-
Notifications
You must be signed in to change notification settings - Fork 444
Best Practices
These materials are for informational purposes only and do not constitute legal advice. You should contact an attorney to obtain advice with respect to the development of a care app and any applicable laws.
This page documents lessons learned while developing and testing applications using the CareKit™ framework.
Our hope is that users of the CareKit framework will contribute new modules (surveys, active tasks, data visualizations, etc.) back to the community so that researchers around the world can leverage these both for new studies and to simplify reproducing the results that others have reported. See Contributing.
If you would like to see new features but don't have the resources to build and contribute them yourself, do file a bug in our issue tracker so that the community as a whole can evaluate all options when allocating resources.
Participant privacy is a core value. Medical care apps should ensure highest levels of security to maintain the privacy of one’s data.
-
Transparency builds trust. Participants should be told up front exactly what enrolling in the study would mean for them, what data they are contributing, and who may have access to the data.
-
Having an explicit privacy policy is highly recommended for every app that collects personal data. It is also required for CareKit apps posted to the iOS App Store.
-
Use touch ID or PIN access to control access to your app, if your app records or displays personal data.
-
Do not use iCloud to store health information.
The flip side of privacy is data security.
-
Use the highest level of file protection possible for the given use case. Usually this should be
NSFileProtectionComplete
orNSFileProtectionCompleteUnlessOpen
. This way, files stored by your app are encrypted automatically whenever the device is locked. -
Do not keep personal data for longer than necessary for your app to function.
-
When transmitting data via networks that terminate SSL early, or when contemplating a store and forward mechanism of any kind for your data, consider an extra cryptographic wrapper for the data to protect it end to end. For example, a Cryptographic Message Syntax (CMS) envelope, the same technology used in S/MIME, can be used to encrypt data before transmission.
Apple builds products to be accessible to people with disabilities by default, and the CareKit framework should meet this standard. While certain tasks and activities and their corresponding results might be more relevant to perform and view by sighted users, or users with certain diseases, it is important that all UI can be explored and navigated using VoiceOver, Apple’s built-in screen reader for the blind. Failing on this promise could leave users stuck in areas of CareKit apps that are inaccessible, or even make them unwilling to consent to relevant studies, because of insecurity caused by inaccessibility.
As a minimum, when adding new UI to the CareKit framework, follow these steps:
-
All UI elements should be reachable with VoiceOver enabled, and have proper accessibility labels.
-
Add accessibility hints and traits to describe UI elements whose purposes might be difficult to describe with just a label.
-
Actions such as tapping, swiping and other interaction with UI elements, should be possible to perform with VoiceOver enabled.
-
When possible, follow the accessibility conventions and patterns embraced by Apple's own apps.
Refer to the Accessibility Programming Guide for iOS for more detailed information.