New guidance addresses privacy, security and content for mobile health apps

Four new guidance documents released by an industry group led by the American Medical Association look to provide more clarity around operability, privacy, security and content of mobile health apps.

The draft guidance documents were released on Thursday by Xcertia, a group founded a year ago by the American Medical Association, HIMSS, the American Heart Association and the nonprofit DHX Group. The guidelines feature input from a broad array of stakeholders to address several key concerns surrounding mobile health apps, which have become more ubiquitous over the last several years while generating questions about safety and efficacy.

RELATED: As mHealth nears the decade mark, questions about its effect on patient outcomes persist

Xcertia has grown over the last several months, adding new members like Partners HealthCare, the Mayo Clinic and ACT | The App Association.

“Cooperative input on the guidelines from consumers, developers, payers, clinicians, academia and other motivated stakeholders will provide Xcertia with guidance on where it needs to focus its efforts in 2018 to positively impact the trajectory of the mobile health app industry,” Michael Hodgkins, M.D., chair of the Xcertia Board of Directors and the AMA’s chief medical information officer said in a release.

The guidelines include recommendations for simple operational issues—including how effectively the app installs and runs on a mobile device—as well as more complex topics like how the app operates with a certified EHR.

RELATED: FDA releases long-awaited clinical decision support guidance, clarifies oversight of mobile apps

Content should include up-to-date information drawn from “one or more credible information sources” such as peer-reviewed journals or evidence-based guidelines. Advertisements should be clearly identified.

The group also issues separate guidance documents for privacy and security, addressing issues like how an app collects and uses personal information and how that should be addressed in the privacy policy. Xcertia’s security guidance includes encryption requirements and industry-acceptable methods for guarding against identity theft.

The guidelines are open for public comment through the end of January. 

Industry guidance could play a bigger role in the mHealth industry as the FDA backs away from regulating mobile apps. Last week the agency issued new draft guidance indicating it would not regulate general wellness and mobile medical apps.