HL7 CMHAFF STU
Ballot Approved May 2018
HL7 Consumer Mobile Health Application Functional Framework (cMHAFF), Release 1
The primary goals of cMHAFF are to provide a standard against which a mobile app’s foundational characteristics -- including but not limited to security, privacy, data access, data export, and transparency/disclosure of conditions -- can be assessed. The framework is based on the lifecycle of an app, as experienced by an individual consumer, from first deciding to download an app, to determining what happens with consumer data after the app has been deleted from a smartphone. It is important to note that the Framework does not speak directly to the specific health or clinical functionality of an app but can be extended to do so through the use of profiles (with constraints and/or extensions) developed on top of cMHAFF.
HL7 Consumer Mobile Health Application Functional Framework (cMHAFF), Release 1 may also go by the following names or acronyms:
"HL7 MHaFF: Consumer Mobile Health App Functional Framework, R1", cMHAFF
- Quality Reporting Agencies
- Regulatory Agency
- Standards Development Organizations (SDOs)
- Mobile Health App Developers
- EHR, PHR Vendors
- Health Care IT Vendors
- Local and State Departments of Health
- Healthcare Institutions (hospitals, long term care, home care, mental health)
- Provides a path to assessments that can span a range including self-attestation, testing, endorsement, and/or certification (voluntary or regulatory)
- Promotes opportunity for certified apps to claim their conformance, and as a consequence, consumers who use the apps, and providers who recommend them, can be more confident of an app’s rigor in enforcing basic security, its respect for the privacy of individuals, and the usefulness of data for improving and maintaining a better state of health
As of 2018, there are over two hundred thousands of consumer health applications (apps), which run on smartphones, watches, tablets, and other mobile devices, available for download from platform-specific application stores such as the Apple App Store (iOS) and Google Play (Android). Consumer acceptance and use of these apps is primarily based on recommendations—either personal recommendations through individual contacts or social media or app store ratings. While this information is important in understanding the relevance of an app to one’s life and the design and usability of an app, it is insufficient in communicating how an app secures and protects the personal information of its users. This poses a problem both for consumers and clinicians, who may be considering or prescribing use of an app to help track and improve health behaviors and conditions.
The decision to create a standard focused on a smaller set of criteria was made so that the standard is both developer-friendly and easy to update on a frequent basis. CMHAFF challenges market assumptions concerning safe and acceptable use of personal information and may in some circumstances increase coding complexity and decrease the efficiency of data transmission. As such, there is no expectation that most consumer health apps will choose to follow this standard. Yet, for apps which conform, cMHAFF can potentially provide a path to assessments that can span a range including self-attestation, testing, endorsement, and/or certification (voluntary or regulatory). CMHAFF is independent of the method of assessment, but aims to be suitable for use for types of assessments up to and including certification. Certified apps can promote their conformance, and as a consequence, consumers who use the apps, and providers who recommend them, can be more confident of an app’s rigor in enforcing basic security, its respect for the privacy of individuals, and the usefulness of data for improving and maintaining a better state of health.