1.A. Company Name

Orange

1.B. Long-Term Vision Statement

1.B.1. Goals

Our goal is to provide users with an accessible way to manage their health data. We will do this by helping users collect their own medical data via a smartwatch that tracks their health data. We also want to make it easier for users to provide their health data to their primary care doctor so that they can get faster and more accurate diagnoses from them.

1.B.2. Idea Origination

The idea originated as some of our group members have been wanting to workout a bit more and be more active overall. For this reason we all decided that a smartwatch would be a great tool to help us reach our fitness and health goals.

1.B.3. Purpose/Values/Mission

At Orange, it is our mission to empower people to reach their health and fitness goals in a practical way while making it more fun and more accessible. We understand that health data is sensitive information and for this reason we hold privacy as our number 1 company value. We believe that users should be in charge of their own data and for this reason all collected data is stored on the smartwatch itself or on the user's own phone until the user decides they want to share it with their healthcare provider.

1.B.4. Key Questions

1. What engages our passions?

• We want individuals to live a healthy life. We want the wellness of our community to create a healthier community.

2. How do we protect our user's data?

• We will never sell any data. We sell "healthware" devices, not people's information.
• Data will be encrypted on the device using SHA-256 and the encrypted data will be stored in NV-Flash or similar media.
• The locality of the data matters. We believe that maintaining a strict policy of keeping data as local as possible will mitigate any widespread data breaches.

1.C. Strategy with Ethical Impacts AND Ethical Safeguards

1.C.1 OKR 1

1.C.1.1 OKR 1 Description

One objective is to protect our user’s data. Even if our company is not a healthcare provider in the traditional sense, and therefore may or may not be beholden to HIPAA regulations, health and medical information is important data that should be protected from unauthorized access. There are two primary stakeholders: the user, and his or her medical provider if desired. The user is the obvious stakeholder. The Orange Peel will empower anyone to collect their own information about their body safely and securely. While using Orange Peel, the device should collect sensitive information and store it as encrypted data. If the user decides to share this information with his or her health provider, the health provider becomes another stakeholder. Encryption is intended to prevent unauthorized access. There is a possible third stakeholder. To facilitate encryption, a third party entity may need to act as an authority for issuing and signing certificates. It may be our company, or a separate entity. This really comes down to specific implementation, but ideally I think it would be best if the user would be able to manage security completely on the device or through a companion application. If the user is able to manage this and the device is capable of operating completely standalone, the device will continue to function even if the company ceases to exist.

1.C.1.2 OKR 1 Metrics

To measure the success of this objective, we could check if our customers' data is compromised. This, in itself presents its own challenge. Since we don't have access to our customers' data, we or another service can't just monitor for our customers' details on the darknet. Instead, we could take a statistical approach to this problem. If we can correlate the average incidence of our customers data being leaked while using our device with historical data, we could probably determine if our system is working as intended. That is, if our customers experience a significantly higher rate of incidence of data breached than average, we can pretty safely assume that our system is not achieving the goal of protecting our customers' data. Achieving this would require detailed data from a provider that specializes in data breaches, or the whole task could be contracted entirely.

1.C.1.3 OKR 1 Ethical Impact(s)/Issue(s)

The ethical issues that our company may encounter are user privacy, data security, and possible misuse of information. Privacy is a concern because if the information is public, anyone may be able to access the information and gain knowledge about our users such as habits and medical conditions. The security of the data is also important because data breaches could make data that is intended to be private available to individuals or organizations that are not authorized to access the data. If the data is not private and secure, it may be misused. One possible misuse of user data is insurance companies using information about individuals to deny insurance to or increase payments of people who experience health issues.

A real-world case involving a similar situation is when MyFitnessPal was hacked in 2018. MyFitnessPal is an app designed to track fitness and nutrition. According to Under Armour, the parent company, an investigation found “that the affected information included usernames, email addresses, and hashed passwords” and “that approximately 150 million user accounts were affected” [1]. Although their investigation suggests that only credentials were accessed, the changing nature of what is stored in computer systems and how they are used may result in detailed and specific information about users being leaked.

OKR 1 Expected Ethical Impact Risk

Stakeholder	Financial	Privacy	Conflicting Interest	Violation of Rights
User	med	high	low	high
Doctor	none	none	med	med
Our Company	med	none	low	low

In the above Expected Ethical Impact Risk table, I estimate that the user faces risks that are financial and that relate to privacy, and by nature of violating the aforementioned, violation of rights. The financial risks of the user may be denial of insurance coverage or higher costs of insurance. The user also faces the risk of having his or her private information accessed by parties who do not have the user’s consent. I estimate that the doctor faces little to no financial and privacy risk because our system would not collect information about the doctor and does not have any significant financial impact. I recognize a possibility that the doctor could have conflicting interests where information is shared illegally. Our company faces some financial risk. If a device is misused, our company may be found liable for damages incurred by a third party.

1.C.1.4 OKR 1 Ethical Safeguards

We intend to protect our user’s data by keeping data encrypted and as local as possible. All data should be stored locally on the device itself or collected on a device of the user's choosing, such as a smartphone. Orange Peel will issue a decryption key and allow the data to be transferred to an authenticated device belonging to the medical staff. The locality of the information should provide some insulation to attack by keeping it out of databases that have a large attack interface. Additionally, the encryption of the data should prevent the data from being easily used in the event that it is accessed by an unauthorized party.

1.C.2 OKR 2

1.C.2.1 OKR 2 Description

We will create a smartwatch that will allow users to track vital health and fitness data and share it with their primary care doctor only when they want to. The smartwatch will collect data with an array of sensors and communicate that data to the user’s phone where the data will be stored. Once the data is on the user’s phone they will be able to share specific data with their primary care provider. We will stand out from the competition as a privacy focused wearable. This will be a challenge since we also intend to allow users to share their health data with their primary care doctor. However, we believe privacy is not just making it so users' data can't be shared but rather allowing them the freedom of choosing who to share it with.

1.C.2.2 OKR 2 Metrics

1. Complete user research with at least 500 participants 50 of who should be professionals in the healthcare industry to gather insights on desired features and privacy concerns. Since our smartwatch is intended for individuals of all demographics, there should also be diversity in age groups and races to ensure a quality product for our future customers.
2. We will design and create a prototype for the smartwatch by incorporating user feedback from our user research that meets at least 80% of the key features.
3. We will then have the smartwatch tested by at least 500 users, 50 of whom should be healthcare professionals and we should achieve at least and 85% satisfaction score. Satisfaction score will be measured by a short survey asking participants how satisfied they are with the smartwatch. Any feedback given at this stage about features that aren't accessible to certain demographics with be placed as a high priority to work on for another prototype.

1.C.2.3 OKR 2 Ethical Impact(s)/Issue(s)

Stakeholder	Financial	Privacy	Conflicting Interest
Customer	Low	Low	Mid
Company	High	Mid	Low
Doctor	Low	Low	Mid

1. Risk of uniform subject sample for user research and testing phase. This would be unethical as it could make our product inaccessible to demographics with certain skin tones or of certain ages.
2. Risk of participants agreeing to testing they are uncomfortable with. This would be unethical as subjects should know exactly what they are consenting to when participating in testing.
3. Risk of a conflict of interest as user research may involve some sort of compensation to participants which may cause them to not be as forthcoming about their opinion of the prototype made.

1.C.2.4 OKR 2 Ethical Safeguards

1. Minimize bias in data collection by performing user research and testing smartwatch on individuals of different races and age groups.
2. Be completely honest and forthcoming as to what the test subject is testing and why during the testing phase so they can make an informed decision. Additionally test subject may opt out of testing at any time for any reason what so ever.
3. Informing participants and test subjects that their opinion is important to us and that any negative or positive opinion or feedback they may have of our product will not impact their eligibility or amount of the compensation for their participation.

1.C.3 OKR 3

1.C.3.1 OKR 3 Description

One of our main objectives is to provide the user with accurate and reliable health data. Besides protection of personal information, the smartwatch's primary function is still to assist the user in tracking their health information. Since health information is extremely important to both the user and the healthcare providers who need the data for their jobs, there's no room for inaccurate data. There are three stakeholders. The first one is the user who owns the smartwatch, and the second is their chosen healthcare provider who may receive the health data if the user allows it. The smartwatch needs to be able to track up to date and accurate health information to ensure maximum accuracy and properly informed decisions from the user and their healthcare provider. The third stakeholder is Orange, the company that manufactures and sells the smartwatches and maintains their services. Orange is also responsible for ensuring the products are properly functioning as intended.

1.C.3.2 OKR 3 Metrics

To ensure that our device is accurate, we could perform tests and trials in a controlled environment. Test participants could be monitored with instruments known to be accurate while simultaneously wearing the smartwatch. We can compare results from the instruments with the results of our device to calculate error. A single test is not enough. Our device will need to be subjected to rigorous testing to ensure consistency in quality. A panel of initial tests and continued production sampling should help our company measure the accuracy and quality of our devices into the future.

1.C.3.3 OKR 3 Ethical Impact(s)/Issue(s)

A major issue the company could face is providing the user and healthcare provider with inaccurate health information. These issues could either raise alarm where there is none, or fail to indicate a real problem that arises, impacting the well being of the user. If the smartwatches are unable to assist with health tracking the way they're meant to, the product will have failed to deliver on its promises. This failure will lead to a loss of reputation, increased negative reviews, decreased user satisfaction, and overall a drop in sales. A recently updated study shows that similar products tend to read inaccurate information from its users. "Wearable devices have as much as 20% error when measuring heart rate, and caloric expenditure measurements can be off by as much as 100%."

OKR 3 Expected Ethical Impact Risk

Stakeholder	Financial	Privacy	Conflicting Interest
Customer	high	low	none
Company	med	none	none
Doctor	med	none	none

1. Financial Risks: Our customers face significant financial risk from inaccurate data. Potential risk in this category range from misdiagnosis, paying for unnecessary treatment, or even death from an undetected condition. Our company may face legal action as a result of inaccurate data resulting in significant financial losses. Similarly, the doctor might be blamed for misdiagnosis and face legal action.
2. Privacy: If customer data is somehow breached, inaccurate health data poses the risk of insurance companies increasing premiums on that customer. This is a hybrid privacy and financial risk. If the data is inaccurate then an insurance company might charge a customer more for a condition that the customer doesn't even have in the first place.
3. Conflicting Interest: I evaluate no conflicting interest for all three stakeholders. Our company has no incentive to make a product that produces useless data. Our customer is not served by bad data and the doctor would be unable to serve the customer with bad data.

1.C.3.4 OKR 3 Ethical Safeguards

In order to reduce the risks that come with the Orange smartwatch, there should be some safeguards in place. One could be a warning to every user that the device can't gather health data with total accuracy and should not be trusted by the user or healthcare provider, as well as list functions that may not be fully reliable. Another way to reduce the possible inaccuracies is to include a mandatory calibration on first use so every device can be more personalized to users.

1.C.4 OKR 4

1.C.4.1 OKR 4 Description

The Orange Peel smartwatch will provide users with a fun way to keep track of their fitness goals and health, motivating them to reach these goals with reminders, daily health checks, and congratulating them when they have met a certain goal. The Orange Peel smartwatch is designed to make fitness goals more attainable and enjoyable. Since fitness and health goals are universal, the demographics and age groups include all people. Our smartwatch will attract fitness and health minded individuals, as well as individuals who are motivated to start trying. We want our smartwatch to be an enjoyable experience, including trackers and reminders as well as congratulating the user when they have reached a goal, such as a pop-up message saying “Congratulations, you did it!” or a checkmark on a box. We also want our users to track their fitness goals with our smartwatch, such as how many steps they have walked that day, the amount of calories they have burned, and the kinds of exercise they do. We will also develop a daily health check that will assess their overall wellness for that day, as well as guided breathing and mindfulness sessions. Making these accomplishments visible and achievable is a big part of our objective.

1.C.4.2 OKR 4 Metrics

1. Achieve a 75% user satisfaction rate for goal-setting features. Have a customer satisfaction survey asking users to rate their experience with setting and modifying goals. Analyze trends to measure how often users adjust their goals.

2. Motivate 70% of users to achieve at least one fitness goal per month. Have a survey after goal completion asking users about how it went. Use analytics to track how many users set and complete fitness goals. Compare the completion rates between users who receive motivational notifications and those who don't.

1.C.4.3 OKR 4 Ethical Impact(s)/Issue(s)

Ethical impacts and issues that may arise with this objective and key result involve inclusivity and accessibility, as well as the psychological impact of fitness tracking. With inclusivity, not everyone is able to achieve the same fitness goals, due to disabilities or certain health conditions, so it is important to offer flexibility in these goals and allow users to change them as they would like. As for the psychological impact of fitness tracking, some users might find the reminders and notifications bothersome or it can unintentionally cause users to feel anxious for not achieving a certain goal that day, so it is also important to let the user change or mute reminders, adjusting frequency and allowing them to feel more in control of their fitness journey. Anne-Sophie Pierre, a professional athlete and journalist, found that some individuals can create a dependency to their fitness trackers that result in executing compensatory behaviors, and how this may lead to creating a negative relationship with exercise in the long run as well as negatively impacting the individual psychologically.[2] Because of these psychological impacts, it is important to let the user be in control of the frequency of notifications, types of notifications, and level of fitness goals.

OKR 4 Expected Ethical Impact Risk

Stakeholder	Financial Risk	Privacy Risk	Conflicting Interest Risk
Customer	low	high	mid
Company	high	low	mid
Doctor	low	low	mid

1.C.4.4 OKR 4 Ethical Safeguards

There are methods that we can take to reduce these ethical impacts. One of the methods would be to let the user control their fitness goals according to what is right for them. For example, they can adjust their goals for the number of steps walked or calories burned for the day, avoiding a “one-size fits all” strategy. We will include a settings feature where users can customize fitness goals. We can also ask questions to the user to suggest where they should start based on the user’s health and fitness goals. We can design features specific to the user as well, for example, tracking wheelchair movement for users with mobility challenges and implementing voice commands and screen readers for users with visual impairments. Another method is to allow the user to mute the notifications whenever they want to, as well as control the amount of notifications as well. They can turn off reminders if they are feeling unwell that day, and adjust it to what feels right for them. We can include a “Do Not Disturb” mode, as well as allow them to mute specific types of notifications. A study published in the British Journal of Sports Medicine found that “reducing user burden and providing features like goal setting, personalization and game-like functionality (i.e., gamification) may facilitate engagement, promote retention and increase intervention effectiveness,”[3]. Therefore, letting the user have more overall control of their fitness goals and notifications/reminders will be the ethical safeguards we can take to reduce the ethical issues we may face with these features. Professionals such as doctors, nutritionists, and personal trainers, as well as a group of users with different fitness levels and abilities can help us in the design process.

1.C.5 References

[1] Under Armor. 2018. Under Armour Notifies MyFitnessPal Users Of Data Security Issue. Retrieved from https://web.archive.org/web/20240302123837/http://investor.underarmour.com/news-releases/news-release-details/under-armour-notifies-myfitnesspal-users-data-security-issue/

[2] "‘A Step Too Far?’ Are Fitness Trackers Impacting Mental Health?," Sports Psychotherapy, 2023. https://sports-psychotherapy.com/a-step-too-far/.

[3] M. Feter, C. Dos Santos, and J. M. Rombaldi, "Mobile health applications and activity trackers to promote physical activity: A systematic review," British Journal of Sports Medicine, https://bjsm.bmj.com/content/55/8/422.