CHESS Health’s Connections App: Protecting Patient Privacy

Supporting recovery and protecting patient privacy are not mutually exclusive.

By Hans Morefield, CEO CHESS Health

Despite this, a recent study highlighted potential concerns with 10 SUD apps, many of which are start-ups with funding from the venture and private equity markets, as well as the federal government.[i]  The findings are certainly cause for concern: many of the apps may be misusing or inappropriately sharing sensitive user data, including the consistent access of unique identifiers.

Particularly at the beginning of the pandemic, some providers were unprepared to transition their treatment to a virtual environment, leading them to look for outsourced solutions.  Increased demand has no doubt contributed to ongoing interest from the venture community around technology to support SUD.

CHESS Health’s Philosophy

CHESS has maintained a patient-centric approach since 2014. In fact, even before the Connections App was available commercially, our offering was the subject of clinical trials featured in peer-reviewed journals.[ii]  Underlying the CHESS Platform is deep clinical research and results that demonstrate how our solutions support recovery.

Just as importantly, we have a higher calling to uphold the dignity of individuals in recovery and to address the societal crisis of Substance Use Disorder (SUD).  Simply put, our mission is to improve the quality of addiction treatment for patients and providers – and this mission necessitates an unfaltering commitment to data privacy and security.

Our Model

At CHESS, we don’t sell or give access to the Connections App to patients directly; we provide access to the app through a treatment center, provider, payer, or other healthcare entity.  This means that we prioritize the patient/provider relationship, not selling data to third parties.

How CHESS Uses Data

Personally identifiable information – like the patient’s name, email address, recovery goals, and answers to survey questions – may be shared with the patient’s provider to support recovery, but is not shared with outside parties.  Some data may be de-identified and combined with the de-identified data of other patients to better understand addiction treatment outcomes and other useful analytics.

What CHESS Does NOT Use

  • Some companies use incentives, called “contingency management,” to encourage individuals to refrain from using drugs and alcohol. In and of itself, contingency management is not necessarily worrisome from a privacy perspective.  However, some programs may partner with third-party incentive providers, which may mean patient information is disclosed.  CHESS Health does not disclose patient information to third parties.
  • Some business models rely on advertising from third parties, and so access and store the “advertising ID” from the user’s phone. Unlike new entrants to this space who may rely on advertising and data sharing in their business model, CHESS Health does not accept advertising; we do not access the advertising ID.
  • Some apps create Bluetooth connections or store GPS data, which may heighten the risk that private data may be captured. The Connections app includes an optional feature that allows the user to input high-risk locations that may trigger a relapse.  There are no Connections App features that access a Bluetooth connection.  Even with the optional location feature, CHESS does not track, collect, or store the patient’s location or the precise location of the mobile device.
  • Many app development supported by recent venture capital use Software Development Kits (SDKs). Developers who use this approach often have a vested interest in data collection from smartphone users. The Connections App was developed through proprietary research and does not use tracker SDKs.

The Bottom Line

SUD treatment and recovery apps can – and should – play an essential role in supporting patients, especially in a post-pandemic environment that prioritizes patient engagement.  That said, providers, payers, and other interested parties should carefully evaluate their chosen solution to ensure the technology provider’s approach coincides with strategic considerations of maintaining and upholding patient trust.

  1. [i]
  2. [ii]