Close

2.4 Exemplary Use Cases

As noted in the Introduction, consumer mobile heath apps take many forms, and as such, conformance statements in section 3 of this standard must allow for variation based on multiple factors, including data sensitivity, the nature of conditions addressed by the app (e.g., wellness, chronic illness), and whether/how app data connect to other data sources.

In this section, three archetypal use cases are introduced. While most consumer mobile health apps will not precisely fit any of these models, the models are meant to demonstrate a continuum of issues which may be applied to any app. Use Case A covers the least sensitive example of a health app that collects user information, while Use Case B builds off of Case A with the inclusion of an external system through which personal data is synchronized with the device. Use Case C is the most sophisticated and generates the most requirements. Its description includes examples of the risk factors that should be considered by developers and users.

Section 3 (Conformance Criteria) includes discussion of considerations as to how subsets of conformance criteria can be addressed in different manners, referencing the use cases in this section as a way to provide directional, rather than pinpoint, guidance.

HL7 CMHAFF Standard Overview and Use Cases

European Committee for Standardization (CEN)

Quality & reliability for health and wellness apps

Nathan E Botts 0 8232 Article rating: No rating

A new CEN Technical Specification for ‘Quality and Reliability of Health and Wellness Apps’ is being developed at the request and with the support of the European Commission. It is due to be completed in 2020. It will help to establish a common framework across Europe for the evaluation of these apps, giving users and health professionals confidence that the apps are fit for purpose, and providing app developers easier access to European markets.

Express Scripts Creates a Digital Health Formulary

Efforts to increase provider and patient safety

Nathan E Botts 0 6932 Article rating: No rating

Express Scripts is introducing what they propose is the industry’s first, stand-alone digital health formulary. Identifying that there are more than 300,000 health applications in the market, it is proposed that there is a great need to establish digital health formularies similar to medication formularies. 

FDA Playbook on Medical Device Cybersecurity

Regional Incident Preparedness and Response Playbook

Nathan E Botts 0 6477 Article rating: No rating

From the MITRE website:

The Medical Device Cybersecurity Regional Incident Preparedness and Response Playbookoutlines a framework for health delivery organizations (HDOs) and other stakeholders to plan for and respond to cybersecurity incidents around medical devices, ensure effectiveness of devices, and protect patient safety.

The healthcare sector knows how to prepare for and respond to natural disasters. It is less prepared, however, to handle cybersecurity incidents, particularly those involving medical devices. Recent global cyber attacks highlighted the need for more robust cybersecurity preparedness to execute an enhanced, effective, real-time response that enables continuity of clinical operations.

Securing Electronic Health Records on Mobile Devices

Guidance from the National Institute of Standards and Technology (NIST) Special Publication: 1800-1

Nathan E Botts 0 5516 Article rating: No rating

Using mobile devices to store, process, and transmit patient information has become increasingly popular amongst healthcare providers. When health information is compromised, organizations can face penalties and lose consumer trust, and patient care and safety may be at risk.

To address this challenge, cybersecurity experts at the NCCoE collaborated with the healthcare industry and technology vendors to develop an example solution to show healthcare providers how they can secure electronic health records on mobile devices. The solution is guided by standards and best practices from NIST and others, including the Health Insurance Portability and Accountability Act (HIPAA) rules.

The California Consumer Privacy Act of 2018

Assembly Bill No. 375

Nathan E Botts 0 6937 Article rating: No rating

Summary from Adam Greene of MobileHealthNews:

California passed the most comprehensive privacy law in the U.S. on June 28, 2018, with a compliance date of January 1, 2020. For mobile health app developers, that date may seem far away, but the California law will require significant and challenging operational changes. It is unclear whether the law will apply to protected health information of mobile health app developers who are business associates under HIPAA. But for more consumer-focused apps that fall outside of HIPAA, the California law will certainly require significant changes, ranging from updating privacy policies to implementing a consumer right of erasure. The law will affect most businesses that do business in California and have information about California residents, even if the business is located outside of California.

The CCPA governs all “personal information,” whether collected online or offline. Unlike most state breach notification laws, the CCPA’s definition of personal information is not limited to sensitive categories of information, but rather includes any information that identifies, relates to, describes, or is capable of being associated with a particular consumer or household and that is not publicly available. It does not include de-identified or aggregated consumer information; however, the definition of what constitutes de-identified or aggregated data is limited. Accordingly, if a mobile health app developer has any information about a consumer or household that is not publicly available, it may fall under CCPA, unless it has been de-identified (either a de-identified individual record or part of a de-identified aggregate data set).

The CCPA governs all for-profit companies that do business in California that meet one of the following criteria:

  • Gross revenue (not limited to California) of more than $25 million;
  • Annually handles personal information of 50,000 or more California residents, households, or devices; or
  • Derives 50% or more of its annual revenue from selling California residents’ personal information.
RSS
Terms Of UsePrivacy StatementCopyright 2024 by HL7 International
Back To Top