- Xcertia has released a new draft of proposed guidelines for mHealth apps, adding standards for operability, usability and content to its previously released guidelines for privacy and security.
The non-profit organization launched in 2016 by the Healthcare Information and Management Systems Society, American Medical Association, American Heart Association and the DHX Group unveiled the new documents at this week’s HIMSS conference and exhibition in Orlando. The group is gathering public comments on the guidelines through May 15.
“Our guidelines development is an iterative process and our goal is to include input and comment from key stakeholders at every step along the way,” Xcertia Board Chair Michael Hodgkins, MD, said in a press release. “Recognizing that privacy and security are paramount to overcoming concerns that are hindering the adoption and use of mHealth apps, we accelerated the release of the privacy and security guidelines in October, to gain the endorsement of our board and other key partners. We are pleased to release the guidelines, and seek additional comment on all five sections.”
“There is a pressing need in the market to establish a framework to evaluate mobile health apps and build confidence among physicians and consumers, that apps are safe, trustworthy and important tools to help people achieve their health and wellness goals,” he added. “Xcertia encourages stakeholders throughout the ecosystem to participate in this process and support the implementation of these guidelines in the market.”
Last October, the organization unveiled six privacy-related and nine security-related guidelines. This week’s release updates those proposals.
The mHealth app guidelines related to privacy focus on notice of use and disclosure; data retention; access mechanisms; Health Insurance Portability and Accountability Act (HIPAA) Entity and Business Associate considerations; Children’s Online Privacy Protection Act (COPPA) requirements; and conformity with the European Union’s General Data Protection Regulation (GDPR).
The guidelines related to mHealth app security target security operations; vulnerability management; systems and communication protection; compliance; access control and authentication; asset management; physical and environmental security; incident response; and disaster recovery and business continuity.
For the new category of operability, Xcertia is proposing seven guidelines targeting on-boarding protocols; connectivity; access to the app’s publisher; documenting and detailing releases; operability with the EHR; PHR connectivity; and medical device status.
For app content, there are nine proposed guidelines regarding credible information sources; current information; information accuracy; accuracy of results; in-app advertising; documentation of evidence; transparency of evidence; publishing outcomes data; and data transparency.
And for app usability, the 10 proposed guidelines focus on visual design; readability; app navigation; onboarding; user feedback; notifications and alerts; troubleshooting; data access; user disabilities and ongoing app evaluation.
Completed guidelines are expected to be released once the public comment period closes in May.