1. European app matters Charles Lowe
Managing Director, Digital Health & Care Alliance
@LoweCM

2. EC Green Paper
Feedback from 2014 EC Green Paper consultation that end-users wary of using any health-related app for fear of privacy loss
Privacy was biggest single concern
“There’s always a free version” culture undervalues mHealth apps & undermines business cases
Professional users worried about being sued so don’t recommend apps to patients
Other feedback was need for EU guidance on reliability & validity of mHealth apps

3. mHealth apps voluntary Code of Conduct
Principal cause of concern has been EU medical devices legislation, whether an app is a Medical Device
Attention of developers distracted from information privacy issues:
Unencrypted comms, storage
Consent not explicit, leading to sharing with third parties
Poor design – easy to hack
…and consumer protection:
No evidence of efficacy
No scientific basis
Unreliable

4. Responses – information privacy
EC-initiated industry Code of Conduct:
Initially voluntary, however volunteers accept legal liability under GDPR
Based on GDPR with appropriate mHealth enhancements
Current structure Q&A
Compliance issues now resolved
Just needs Article 29 WP approval for completion

5. The EU context - a possible future
2018
2019
2017
2016
2020
High medical risk
Low medical risk
GDPR
Existing privacy legislation
App Code of Conduct on privacy (voluntary)
MDR/IVDR/IDDR
MDD/IVDD/IDDD
“The grey zone”
Guidelines on app assessment (voluntary)
Guidance for app developers
Possible legislation/Code of Conduct on safety following current consultation
Possible legislation/Code of Conduct on usability following consultation shortly

6. Current initiatives on mHealth Assessment: European and International Best Practice
Government
Andalucia
Catalonia UK
Germany
Netherlands
France
Private
DMD Santé
ORCHA
Medappcare
Etc.

7. Proposal for voluntary mHealth app guidelines
Adoption
The developed guidelines are voluntary.
Organisations using guidelines could self certify compliance.
and/or organise any certification themselves.
In parallel, explicit linkages to existing EU or MS legislation or regulation should be developed to ensure regulatory compliance.
Format
The guidelines should be simple to read.
Could use a visual flow chart for online viewing.
If supplementary info required, could be a click through to a fuller description & supporting information.
A decision tree could be a good outcome.
For patients, short simple communications would be essential.

8. App assessment guidelines - Methodology
Many options for developing guidelines e.g.:
Scoring.
Pass/Fail (could be a scoring subset).
List.
Will be different for different stakeholder groups
Scoring for developers/commissioners/recommendations to patient groups/carers
Simple guide for patient groups/carers

9. Risk level could drive scoring
“Yes” or “No” scores 0
“Yes” scores 4
“Yes” scores 6
“No” = reject
 Example scrutiny questions
Low risk
Medium risk
High risk
Are there visual or vibration alternatives to warning sounds?
Not applicable
Additional
Desirable
38. Has it been validated by an appropriate group of specialised professionals, health organisation or scientific society?
Mandatory
51. Does the application logo relate to the purpose of the app

10. Scoring: could take three steps
Initial validation
Check that the app exists, is appropriate for the evaluation, is downloadable etc.
Risk assessment
Which in turn determines the appropriate level of scrutiny, giving proportionality.
Scrutiny
Of both the technological and the medical aspects.

11. Responses – guidelines for assessing reliability & validity
Transparent
Reliable
Desirable
Reliable
Credible
Credible
Stable
Stable
Quality
Each will be assessed by a question set
Safe
Safe
Effective
Effective
Secure
Secure
Usable
Usable
Transparent
Desirable
Draft guidelines at:

12. Thank you
Charles Lowe
Managing Director, Digital Health & Care Alliance
@LoweCM