Friday, April 20, 2012

How safe is that health app? A Q&A with Happtique (Part II)

Today, I discuss who is responsible for keeping health apps from harming you, in Part II of my Q&A with Paul Nerger, Senior Technology Advisor for the mobile health application management company Happtique. (Part I explained who uses and develops health apps).

How are health apps regulated to ensure that they are safe and accurate (both stand-alone apps and those that connect to a medical device)?

There are guidelines that have been proposed by the Food and Drug Administration (FDA) for the approval of some apps; we estimate that this will be no more than 20% of the apps that are out there. These will be classified as Type I (non-invasive), Type II (semi-invasive), and Type III (invasive), and each has its own approval criteria. Type I is a self registration while the other categories require clinical trials to prove that they do no harm and are effective. [Information about how the FDA defines mobile medical applications is available online.]

But what about the other 80%? That is what our customers have been asking us. If there is a bogus app within this category, the Federal Trade Commission (FTC) has shown that they are willing to exercise their power to have it pulled off the market using "false advertising" as the rationale. [Mashable includes a health app in a list of app developers that the FTC prosecuted in 2011]. But this is also a very small percentage.

In response to this, we've come up with a Blue Ribbon Panel that is made up of a leading physician, a leading nurse, a leading medical technologist, and a leading patient advocate to develop a protocol for the certification of apps as being medically sound within their category. They are currently drafting the process and protocols that will be followed to do this certification. Once they are done, we will put in place a mechanism to allow developers to upload their apps for certification and to receive feedback on what they can do to improve their apps to meet the criteria. Once an app is certified, they will be granted a license to use a "trust mark" for the promotion of their apps. This mark will signal to both clinicians as well as patients that this app is safe and sound.

This is a big job but it is one that needs to be done and we are in hopes of having something out in about 4 months. 

How secure is the digital medical information collected via health apps? What security measures protect this digital medical information?

Private health information that is shared with your physician or any other healthcare provider is covered under the privacy aspects of the Healthcare Insurance Portability and Accountability Act (HIPAA). There are a number of technical requirements that an app developer must ensure if they fall within the HIPAA domain. As part of our certification process, we will examine how the app functions, and if it falls within the HIPAA privacy requirements we will assess if the app complies with those technical needs. If an app developer falls under HIPPA privacy but fails to meet the requirement, we will notify them and explain it to them.

Can you explain the process that Happtique will use to rate different health apps?

We are not going to rate apps but rather certify them. In our app stores that we make available to hospitals, clinicians, and patients, we will allow them to rate and comment on apps, but the certification process is independent of that. Thus, when we discover an app (either because it is sent to us or we find it in one of the public app stores) we will first classify it by placing it in the right categories to allow our end users to find it. They will then rate the apps based upon their experience and we will segment those rating based upon what type of audience that they make up. Finally, for those developers who want to be certified, we will make that available for a fee and they will need to provide us with access to their app.

We are doing curation right now and it is available to clinicians who sign up at our website at The ratings engine is also turned on and anyone with our catalog app running on their devices can start rating apps.

1 comment:

Jeff Brandt said...

Great idea, when are you going to publish your criteria for certification? Are you planning to cover Security on the app as well as transmission and off-app storage?

Jeff Brandt