Terms and conditions apply: an ethical analysis of mobile health user agreements in research.

Mobile health (mHealth) technologies raise unique risks to user privacy and confidentiality that are often embedded in lengthy and complex Privacy Policies, Terms of Use, and End User License Agreements. We seek to improve the ethical review of these documents ('user agreements') and their risks in research using mHealth technologies by providing a framework for identifying when these risks are research risks, categorizing the key information in these agreements under relevant ethical and regulatory categories, and proposing strategies to mitigate them. MHealth user agreements typically describe the nature of the data collected by mHealth technologies, why or for what purposes user data are collected and shared, who will have access to the different types of data collected, and may include exculpatory language. The risks raised by data collection and sharing typically increase with the sensitivity and identifiability of the data and vary by whether data are shared with researchers, the technology developer, and/or third-party entities. The most important risk mitigation strategy is disclosure of the key information found in user agreements to participants during the research consent process. In addition, researchers should prioritize mHealth technologies with favorable risk-benefit balances.