Schrödinger's App

Abstract

INTRODUCTION

A recent survey showed that 96% of Americans own a cellphone, of which 81% are “smart,”¹ and that the number of smartphone owners is only projected to increase over time.² Of smartphone users, 52% collect health information on their phones³ via one or more of the over 97,000 health and fitness applications (“health apps”) available for download.⁴ As health apps grow in sophistication, some are beginning to look and to function a great deal like health care. As a result, they raise issues core to health care, including safety, efficacy, and privacy. However, the laws and regulations designed to protect these key interests often do not apply to health apps.⁵ Instead, users of these apps may be left to rely on the law of consumer contracts. Drawing from bioethics, this Article asks if certain health app users deserve heightened protections when a consumer's legal duty to read the contract intersects with the ethics of informed medical decision-making.⁶

Among the most illuminating health apps for this analysis are period and fertility trackers. These apps are designed to be data repositories of everything from basal body temperature to the consistency of cervical mucus, and advertise a variety of health insights, including fertility predictions. Users may rely on this information to make deeply personal choices about their health and reproduction. The liminal status of these apps at the boundary of consumer technology and health care makes them a perfect case study for how a contract law framework may be legally permissible but nevertheless, ethically problematic.

This Article proceeds in three parts. Part I introduces period and fertility trackers and the concerns raised by the misalignment of user expectations on crucial issues related to privacy and accuracy. Part II provides a brief introduction to the legal and regulatory environment of smartphone apps. In doing so, Part II exposes the shortcomings of these approaches for certain health apps, like period and fertility trackers. Finally, Part III looks to the ethical foundations of medical informed consent and extracts lessons for apps that are not quite health care and yet not entirely distinct. The borderline nature of these health apps, coupled with oversight designed for apps that are neatly categorized, can mean that some health apps are underregulated. We conclude that given the importance of privacy and accuracy in certain health apps, there are good reasons to rethink digital contracts in a manner that promotes informed decision-making.

I. SCHRÖDINGER'S APP

Health apps perform a variety of functions, enabling users to track, monitor, and act on physiological, psychological, or social health data.⁷ Through creative use of embedded sensors, they can be used as fall detectors, spirometers, and heart rate sensors,⁸ and can sync with wearable devices to gather additional data and provide customizable feedback.⁹ Like “Schrödinger's cat,” which is “both living and dead … in equal parts,”¹⁰ these apps exist in a liminal space that is not quite health care but not quite not. In this Part, we introduce period and fertility trackers as an example of a “Schrödinger's app.” We then explore accuracy and privacy and the unique harms that can result from a misalignment in user expectations and technological and legal realities.

A. Period and Fertility Trackers

One category of app that straddles the line between health care and everything else is period and fertility trackers. These apps allow users to record the dates of their menstrual cycles and associated symptoms, as well as other information about their gynecological health.¹¹ They can also be a convenient way to track biomarkers necessary for fertility-awareness-based methods of contraception—such as the consistency of cervical mucus or basal body temperature. Apps can then use this information to generate predictions about a user's fertility, which she, in turn, can use to make decisions that impact her health.¹² For example, a woman trying to conceive may use predictions about her most fertile days to time intercourse to maximize the possibility of conception.¹³ Alternatively, these fertility prediction features may be used by women who seek to avoid conception, such as by planning to abstain from sex or to use barrier methods on fertile days.¹⁴

While the use of smartphones in these contexts is relatively new, tracking periods as a form of contraception has been around for decades, gaining popularity in the 1930s (around the same time as Schrödinger was theorizing about cats).¹⁵ Lately, there has been a resurgence of interest in fertility-awareness-based methods,¹⁶ motivated by a range of considerations including the lack of side effects as compared to hormonal birth control, as well as concordance with specific religious directives.

One app, Natural Cycles, shows particular promise. It was also the first app to receive FDA clearance for marketing as contraception, paving the way for a “contraception software” category.¹⁷ Research has shown that Natural Cycles is comparable to or better than other fertility-awareness-based methods when used as intended.¹⁸ Another app, Dot, has also shown potential in early research to be as effective as other user-controlled, fertility-awareness-based methods.¹⁹

The challenge is that nearly all apps on the market today—regardless of quality and how they are regulated—look like the Natural Cycles and Dot products. As a result, over 100 million women worldwide using free period-tracking apps²⁰ may assume that all apps are subject to the same standards, or that they all function in a substantially similar manner. This assumption is incorrect.²¹

B. Accuracy and Privacy

Much like the traditional health care context, period-tracking apps raise serious concerns about both accuracy and privacy. As noted above, some women use period- and fertility-tracking apps to achieve or avoid conception. If the app inaccurately predicts fertile days, a couple may focus their sexual efforts on non- or less-fertile days, which may lessen the chances of conception as compared to random intercourse throughout the month.²² If the app inaccurately predicts non-fertile days, a user trying to avoid conception may find herself pregnant.

Given the significance of the intended outcome—namely, avoiding or creating another human being—the accuracy of predictions is of critical importance. It is perhaps surprising then that very few available apps employ evidence-based methods of fertility awareness.²³ Furthermore, many of the available free period-tracking apps are inaccurate for the majority of women who do not have perfectly regular 28-day cycles.²⁴ Several studies examining the accuracy of period trackers have excluded currently available apps because they did not meet even threshold requirements for accuracy.²⁵ Consumers are not well-positioned to know if an app is providing accurate predictions about their health, and some women may never know they selected an inappropriate app until it is too late.

In addition to accuracy, the intimate nature of the information collected by these apps raises privacy concerns.²⁶ In fact, privacy is the very reason that some users track period- and fertility-related information in an app, as opposed to paper or digital calendars: they perceive apps to be more private than other methods.²⁷ This belief, however, may be erroneous in at least two respects: unintentional and intentional data sharing.

Period-tracking apps may be vulnerable to unintentional data sharing. For example, a 2016 Consumer Reports exposé outlined several privacy threats experienced by the app Glow.²⁸ Those vulnerabilities included: the ability of secondary users to link to other accounts without express permission from the primary user (permitting access to such intimate data as when the primary user last had intercourse and if she climaxed);²⁹ the transmission of personal data; and the ease of hacking and password change.³⁰ It concluded that it would be “easy for stalkers, online bullies, or identity thieves to use the information the app gathered to harm Glow's users.”³¹ Additional privacy and security issues exist across these apps, including leaving sensitive user information and photos accessible to unauthorized individuals with even rudimentary hacking skills.³²

Intentional data sharing practices present further privacy concerns when data from the app is sold or otherwise provided to third parties. The profit-driven model of most apps significantly contributes to the tension between user privacy and data sharing in apps generally.³³ More complicated still, the primary companies setting the standards for privacy are also two of the most influential players in the mobile advertising business—namely, Google and Apple.³⁴ Some predict that in the absence of regulation, data mining for advertising and research will only intensify.³⁵

For period trackers specifically, the data collected by these apps is both sensitive and highly valuable to a variety of recipients. First, it represents a lucrative source of information for advertisers. Pregnancy and childbirth are key life stages during which individuals are actively seeking out new products and developing new brand loyalties.³⁶ Information generated by these apps can help inform targeted advertising. While the receipt of targeted advertising may seem benign, it can cause problems when advertisements reveal a pregnancy before a user intends to share the information. It may also cause emotional harm when advertisements persist after a miscarriage or an abortion.

Second, sharing this sensitive data facilitates research. One company, Flo, claims to have collected several billion data points and employs a team of 15 data scientists to sift the data for patterns to provide better predictions.³⁷ Some researchers are optimistic that the large datasets generated by these apps will help increase our understanding of fertility.³⁸ Other companies produce research with less compelling social value, including exploring links between menstruation and lunar cycles.³⁹ While a user may not perceive these uses as objectively harmful, advance knowledge of the use of one's data in research may be relevant to a user deciding between comparable apps.

Third, apps have expressed an interest in utilizing their datasets for insurance purposes as a means of enhancing risk assessments and creating “better” health insurance.⁴⁰ These apps are also attractive to companies offering wellness programs.⁴¹ One app, Ovia, provides a version of its product that allows employers to receive anonymized data about their employees, including their sexual health and pregnancies.⁴² Though these data are supposedly de-personalized or de-identified, research suggests that anyone with access to the information that users enter into these apps (e.g., employers, partners, insurers, or advertisers) may be able to identify users nonetheless.⁴³ This data sharing creates a risk of employment and insurance discrimination.⁴⁴

Finally, the intimate nature of the data provided may be of interest to more concerning recipients—both in the form of intentional and unintentional sharing. As noted above, information contained within an app may prove valuable to abusive partners or stalkers.⁴⁵ The data entered into these apps may also prove to be of interest to government actors, particularly by those opposed to abortion. For example, in states passing ever more stringent abortion laws, data entered into these apps may prove useful in criminal investigations about suspected abortions or suspicious miscarriages.⁴⁶ And while government interest in the date of last menstrual periods seems like a scene out of a dystopian novel, both the Trump Administration and the state of Missouri have already demonstrated a keen interest in tracking the menstrual cycles of women and young girls as part of efforts to limit abortion access.⁴⁷

II. UNDERREGULATION & THE RELIANCE ON CONSUMER CONTRACTS

Though Schrödinger's Apps can look and act like health care, they are regulated as though they are not. Put simply, users of these personal health technologies generally do not receive the same protections as patients. This Part gives a brief overview of the current regulatory oversight of health apps and how many of the protections we enjoy in a health care context are inapplicable to the vast majority of health apps. It then turns to the law of consumer contracts and the importance of terms of service and privacy policies. It concludes by considering the shortcomings of these frameworks and how our current approaches inadequately protect health app consumers.

A. Traditional Regulatory Regimes

Heath care is one of the most heavily regulated industries. However, those same regulations generally do not extend to health apps. In some cases, protections recognizable in health care will apply in limited circumstances. For the rest, other types of consumer protections partially fill the gap.

1. Health Regulation

In a typical health care context, patients can—with some limitations—rely on U.S. Food and Drug Administration (“FDA”) approval for some guarantee of safety and efficacy and the Health Insurance Portability and Accountability Act (“HIPAA”) privacy and security rule to ensure appropriate handling of protected health information. While sometimes these protections apply to health apps,⁴⁸ the vast majority of health apps fall outside the scope of these laws and regulations.

For example, the FDA only regulates an app as a medical device if it is intended to diagnose, cure, mitigate, or prevent disease or other conditions.⁴⁹ The 21st Century Cures Act expressly excludes from regulation devices “for maintaining or encouraging a healthy lifestyle” that are “unrelated to the diagnosis, cure, mitigation, prevention, or treatment of a disease or condition.”⁵⁰ Most health apps fall within this carve-out.⁵¹ The lack of formal regulation or approval processes for the vast majority of period-tracking apps creates considerable variation in the “medical soundness” of the apps entering the market.⁵²

Similarly, HIPAA applies only in limited circumstances, such as when the app is “creat[ing], receiv[ing], maintain[ing], or transmit[ting] protected health information on behalf of a covered entity or another business associate.”⁵³ Notably, HIPAA does not apply if the health app vendor is not a covered entity or does not employ a business model that involves acting as a business associate.⁵⁴

The general lack of regulation or a sound evidentiary basis underlying these apps is cause for concern, as is the way they handle and transmit user data.⁵⁵ Consequently, the underregulation of health and wellness apps has not gone unnoticed by the academic community. Some scholars have called for minimum standards of disclosure for health apps, including a notification requirement about who will access data, the type of collected data, and how it will be used and stored.⁵⁶ Others have argued for more extensive FDA regulation of health and wellness apps.⁵⁷ However, until policymakers reach a consensus about whether and how to close these gaps, consumers remain without many of the protections often expected in a health context.

2. Industry Regulations

To say an app user is not entitled to informed consent, or an app does not fall under the purview of the FDA or HIPAA, does not mean that no rules apply. At the industry level, developers must comply with rules for posting to the Google Play Android Apps Store⁵⁸ or the Apple App Store.⁵⁹ State laws and guidelines may also apply, such as state consumer protection laws or nonbinding recommendations from State Attorneys General.⁶⁰

Perhaps the most dominant player in this space—at least as far as the United States is concerned⁶¹—is the Federal Trade Commission (“FTC”). The FTC has brought lawsuits against apps for making false or misleading claims, such as purporting to replace traditional blood pressure monitors⁶² or to treat acne.⁶³ Notably, the issue with these apps was not with the apps themselves but the statements made about their capabilities. In other words, the FTC does not address issues related to accuracy and privacy so long as the developer does not make false or misleading statements.

Nevertheless, these alternative mechanisms have several shortcomings. First, while industry standards exist, companies that benefit financially from advertising revenue associated with app use have little incentive to set a high bar for posting to their respective app stores. Second, state-specific protections do not apply to all users—only those in specific states—nor does it apply to all apps. Third, the FTC's approaches are underenforced and reactive, meaning that users may face various and possibly substantial harms before any meaningful oversight occurs. Fourth is the issue of bandwidth. The steady stream of innovation makes it difficult to monitor the claims and practices of every app. Relatively few users may download some apps, further disincentivizing the resource expenditure required for investigation and enforcement.

B. Consumer Contracts

Buyer beware: what a consumer believes ought to be true about health app accuracy and data privacy is not always the reality. In general, there are no assurances beyond those contained in the terms of service and in privacy policies. For health app users, the law of consumer contracts may provide the most—and, in some cases, the only—protection.

1. Terms of Service and Privacy Policies

For the vast majority of health apps, consumers may be limited to the recourses available in contract law. To use an app, a user must agree to the terms of service and privacy policies, often presented via a click- or browse-wrap contract.⁶⁴ In general, these contracts are presumed enforceable so long as the terms are not deceptive or intolerable as determined by the courts.⁶⁵

These types of contracts are common in technology. They also differ from the historical model of contracts in several key ways. First, unlike traditional contracts, there is no negotiation involved in their formation.⁶⁶ Instead, the terms of service and privacy policies serve an informative function for users. For example, these documents include disclaimers of liability, specifications of relevant jurisdiction, arbitration provisions, or warranties. Second, most terms of service contain clauses that allow for unilateral amendments.⁶⁷ In some cases, this language will also specify if or how an app will notify users of the change. When an app does not affirmatively inform users, the language often explains that it is the user's responsibility to periodically check back to review the terms of service and privacy policies. In most cases, continued use of the app is considered acceptance of new contract terms.⁶⁸ Third, these contracts acknowledge that there is no negotiation or mutual assent, but assume that the user is acting autonomously in selecting one app over another.

Given that companies set terms without negotiation and can amend those terms at any time, making an informed decision to initiate or continue app use would seem to require that users read and understand app terms of service and privacy policies. Yet, as has been well-documented by the empirical literature, terms of service and privacy policies in apps are unread by users and further, often difficult to understand.⁶⁹ Nevertheless, the law does not usually distinguish whether a user ever reads the content of the terms of service or privacy policies. Contract law assumes a party to a contract is capable of acting autonomously, whether she knows what she is agreeing to or not.⁷⁰ This assumption means a consumer can legally bind herself in a contract without even knowing it, without ever clicking an “I agree” button, and without ever accessing the terms of the agreement.⁷¹

Several commentators have raised serious and valid concerns about the appropriateness of click- or browse-wrap contracts, especially in light of the reality that they are often unread.⁷² These concerns take on increased urgency when apps involve highly personal data, such as those involving intimate health information. Yet, these apps are not afforded the formal protections given to health information in traditional medical contexts or within certain types of health apps, such as those that either communicate with a covered entity or qualify as a medical device. For this subset of in-between apps, ignorance of the terms of service and privacy policies may create more serious problems.

2. Shortcomings

As noted above, forming binding contracts through terms of service and privacy policies is standard practice in consumer transactions. However, even if these documents contain relevant information about the accuracy and privacy of data, it is unlikely that a user can find them, will read them, or be able to understand them if she does.⁷³ Moreover, companies can unilaterally change their terms with discretion regarding if or how to notify users.⁷⁴ Yet because they look and act like health care, period and fertility tracking apps reveal that the presentation and content of material information and assumptions about user autonomy create a misalignment in user expectations, which can result in real-world harm.

When it comes to efficacy and reliability, the terms of service may be the most accurate source of medical and liability disclaimers, even as marketing materials and in-app graphics suggest a different reality. For example, one period-tracking app advertises using medical images and language, indicating that it can send real-time alerts that symptoms might be a sign of something dangerous.⁷⁵ This same app simultaneously includes language in the terms of service that the app is not intended to give medical advice.⁷⁶ It is also common for apps to claim expertise and legitimacy by referencing science and medicine.⁷⁷ Some of these companies even have “chief medical officers,” and at least one app cites development by such esteemed contributors as “Harvard scientists, pregnancy specialists, and fit moms.”⁷⁸ Meanwhile, the terms will indicate that the app is not intended for use as medical advice, is provided “as is,” makes no warranties, and the company is free of liability.⁷⁹ Given the contradictions in these messages, a consumer's confusion about whether she can rely on the health information generated by her app is understandable. Further, by gesturing at the general idea of health and medicine without explicitly stating it can cure, treat, or diagnose, these apps avoid FTC enforcement.⁸⁰

Information about privacy may not be subject to the same onslaught of inconsistent marketing, but it suffers from similar challenges with readability and accessibility.⁸¹ The fact that users do not view privacy policies can create problems given that these documents are often the sole, (generally) accurate⁸² sources of information about intentional data sharing.⁸³ At times, these convoluted privacy policies contain shocking terms. For example, some apps that provide phone numbers and enable in-app calling will use these documents as the place to warn that they may record calls placed by users from within the apps.⁸⁴

When it comes to health apps like period trackers, relying on terms of service and privacy policies to deliver critical information about accuracy and privacy is insufficient. These documents are not designed to facilitate users' understanding of the relevant terms—and may, in fact, be intended to frustrate their understanding.⁸⁵ The issue is similar to the tension the court in Canterbury v. Spence, a landmark medical informed consent case, observed in 1972: “[c]aveat emptor is not the norm for the consumer of medical services.”⁸⁶ For these and other Schrödinger's apps, the way we protect patients may provide valuable lessons for how we ought to protect consumers.

III. LESSONS FROM INFORMED CONSENT

As explored in Part II, our current legal and regulatory frameworks do not adequately protect users of health apps that perform functions that increasingly emulate health care services. Period and fertility trackers clearly illustrate these shortcomings. In seeking answers to questions about how to improve these protections, Part III looks to the ethical underpinnings of medical informed consent.

A. The Ethics of Informed Consent

From a legal standpoint, period tracking apps do not create a physician-patient relationship and do not provide medical treatment. At the same time, these health technologies purport to generate reliable health-related recommendations and a suggested course of action with significant health implications. Thus, while apps cannot be said to have fiduciary duties to their users, nevertheless, there are strong moral arguments for facilitating informed decision-making about their use. Lessons from the paradigm of informed consent can therefore inform how we might reconsider the presentation and content of terms of service and privacy policies.

From an ethical perspective, informed consent centers on autonomous choice.⁸⁷ At least four reasons support the requirement of informed consent: (1) individuals are best positioned to know their interests, (2) information increases the likelihood that an intervention will be beneficial due to appropriate expectations, (3) there is social value in allowing individual decision-making, and (4) individuals have a right to control what happens to their bodies.⁸⁸ The right to fully autonomous choice is not absolute, but restricting autonomy requires justification based on other moral principles.⁸⁹

In ideal circumstances, effective informed consent processes help ensure that patients are aware of their situation, know what to expect from their treatment choices, can weigh the costs and benefits of those decisions, and do so in light of their own preferences and values. Moreover, it places the patient at the center of their own health care, ideally preventing paternalistic decision-making.

To argue for the importance of informed consent is not to hold that informed consent is required before every health care decision. Some circumstances allow health care providers to obtain simple consent instead.⁹⁰ For example, when treating a patient with contact dermatitis resulting from a ring containing nickel, it is not necessary for a clinician to engage her patient in an extensive discussion about the risks or benefits of topical corticosteroid use.⁹¹ In such low-risk situations, simple consent is appropriate, involving: a brief explanation of the issue, instructions about the medication, and asking if the patient has any questions. However, informed consent is necessary in decisions involving higher risk, in order to educate a patient about the benefits and risks of different options, and when multiple medically-appropriate options exist, to facilitate decisions that reflect the patient's own values and preferences.

B. Application to Period and Fertility Trackers

The digital world creates new challenges for informed consent.⁹² As with other consumer-oriented applications marketed as “wellness” tools, informed consent is completely absent in most period- and fertility-tracking apps.⁹³ Prior research suggests that terms of service and privacy policies likely obscure information that would be relevant to make a decision consistent with one's values and preferences.⁹⁴ However, even if a user opted to review these in detail, developers do not write terms of services and privacy policies at a reading level conducive to informed consent. Higher reading levels impede readability, and in turn, prevent users from fully understanding the risks associated with using an app.⁹⁵ Our prior research has shown that it would take years of post-secondary education to fully understand terms of service and privacy policies—and that is only if you can find them in the first place.⁹⁶

Ethical considerations of informed consent likely apply to all health apps but may be particularly relevant for period- and fertility-tracking apps, given the nature and magnitude of the health consequences associated with their use. One broad challenge in obtaining informed consent is determining who has decision-making authority in a given context. In the context of reproductive decision-making, experts agree that the choice of a birth control method belongs to the patient.⁹⁷ As an initial matter, this makes our analysis simple: women have the right to autonomous choice concerning birth control, including in the form of digitally-assisted fertility-awareness methods facilitated by the use of period-tracking apps. Given that at least some users utilize these apps for contraceptive purposes, the current presentation of accuracy and privacy information is ethically problematic for at least two reasons.

First, respect for autonomy is foundational to medical informed consent. We argue that terms of service and privacy policies do not respect user autonomy. Deceit is widely recognized as violating the informed consent requirement.⁹⁸ While this certainly includes outright lies, it also includes deception that intentionally creates a false impression without explicitly lying.⁹⁹ Various aspects of current terms of service and privacy policies for period-tracker apps arguably constitute such non-lying deception, including manipulative under-disclosure of pertinent information related to accuracy and privacy.

Second, years of research have demonstrated that a consumer is unlikely to access, read, or re-visit terms of service.¹⁰⁰ Because an app owner or developer would seek to restrict autonomous choice by obscuring important information, the burden of moral proof is on the company to justify the infringement.¹⁰¹ The reasons for presenting information in this format is precisely because users are unlikely to read or access it, creating a favorable environment to sneak in “crook” provisions.¹⁰² Apps are, in a Kantian sense, treating an autonomous person as merely a means to an end (data collection and vending) and not an end in herself.¹⁰³ Those practices may be legal, but they are not ethical.

Instead, apps should present material terms to users in a manner that encourages comprehension and affirmative consent. At a minimum, this must include information about how the app calculates predictions about the user's menstrual cycle, the app's capabilities for use as contraception, and disclaimers that information generated by the app is not medical advice. Providing sufficient, unbiased information is crucial in situations that present serious risks and ambiguous evidence—such as those involving conception or actions to prevent it.¹⁰⁴ When we empower individuals with more information about the benefits, risks, and limitations of health apps, they are in a better position to make decisions about whether the app is appropriate for their intended use.¹⁰⁵

Additionally, terms of service and privacy policies often contain unilateral amendment provisions. Ethically speaking, if there is a unilateral amendment to a consumer contract, the app should seek to notify the user in a manner that allows them to meaningfully consent to the change or make the decision to find a different app. Apps should not assume that users will independently obtain all information necessary to make an informed choice by reading the terms of service and privacy policies and periodically revisiting them to ensure her understanding is up-to-date.

Finally, consumer contracts and the ethical foundation of informed consent contain different assumptions about autonomy. In contract law, we simply assume parties can form and enter into contracts—that is, they are presumed at baseline to be acting autonomously. In an informed consent context, by contrast, steps are affirmatively taken to preserve and maximize autonomy by ensuring that individuals have the information they need to make informed choices, in recognition of the inherent informational asymmetry between clinicians and patients that exists at baseline. Health apps, like period trackers, would benefit from drafting their terms of service and privacy policies with a similar perspective in mind. By empowering users with accessible and understandable information necessary to make informed choices about app use, health apps can enhance user autonomy and support genuinely informed decisions.

Careful consideration of the ethical underpinnings and not solely the legal practicalities of informed consent is crucial. This is not to say, however, that the appropriate remedy is to merely replicate the process of medical informed consent in a health app context, as doing so may only serve to stifle innovation and create an annoying deluge of digital documents that consumers—especially Americans unaccustomed to extensive consent requirements in a digital context—do not want to read. Moreover, the informed consent process is subject to many justifiable criticisms.¹⁰⁶ Scholars like Jorge Contreras have likened the issues with contemporary informed consent processes to the problems with long and complicated clickwrap agreements that are standard in computer software.¹⁰⁷ The wholesale transfer of medical informed consent to the app context may be impracticable, and even if it is practicable, may exacerbate some existing problems. However, by examining the ethical considerations underlying informed consent and how they apply to Schrödinger's apps, we may inch closer to a policy solution.

CONCLUSION

Critical consideration of the disconnect between contract law, the norms of the technology industry, and the ethical considerations underlying health care become increasingly important in light of the growing market for consumer health technology. While there are many arguments for and against increased federal oversight of health apps, it is clear that our scant regulatory oversight and current reliance on consumer contracts are insufficient. As a result, lessons from health care and the ethical foundations of those lessons will take on new importance as we continue to debate the role of law and policy in consumer health technology.

Informed consent tells us that individuals need a certain amount of information presented in an accessible manner to make choices. These lessons suggest that apps should highlight certain material information outside the confines of terms of service and privacy policies, especially in contexts in which the consequences to health can be significant and the protection provided by contract law can be lacking. By modifying this approach and ensuring meaningful re-consent in the event of a unilateral amendment, health apps can enhance user autonomy. These changes are ethically desirable.

More research is necessary, however, to determine when and how to implement these improvements. Future disclosure requirements intended to enhance informed choice, while perhaps not quite quantum theory, may nevertheless prove to be anything but straightforward. Though Schrödinger's apps may suffer from challenges in clear categorization, they can also benefit from their not-quite-health-care and not-quite-not state by borrowing the best practices from each.

Footnotes

Acknowledgements

The authors wish to thank Jessica L. Roberts, Jim Hawkins, Emily Largent, and the participants of the 2020 American Journal of Law & Medicine Annual Symposium, especially Rebecca Mashni and the editors at the American Journal of Law & Medicine. They also appreciate and wish to acknowledge the administrative support of Elaine Fiala.

1

Mobile Fact Sheet, Pew Research Center (June 12, 2019), .

2

Ericsson Mobility Visualizer, Ericsson, https://www.ericsson.com/en/mobility-report/mobility-visualizer?f=1&ft=3&r=2,3,4,5,6,7,8,9&t=8&s=1,2,3&u=1&y=2018,2024&c=2 (last visited Apr. 11, 2020).

3

See Neha Baluni, Mobile Medical Apps: A Game Changing Healthcare Innovation, HealthWorksCollective (Aug. 12, 2018), (“52% of smartphone users collect health-associated information on their cell phones.”).

4

Andy Edwards, mHealth: Healthcare Mobile App Trends in 2019, OrthoLive (Feb. 2, 2019), .

5

See discussion infra Section II.A.

6

Uri Benoliel & Shmuel I. Becher, The Duty to Read the Unreadable, 60 B.C. L. Rev. 2256, 2260 (“Under the duty to read doctrine, contracting parties are presumed to have read the contract before agreeing to its terms. Failure to fulfill this duty has three main legal implications. First, a party is normally bound by the terms of the contract notwithstanding its failure to read them. Second, refraining from reading the contract does not constitute grounds for voiding the contract. Third, failure to read the contract does not trigger a contractual mistake necessary for contract reformation.”).

7

Katie Gambier-Ross et al., A Mixed Methods Exploratory Study of Women's Relationships with and Uses of Fertility Tracking Apps, 4 Digital Health, 2018, at 2.

8

Ida Sim, Mobile Devices and Health, 381 New Eng. J. Med. 956, 956 (2019).

9

John P. Higgins, Smartphone Applications for Patients' Health and Fitness, 129 Am. J. Med. 11, 13 (2016).

10

Melody Kramer, The Physics Behind Schrodinger's Paradox, Nat'l Geographic (Aug. 14, 2013) .

11

Gambier-Ross et al., supra note 7, at 1-2.

12

See id.; see also Mary Summer Starling et al., User Profile and Preferences in Fertility Apps for Preventing Pregnancy: An Exploratory Pilot Study, 4 mHealth, no. 21, 2018, at 2.

13

Alexander Freis et al., Plausibility of Menstrual Cycle Apps Claiming to Support Conception, 6 Frontiers in Pub. Health, April 2018, at 2.

14

See Starling et al., supra note 12, at 11-12; see also Richard A. Bretschneider, A Goal- and Context-Driven Approach in Mobile Period Tracking Applications, in Universal Access in Human-Computer Interaction: Access to Learning and Well-Being 279, 280 (M. Antona & C. Stephanidis eds., 2015) (noting that 10% of study participants said they would use a period tracking app as a method of contraception).

15

Bretschneider, supra note 14, at 279–87. Of note, this paper does not draw a clear distinction between apps marketed as period-tracking or those marketed as fertility-tracking. The concepts are used interchangeably, consistent with research that suggests users searching for a fertility app to help prevent pregnancy, most users will look for apps using terms unrelated to pregnancy prevention. Moreover, tracking apps often serve multiple purposes for users over time as their reproductive intentions and behaviors change across the life course.

16

See Marguerite Duane et al., The Performance of Fertility Awareness-Based Method Apps Marketed to Avoid Pregnancy, 29 J. Am. Board Fam. Med. 508, 508 (2016).

17

See FDA allows marketing of first direct-to-consumer app for contraceptive use to prevent pregnancy, FDA.Gov (Aug. 10, 2018), https://www.fda.gov/news-events/press-announcements/fda-allows-marketing-first-direct-consumer-app-contraceptive-use-prevent-pregnancy. Contraception software is classified as a Class II medical device with special controls, see FDA Reclassifies Contraception Software as Class II (Special Controls), FDA News (Mar. 8, 2019), .

18

See E. Berglund Scherwitzl et al., Perfect-use and Typical-use Pearl Index of a Contraceptive Mobile App, 96 Contraception 420, 422-24 (2017). But see Petra Frank-Hermann et al., Letter to the Editor: Fertility awareness-based mobile application, 22 European J. Contraception & Reprod. Health Care 396, 396-97 (2017) (discussing the limitations of the Scherwitzl et al. study).

19

See Victoria Jennings et al., Perfect- and Typical-use Effectiveness of the Dot Fertility App over 13 Cycles: Results from a Prospective Contraceptive Effectiveness Trial, 24 European J. Contraception & Reprod. Health Care 148 (2019).

20

Naomi Kresge et al., Period-Tracking Apps Are Monetizing Women's Extremely Personal Data, Bloomberg (Jan. 24, 2019, 6:00 AM), https://www.bloomberg.com/news/articles/2019-01-24/how-period-tracking-apps-are-monetizing-women-s-extremely-personal-data; see also Ctr. on Media & Human Dev., Nw. U., Teens, Health, and Technology: A National Survey 22-23 (2015), (observing that period tracking apps are the fourth most popular app among adults and the second most popular among girls ages 13-18); Karen E. C. Levy, Intimate Surveillance, 51 Idaho L. Rev. 679, 685 (2015) (noting that some fertility tracking apps are designed for men, hoping to empower them with knowledge about when their partner (or partners – there is a discrete feature for those with multiple sexual partners) might be disagreeable based on her upcoming period, or when she might be more amenable to intercourse according to predicted ovulation dates).

21

Duane et al., supra note 16, at 511 (“The majority of fertility apps are neither designed for avoiding pregnancy nor founded on evidence based FABMs.”).

22

Freis et al., supra note 13, at 2.

23

See Duane et al., supra note 16, at 511.

24

See Michelle L. Moglia et al., Evaluation of Smartphone Menstrual Cycle Tracking Applications Using an Adapted APPLICATIONS Scoring System, 127 Obstetrics & Gynecology 1153, 1154-55 (2016) (“Our primary criterion for ongoing inclusion in this study was accuracy. Ninety-nine percent of regular menstrual cycles range from 21 to 35 days, and only one in eight or nine women have 28-day cycles. Because women may not know their average cycle length, we decided that the ability to predict the next menstrual cycle based on averages of past cycles and not on a default (often 28-day) cycle length would be an important element of our accuracy criteria.”).

25

Britt Lunde et al., An Evaluation of Contraception Education and Health Promotion Applications for Patients, 27 Women's Health Issues 29, 34 (2017) (“More than one-third of identified apps were excluded from this review for containing inaccurate information.”); see also Moglia, supra note 24, at 1153-55 (noting that of the 108 apps that fit the study criteria, 88 apps were eliminated due to the inclusion of misinformation and other inaccuracies).

26

See, e.g., Isobel Asher Hamilton, Popular period-tracking apps were found sharing extremely sensitive data to Facebook, including when users last had sex, Business Insider (Sept. 10, 2019, 7:28 AM), .

27

Daniel A. Epstein et al., Examining Menstrual Tracking to Inform Design of Personal Informatics Tools, CHI ’17: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, May 2017, at 6883 (stating that “some women prefer using a dedicated app because of privacy, including S192: “keeping info in an app instead of written on my calendar gives me greater privacy.”); see also Amanda Karlsson, A Room of One's Own? Using Period Trackers to Escape Menstrual Stigma, 40 Nordicom Rev. 111, 113 (2019) (discussing the concept of privacy from a feminist perspective).

28

Jerry Beilinson, Glow Pregnancy App Exposed Women to Privacy Threats, Consumer Reports Find, Consumer Rep. (July 28, 2016), .

29

Id.

30

Id.

31

Id. Of note, Glow corrected the vulnerabilities after receiving notification from Consumer Reports.

32

Cooper Quintin, The Pregnancy Panopticon, Electronic Frontier Found. 6-10 (2017), .

33

Kit Huckvale et al., Assessment of the Data Sharing and Privacy Practices of Smartphone Apps for Depression and Smoking Cessation, JAMA Network Open, Apr. 2019, at 2.

34

Scott Thurm & Yukari Iwatani Kane, Your Apps Are Watching You, Wall Street J. (Dec. 17, 2010), (“The main companies setting ground rules for app data-gathering have big stakes in the ad business. The two most popular platforms for new U.S. smartphones are Apple's iPhone and Google's Android. Google and Apple also run the two biggest services, by revenue, for putting ads on mobile phones.”).

35

See Kresge et al, supra note 20.

36

Kaitlyn Tiffany, Period-Tracking apps are not for Women, Vox (Nov. 16 2018, 12:35 PM), .

37

Kresge et al, supra note 20.

38

See A. Lange et al., Smartphone fertility app use among couples of reproductive age: potential use of big data to improve fertility care and advance reproductive health research, 108 Fertility & Sterility, Oct. 2016, at e111.

39

The Myth of Moon Phases and Menstruation, Clue (Apr. 16, 2019), .

40

Levy, supra note 20, at 691.

41

See Adam Jacobson, The Risks of Pregnancy-Tracking Apps Risk Mgmt. (Aug. 1, 2019), .

42

Id.

43

Id.

44

Stephanie R. Morain et al., What to Expect When [Your Employer Suspects] You're Expecting, 176 JAMA Intern. Med. 1597 (2016).

45

Jacobson, supra note 41; see also Levy, supra note 20, at 686-87.

46

See Jacobson, supra note 41.

47

Carla Herreria, Missouri Health Director Tracked Planned Parenthood Patients' Periods On Spreadsheet, Huffington Post (Oct. 29, 2019, 11:00 AM), https://www.huffpost.com/entry/missouri-health-official-planned-parenthood-periods_n_5db8a9dbe4b0bb1ea370e116; Rachel Maddow, Trump Admin Tracked Individual Migrant Girls' Pregnancies, MSNBC (Mar. 15, 2019), .

48

Some health apps look and act enough like health care that these laws and regulations indeed apply. For example, the FDA regulates some health apps as “mobile medical apps.” This definition includes apps that have device software functionality meeting the definition of a device in section 210(h) of the Food, Drug, and Cosmetic Act and are either intended to be used “as an accessory to a regulated medical device” or “transform a mobile platform into a regulated medical device.” See U.S. Food & Drug Admin., Policy for Device Software Functions and Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff 4-5 (Sep. 27, 2019), .

49

See Jeffrey Shuren et al., FDA Regulations of Mobile Medical Apps, 320 JAMA 337, 337 (2018).

50

21st Century Cures Act, Pub. L. No. 114-255, § 3060, 130 Stat. 1130 (2016) (codified as amended at 21 U.S.C. § 360j(o)(1)(B) (2016)).

51

For other apps, FDA is piloting a new pre-certification program with a streamlined review for companies producing software as medical devices that demonstrate “a culture of quality or organizational excellence.” Instead of showing clinical outcomes before release, they are instead subject to post-market performance monitoring of safety and effectiveness, See Sim, supra note 8, at 962.

52

Gambier-Ross et al., supra note 7, at 2.

53

U.S. Dep't Health & Hum. Servs., Guidance for Health IT Developers: Health App Use Scenarios & HIPAA 1 (Feb. 2016), .

54

Id.

55

Errol Ozdalga et al., The Smartphone in Medicine: A Review of Current and Potential Use Among Physicians and Students, 14 J. Med. Internet Res. e128 (2012).

56

Nicole Martinez-Martin & Karola Kreitmair, Ethical Issues for Direct-to-Consumer Digital Psychotherapy Apps: Addressing Accountability, Data Protection, and Consent, 5 JMIR Mental Health e32 (2018); see also Yannis Bakos et al., Does Anyone Read the Fine Print? Consumer Attention to Standard Form Contracts, 43 J. Legal Stud. 1, 31-32 (2014) (“[m]easures that reduce the cost of comprehending the contract terms are likely to be more successful … Thus, a regulatory approach focusing on shortening and simplifying online contracts, standardizing their terms, and providing a standardized summary is more likely to increase readership than an approach focusing on [mandating] disclosure. [This suggests that an important benefit of regulations that mandate disclosure of basic credit terms in a standardized manner and large fonts], such as the “Schumer box” in the U.S. and the “summary Box” in the United Kingdom, [comes from reducing] the cost of reading and comprehending these terms. Simple and plain language requirements can be seen in the same light.”).

57

See generally T.J. Kasperbauer & David E. Wright, Expanded FDA regulation of health and wellness apps, 34 Bioethics 235 (2019).

58

Google, L.L.C., Developer Policy Center, Google Play, (last visited Apr. 6, 2020).

59

Apple, Inc., App Store Review Guidelines, Apple Developer, (last updated Mar. 4, 2020).

60

See, e.g., California Consumer Privacy Act of 2018, Assemb. B. 375, ch. 55, 2017-18 Leg. (Cal. 2018) (enacted); Att'y Gen. Kamala D. Harris, Cal. Dep't of Just., Privacy on the Go: Recommendations for the Mobile Ecosystem 1-2 (2013), .

61

Discussion international laws, such as the GDPR, are relevant to the discussion but outside the scope of this paper.

62

Complaint for Permanent Injunction & Other Equitable Relief at 9-10, FTC v. Aura Labs, Inc., No. 8:16-cv-2147 (C.D. Cal. Dec. 2, 2016), .

63

Complaint at 4, In re Koby Brown, No. 102-3205, (F.T.C. 2011), .

64

See Nancy S. Kim, Wrap Contracts: Foundations and Ramifications 35-43 (2013). Clickwrap contracts are those that require a consumer to affirmatively select that they agree to the conditions in some form or another, such as by checking a box that says, “I have read and agree to the terms.” A browsewrap contract requires a user to navigate somewhere else – sometimes after clicking a hyperlink provided in a prominent location and other times located in less obvious places. Id. at 42-43. Instead of clicking “I agree,” a user is assumed to have agreed to the terms of a browsewrap contract by using the technology so long as they have notice that the terms exist.

65

See id. at 37-39.

66

See id. at 3-4.

67

See id. at 103.

68

Id. at 138.

69

See id. at 128-29.

70

See id. at 137-39.

71

Id. at 2-4.

72

See, e.g., id. at 1-5.

73

Ali Sunyaev et al., Availability and Quality of Mobile Health App Privacy Policies, 22 J. Am. Med. Inform. Assoc. e28, e31 (2015); see also Bakos et al., supra note 56, at 195 (“We find that only one or two out of 1,000 retail software shoppers choose to access the license agreement and that most of those that do access it [spend too little time to have] read more than a small portion of the text.”); Nili Steinfeld, “I Agree to the Terms and Conditions”: (How) do Users Read Privacy Policies Online? an Eye-Tracking Experiment, 55 Computers in Human Behav. 992 (2016); Kevin Litman-Navarro, We Read 150 Privacy Policies. They Were an Incomprehensible Disaster, N.Y. Times (June 12, 2019), (last accessed September 11, 2019).

74

Jessica L. Roberts & Jim Hawkins, When Health Tech Companies Change Their Terms of Service, 367 Science 745, 745 (2020).

75

See Kashmir Hill, What happens when you tell the internet you're pregnant, Jezebel (July 27, 2017), .

76

Id.

77

See Gareth Martin Thomas & Deborah Lupton, Threats and Thrills: Pregnancy Apps, Risk, and Consumption, 17 Health, Risk & Society 495, 499 (2016).

78

Id. (referencing Ovia Pregnancy Tracker, ).

79

See id. at 499-500.

80

See supra notes 60-62.

81

See Leah R. Fowler et al., Readability and Accessibility of Terms of Service and Privacy Policies for Menstruation-Tracking Smartphone Applications, Health Promotion Practice, Feb. 2020, at 4.

82

But see Huckvale et al., supra note 33, at 2.

83

In a small qualitative study of Danish women's use of period-tracking apps, no interviewee had read the privacy policies or remembered permitting the app for data sharing. However, those interviewed did not perceive the risk of data sharing to be great. Users also erroneously assumed that they could disappear into aggregate data, underscoring the importance of increased scrutiny into privacy protections and the way apps communicate data-handling practices. Karlsson, supra note 27, at 117-19.

84

Hill, supra note 75.

85

See Kim, supra note 64, at 71-76.

86

Canterbury v. Spence, 464 F.2d 772, 783 n.36 (D.C. Cir. 1972).

87

See Ruth R. Faden & Tom L. Beauchamp, A History and Theory of Informed Consent 3 (1986).

88

Jessica Berg, The E-Health Revolution and the Necessary Evolution of Informed Consent, 11 Ind. Health L. Rev. 589, 594 (2014).

89

Faden & Beachamp, supra note 87, at 8-9.

90

Simon N. Whitney et al., A Typology of Shared Decision Making, Informed Consent, and Simple Consent, 140 Annals Internal Med. 54, 55 (2004).

91

Id.

92

Berg, supra note 88, at 590-91.

93

See Andrea Wiggins & John Willbanks, The Rise of Citizen Science in Health Care and Biomedical Research, 19 Am. J. Bioethics 3, 7 (2019).

94

Martinez-Martin & Kreitmair, supra note 56, at 4.

95

See Fowler et al., supra note 81, at 3.

96

Id.

97

Faden & Beauchamp, supra note 87, at 13.

98

Nir Eyal, Informed Consent, Stan. Encyclopedia of Phil., (last updated Jan. 16, 2019).

99

Id.

100

See Kim, supra note 64, at 57-59.

101

See Faden & Beauchamp, supra note 87, at 19.

102

Kim, supra note 63, at 71-76.

103

For more on Kantian ethics, see Immanuel Kant, Fundamental Principles of the Metaphysic of Morals (Thomas Kingsmill Abbott trans., CreateSpace Independent Publishing Platform 2016) (1785).

104

See Jeremy Sugarman et al., A Professional Standard for Informed Consent for Stem Cell Therapies, 322 JAMA 1651, 1652 (2019).

105

Urs-Vito Albrecht, Transparency of Health-Apps for Trust and Decision Making, 15 J. Med. Internet Res. e277 (2013).

106

For a detailed review of some of the problems with informed consent as framed by legal standards, see generally Valerie Gutmann Koch, Eliminating Liability for Lack of Informed Consent to Medical Treatment, 53 U. Rich. L. Rev. 1211, 1219-31 (2019).

107

Jorge Contreras, Genetic Property, 105 Geo. L.J. 1, 29 (2016) (“Like clickwrap agreements for computer software, much informed consent documentation has become so lengthy, complex, and turgid that all but the most sophisticated readers have difficulty understanding it.”).