4. College of Nursing, Research Institute of Nursing Science, Kyungpook National University, 680, Gukchaebosang-ro, Daegu, 41944, Daegu, Republic of Korea

    Eunjoo Lee

  5. Department of Nuclear Medicine, Seoul National University Bundang Hospital, 172, Dolma-ro, Seongnam-si, 13605, Gyeonggi-do, Republic of Korea

    Ho-Young Lee

Authors
  1. Ah Ra Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dongjun Koo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Il Kon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eunjoo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sooyoung Yoo
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ho-Young Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

AL and IK conceptualized the design of the study. AL and DK performed system implementation, data collection, analysis, and interpretation of the findings. AL wrote the original draft. EL, SY, IK and HL commented. IK and HL reviewed the final version. All authors reviewed and approved the final version of the manuscript.

Corresponding author

Correspondence to Ho-Young Lee.

Ethics declarations

Ethics approval and consent to participate

The Institutional Review Board of Kyungpook National University (KNU) granted approval for this research (KNU IRB No. KNU-2021-0158). Prior to the commencement of the study, written informed consent was obtained from all participants, and the objectives and scope of the research were explained. They were informed of the possibility and their right to withdraw from the study at any time, and their participation was entirely voluntary. No personally identifiable information was gathered during the data collection process, and no unique identifiable information was included in the presentation of the findings. All methods were conducted in accordance with the relevant guidelines and regulations.

Consent for publication

All participants provided informed consent to publish their contributing data.

Competing interests

The authors declare that they have no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary Information

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lee, A.R., Koo, D., Kim, I.K. et al. Opportunities and challenges of a dynamic consent-based application: personalized options for personal health data sharing and utilization. BMC Med Ethics 25, 92 (2024). https://doi.org/10.1186/s12910-024-01091-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1186/s12910-024-01091-3

Keywords

BMC Medical Ethics

ISSN: 1472-6939

Contact us