HL7 CMHAFF Standard Introduction and Purpose
2.4.4 Risks, Key Differences, and Environmental Scan

2.4.4 Risks, Key Differences, and Environmental Scan

Use Case Impact Factors

  2.4.4 Risk Factors

For apps, especially those like Use Case C, there are several potential threats and vulnerabilities which should be assessed and mitigated, where necessary, by mHealth developers (see 3.2.2 Product Risk Assessment and Mitigation). While cMHAFF does not attempt to “do” the risk assessment for any particular mobile app, the following are examples of specific risk scenarios that may be applicable and point to cMHAFF criteria (-> potential mitigations are listed in parentheses). Some of these potential risks are motivators for the conformance criteria in cMHAFF. Where risks have both high likelihood and high impact, SHALL criteria are indicated.



Consumer loses their device. Confidential information is handled by the app, and there is risk of information disclosure (-> encryption of data, automatic timeout/logoff)

Section 3.5.1

The device can be lost or damaged, impeding the consumer’s use of the app, thereby impacting their care, even if privacy is protected. (-> information about backup of data, ability to restore to new device)

Section 3.3.1

The consumer, for convenience, may turn on “automatic login” (saved credentials, “remember me”), so the app may be accessed without re-authentication. (-> don’t offer such a feature if app handles PHI)

Section 3.4.1

The app is used and left open, where others could see it while the device is unlocked (-> automatic timeout/logoff)

Section 3.4.1

Measurements are not captured accurately or not transmitted accurately, and consumer takes action based on inaccurate measurements (-> quality management, disclosure of evidence)

Section 3.2.2

A data collection device paired with the mobile phone may in fact be for a different person (mis-association of data) (-> Pairing User Accounts)

Section 3.4.1

A third-party cloud-based platform may have inadequate security measures of which the consumer is unaware. (-> disclosure of infrastructure security measures)

Transmission between mobile app and cloud-based platform may have inadequate or unknown transmission security (-> encryption of data in transit)


Section 3.4.4

The consumer exchanges or discontinues their use of the mobile device without removing all data from the device or other locations to which the device transmitted data. (-> App and Data Removal, Permitted Uses of Data Post Account Closure)

Section 3.5.1

The healthcare provider to which the app communicates data has little or no control over the device characteristics, environment, or usage patterns, unlike enterprise IT where only approved/provisioned devices are used. (-> out of scope, not a developer issue, but should be documented in product risk assessment)


Section 3.2.2


2.4.5 Summary of Major Differences in Use Case Scenarios



Simple Device Integrated

 EHR Integrated

 Medical Device App Categorization

Wellness Wellness or Medical


 Data Device Categorization

None Unregulated or Regulated Device

Regulated Device

 PHI Data Storage

Smartphone Smartphone/PHR


 Data transmission by App

None Device-App-PHR


 Importance of Data Integrity

Low Mid


 (USA) HIPAA covered?

No No, but Yes, if white-labeled













2.5 Environmental Scan

The documents mentioned below are not standards, but explain the state of the mobile health industry in the USA and Europe, and assist developers to understand which legislation is applicable to their apps.


7292 Rate this article:
No rating
0Upvote 0Downvote

Leave a comment

This form collects your name, email, IP address and content so that we can keep track of the comments placed on the website. For more info check our Privacy Policy and Terms Of Use where you will get more info on where, how and why we store your data.
Add comment
Terms Of UsePrivacy StatementCopyright 2023 by HL7 International
Back To Top