Data protection during the coronavirus crisis.

Smartphone apps to track SARS-CoV 2 infections need to fulfill certain minimal requirements to guarantee privacy and justify their use under data protection laws.

AI-based smartphone apps for risk assessment of skin cancer need more evaluation and better regulation.

Smartphone applications ("apps") with artificial intelligence (AI) algorithms are increasingly used in healthcare. Widespread adoption of these apps must be supported by a robust evidence-base and app manufacturers' claims appropriately regulated. Current CE marking assessment processes inadequately protect the public against the risks created by using smartphone diagnostic apps.

Medical app minefield: radiologists use of medical apps for education and reporting and do they require regulation?

AIM: To evaluate the use of apps in radiology and consider advised changes to practice. MATERIALS AND METHODS: A survey was conducted of all radiology consultants and specialty trainees within Devon and Cornwall. The responses were collated, including the list of all medical applications used. These were assessed using the Medicine & Healthcare Products Regulatory Agency (MHRA) "Medical device stand-alone software including apps" guidance. RESULTS: The response rate was 88/150 (59%) radiologists who responded with the majority 48/88 (54.4%) using apps. Forty-four of 66 (67%) states that they did not assess the reliability or accuracy of these devices prior to use with 71/81 (88%) indicating that they were unaware of any regulations. Thirty-three items were identified of which 27 functioning apps were identified and three of these were considered medical devices and did not have complete and recognisable CE marking as required by the MHRA. CONCLUSION: This study highlights that application use is widespread. The vast majority of these applications are not considered medical devices; however, there are some devices that, according to the MHRA flow chart, are used in a way that classifies them as medical devices and should therefore be CE marked. This highlights the need for guidance and regulation of the medical application market with recommendations provided.

Expanded FDA regulation of health and wellness apps.

This paper argues that the Food and Drug Administration's (FDA) policy for health and wellness apps is ethically problematic. Currently, the FDA does not regulate health and wellness apps that are not intended for medical use. As a result of this hands-off policy, preventing harm to consumers is left primarily to developers and app marketplaces. We argue that the FDA's duties to prevent harm and maintain accountability to the American public require that they play a much stronger role. We also discuss concerns about efficiency and fostering innovation, and argue that while they should help shape FDA regulation of health and wellness apps, they do not justify complete absence of FDA involvement.

mHealth Apps: Disruptive Innovation, Regulation, and Trust-A Need for Balance.

mHealth, the use of mobile and wireless technologies in healthcare, and mHealth apps, a subgroup of mHealth, are expected to result in more person-focussed healthcare. These technologies are predicted to make patients more motivated in their own healthcare, reducing the need for intensive medical intervention. Thus, mHealth app technology might lead to a redesign of existing healthcare architecture making the system more efficient, sustainable, and less expensive. As a disruptive innovation, it might destabilise the existing healthcare organisation through a changed role for healthcare professionals with patients accessing care remotely or online. This account coincides with the broader narrative of National Health Service policy-makers, which focusses on personalised healthcare and greater patient responsibility with the potential for significant cost reductions. The article proposes that while the concept of mHealth apps as a disruptive technology and the narrative of personalisation and responsibilisation might support a transformation of the healthcare system and a reduction of costs, both are dependent on patient trust in the safety and security of the new technology. Forcing trust in this field may only be achieved with the application of traditional and other regulatory mechanisms and with this comes the risk of reducing the effect of the technology's disruptive potential.

The Potential of mHealth Applications in Improving Resistant Hypertension Self-Assessment, Treatment and Control.

PURPOSE OF REVIEW: To review the evidence supporting the use of mobile health (mHealth) apps to improve resistant hypertension self-assessment, treatment and control. RECENT FINDINGS: mHealth apps have been used to directly measure blood pressure (BP) levels, either using the oscillometric method with automated inflatable cuffs or using pulse wave signals detected by smartphone technology without the need for cuffs. These app-based BP monitors tend to over or underestimate BP levels when compared to a gold standard aneroid sphygmomanometer. However, the differences in BP measurements are within the acceptable range of 5 mmHg pre-defined by the European Society of Hypertension International Protocol Revision 2010. mHealth apps are also used as tools to support physicians in improving hypertension treatment. App-based clinical decision support systems are innovative solutions, in which patient information is entered in the app and management algorithms provide recommendations for hypertension treatment. The use of these apps has been shown to be feasible and easily integrated into the workflow of healthcare professionals, and, therefore particularly useful in resource-limited settings. In addition, apps can be used to improve hypertension control by facilitating regular BP monitoring, communication between patients and health professionals, and patient education; as well as by reinforcing behaviours through reminders, including medication-taking and appointment reminders. Several studies provided evidence supporting the use of apps for hypertension control. Although some of the results are promising, there is still limited evidence on the benefits of using such mHealth tools, as these studies are relatively small and with a short-term duration. Recent research has shown that mHealth apps can be beneficial in terms of improving hypertension self-assessment, treatment and control, being especially useful to help differentiate and manage true and pseudo-resistant hypertension. However, future research, including large-scale randomised clinical trials with user-centred design, is crucial to further evaluate the potential scalability and effectiveness of such mHealth apps in the resistant hypertension context.

Smartphone apps for skin cancer diagnosis: Implications for patients and practitioners.

A research team at Stanford recently reported that their deep convolutional neural network had learned to classify skin cancer with a level of competence equivalent to that of board-certified dermatologists. It is possible that in time, and using larger datasets, such software may surpass the average doctor in diagnostic ability, and that highly accurate technology may be available to both clinicians and patients via smartphones. This technology is poised to change the landscape of skin cancer diagnosis for both physicians and patients, but whether such changes are beneficial will depend on how they are regulated and implemented.

Regulating mobile mental health apps.

Mobile medical apps (MMAs) are a fast-growing category of software typically installed on personal smartphones and wearable devices. A subset of MMAs are aimed at helping consumers identify mental states and/or mental illnesses. Although this is a fledgling domain, there are already enough extant mental health MMAs both to suggest a typology and to detail some of the regulatory issues they pose. As to the former, the current generation of apps includes those that facilitate self-assessment or self-help, connect patients with online support groups, connect patients with therapists, or predict mental health issues. Regulatory concerns with these apps include their quality, safety, and data protection. Unfortunately, the regulatory frameworks that apply have failed to provide coherent risk-assessment models. As a result, prudent providers will need to progress with caution when it comes to recommending apps to patients or relying on app-generated data to guide treatment.

[Legal framework for E­health products on the European market]. / Medizinprodukterechtliche Rahmenbedingungen für E­Health-Produkte im europäischen Wirtschaftsraum.

Legitimately categorizing software in the healthcare sector is complex. According to European medical devices law, software can be considered a medical device. The decisive factor is whether the software is used for directly controlling a therapeutic or diagnostic medical device or as stand-alone software that achieves specific medical purposes, as they are described in the legal definition of a medical device. A contribution of the software to diagnosis or therapy can be sufficient for the categorization; it does not have to provide the complete diagnosis or the complete therapy itself.This principle will continue to be the same with the new Regulation on Medical Devices (EU) 2017/745, even though the classification rules have been more closely and more specifically tailored to software and more stringent requirements for essential safety and performance requirements have to be met.

[Qualification and classification of medical apps : What should be noted and what is BfArM's contribution?] / Abgrenzung und Klassifizierung von Medical Apps : Was ist zu beachten und welche Unterstützung bietet das BfArM?

Smartphones and tablets with their nearly unlimited number of different applications have become an integral part of everyday life. Thus, mobile devices and applications have also found their way into the healthcare sector.For developers, manufacturers, or users as well, it is often difficult to decide whether a mobile health application is a medical device.In this context, it is extremely important for manufacturers to decide at an early stage of the development whether the product is to be introduced into the market as a medical device and is therefore subject to the legislation on medical devices.This article first presents the regulatory framework and subsequently introduces the reader to the Federal Institute for Drugs and Medical Devices' (BfArM) view of the criteria for differentiating between apps as non-medical products and apps as medical apps as well as the classification thereof. Various examples are presented to demonstrate how these criteria are applied practically and options that support developers and manufacturers in their decision making are shown. The article concludes with a reference to current developments and offers a perspective on the new European medical device regulations MDR/IVDR (Medical Device Regulation/In-Vitro Diagnostic Regulation) as well as on future challenges regarding medical apps.

[Software as medical devices/medical apps : Tasks, requirements, and experiences from the point of view of a competent authority]. / Medizinische Software/Medical Apps : Aufgaben, Anforderungen und Erfahrungen aus Sicht einer Überwachungsbehörde.

Software can be classified as a medical device according to the Medical Device Directive 93/42/EEC. The number of software products and medical apps is continuously increasing and so too is the use in health institutions (e. g., in hospitals and doctors' surgeries) for diagnosis and therapy.Different aspects of standalone software and medical apps from the perspective of the authority responsible are presented. The quality system implemented to establish a risk-based systematic inspection and supervision of manufacturers is discussed. The legal framework, as well as additional standards that are the basis for inspection, are outlined. The article highlights special aspects that occur during inspection like verification of software and interfaces, and the clinical evaluation of software. The Bezirksregierung, as the local government authority responsible in North Rhine-Westphalia, is also in charge of inspection of health institutions. Therefore this article is not limited to the manufacturers placing the software on the market, but in addition it describes the management and use of software as a medical device in hospitals.The future legal framework, the Medical Device Regulation, will strengthen the requirements and engage notified bodies more than today in the conformity assessment of software as a medical device.Manufacturers, health institutions, notified bodies and the authorities responsible are in charge of intensifying their efforts towards software as a medical device. Mutual information, improvement of skills, and inspections will lead to compliance with regulatory requirements.

[Reimbursement of health apps by the German statutory health insurance]. / Erstattung von Health-Apps durch die gesetzliche Krankenversicherung.

A reimbursement category for "apps" does not exist in German statutory health insurance. Nevertheless different ways for reimbursement of digital health care products or processes exist. This article provides an overview and a description of the most relevant finance and reimbursement categories for apps in German statutory health insurance. The legal qualifications and preconditions of reimbursement in the context of single contracts with one health insurance fund will be discussed as well as collective contracts with national statutory health insurance funds. The benefit of a general outline appeals especially in respect to the numerous new players and products in the health care market. The article will highlight that health apps can challenge existing legal market access and reimbursement criteria and paths. At the same time, these criteria and paths exist. In terms of a learning system, they need to be met and followed.

[Requirements for CE-marking of apps and wearables]. / Anforderungen für die CE-Kennzeichnung von Apps und Wearables.

Depending on the intended use, apps and wearables can be medical devices. In such cases, the manufacturer has to provide evidence that the requirements stated in directive 93/42/EWG are fulfilled. Depending on the classification of the medical device, several so-called conformity assessment procedures are possible. Once the conformity assessment procedure has been finished successfully, the manufacturer attaches the CE-marking to the product. This assures that all requirements of the directive have been fulfilled and the manufacturer is therefore authorized to put the product onto the market in all member states of the European union. In this article, the possible and practical conformity assessment procedures for apps and wearables are described and their implementation is outlined.For medical devices with sufficiently high-risk classification, the manufacturer has to involve a Notified Body. For the conformity assessment procedure according to annex II, the manufacturer implements a full quality management system and compiles technical documentation. These are supervised and evaluated by Notified Body audits. Especially for startups, it is important for the development of apps and wearables to implement a quality management system early and to fulfill the regulatory requirements, for example, related to the software life-cycle model. This also includes considering accompanying processes during development like risk management, usability engineering, and clinical evaluation.Additionally, it should be pointed out, that according to the new medical device regulation almost all apps will fall at least into class IIa. Thus, the involvement of a Notified Body in the related conformity assessment procedures would be required. Apps that have already been put onto the market as class I devices, and are now upgraded to a higher class, need the approval of a notified body starting from 26 May 2020.

[Health privacy in the age of digital networks]. / Gesundheitsdatenschutz in vernetzten Zeiten.

Digitization in the health sector embodies opportunities and risks. These consist of patient and data confidentiality. Vulnerability of data concerning integrity and availability can lead to financial losses and to damage of the health of data subjects. Those risks must be tackled by privacy or data protection law. For this purpose we have the European Data Protection Regulation as a comprehensive legal framework and a harmonizing bracket.This framework contains regulations on consent, purpose binding and data transfer, on rights of the data subject, technical and organizational measures and procedural arrangements. Recently, codes of conduct and certification schemes have been added as instruments. The frame of privacy law is completed by the law on medical products and information security regulations.Unfortunately, German legislation did not grip the opportunity of the European regulation to modernize, tighten and harmonize national privacy law in the health sector. This led to a lack of clarity, particularly because of the parallel applicability of privacy law and professional law. Central issues - for instance concerning transparency for data subjects, official supervision, analytics and processing for research purposes - remain dysfunctional. The German legislation should adjust those deficits. Corporations and the chambers for health professionals could and should also be active for this concern.

A health app developer's guide to law and policy: a multi-sector policy analysis.

BACKGROUND: Apps targeted at health and wellbeing sit in a rapidly growing industry associated with widespread optimism about their potential to deliver accessible and cost-effective healthcare. App developers might not be aware of all the regulatory requirements and best practice principles are emergent. Health apps are regulated in order to minimise their potential for harm due to, for example, loss of personal health privacy, financial costs, and health harms from delayed or unnecessary diagnosis, monitoring and treatment. We aimed to produce a comprehensive guide to assist app developers in producing health apps that are legally compliant and in keeping with high professional standards of user protection. METHODS: We conducted a case study analysis of the Australian and related international policy environment for mental health apps to identify relevant sectors, policy actors, and policy solutions. RESULTS: We identified 29 policies produced by governments and non-government organisations that provide oversight of health apps. In consultation with stakeholders, we developed an interactive tool targeted at app developers, summarising key features of the policy environment and highlighting legislative, industry and professional standards around seven relevant domains: privacy, security, content, promotion and advertising, consumer finances, medical device efficacy and safety, and professional ethics. We annotated this developer guidance tool with information about: the relevance of each domain; existing legislative and non-legislative guidance; critiques of existing policy; recommendations for developers; and suggestions for other key stakeholders. CONCLUSIONS: We anticipate that mental health apps developed in accordance with this tool will be more likely to conform to regulatory requirements, protect consumer privacy, protect consumer finances, and deliver health benefit; and less likely to attract regulatory penalties, offend consumers and communities, mislead consumers, or deliver health harms. We encourage government, industry and consumer organisations to use and publicise the tool.

Mobile Mental Health: Navigating New Rules and Regulations for Digital Tools.

Mobile health (mHealth) apps are becoming much more widely available. As more patients learn about and download apps, clinicians are sure to face more questions about the role these apps can play in treatment. Clinicians thus need to familiarize themselves with the clinical and legal risks that apps may introduce. Regulatory rules and organizations that oversee the safety and efficacy of mHealth apps are currently fragmentary in nature and clinicians should pay special attention to categories of apps which are currently exempt from significant regulation. Uniform HIPAA protection does not apply to personal health data that are shared with apps in many contexts which creates a number of clinically relevant privacy and security concerns. Clinicians should also consider several relatively novel potential adverse clinical outcomes and liability concerns that may be relevant to specific categories of apps, including apps that target (i) medication adherence, (ii) collection of self-reported data, (iii) collection of passive data, and (iv) generation of treatment recommendations for psychotherapeutic and behavioral interventions. Considering these potential pitfalls (and disclosing them to patients as a part of obtaining informed consent) is necessary as clinicians consider incorporating apps into treatment.

Balancing Self-Tracking and Surveillance: Legal, Ethical and Technological Issues in Using Smartphones to Monitor Communication in People with Health Conditions.

Smartphones are being used to track the health of individuals in their own environments. For example, a smartphone app could be used to monitor the impact and progression of Parkinson's disease, as well as indicate whether treatments may need to be adjusted, based on an analysis of voice and discourse. The app uses smartphone audio sensors to detect when conversations are taking place and activates an app to record the conversation. But what happens if a background conversation is also collected by the recording? The participants of the background conversation are unaware of and have not consented to the recording. Unauthorised recording could also raise legal issues under surveillance devices legislation and has ethical implications. It is a complex task to balance the potential benefits of self-tracking of health conditions to consumers and the health system, with the legalities and ethical issues related to privacy. The health-related monitoring industry is moving so rapidly that current legal and ethical processes and protocols may fail to balance these concerns. This article explores Australian legal and ethical perspectives on how to achieve the potential benefits of these technological approaches while preserving privacy.

The Affordable Care Act and Digital Health Applications.

Telehealth, the delivery of health-related services and information via digital communication technologies, is a rapidly emerging, innovative, cost-effective and efficient way to deliver healthcare. There are three main types of telehealth: store and forward; remote monitoring; and real-time interactive services. Smartphone applications, or apps, that connect a provider with a patient, known as "connective health apps," fall under this umbrella of telehealth and can function in all three of the categories. As the Affordable Care Act legislates to improve quality, lower costs, and expand coverage, connective health apps are an important aspect of the Act. This article addresses to what extent the Affordable Care Act and private insurers cover and promote connective health apps and discusses the potential limitations and benefits of these apps and the best ways to integrate them in the future.

Privacy and security in mobile health apps: a review and recommendations.

In a world where the industry of mobile applications is continuously expanding and new health care apps and devices are created every day, it is important to take special care of the collection and treatment of users' personal health information. However, the appropriate methods to do this are not usually taken into account by apps designers and insecure applications are released. This paper presents a study of security and privacy in mHealth, focusing on three parts: a study of the existing laws regulating these aspects in the European Union and the United States, a review of the academic literature related to this topic, and a proposal of some recommendations for designers in order to create mobile health applications that satisfy the current security and privacy legislation. This paper will complement other standards and certifications about security and privacy and will suppose a quick guide for apps designers, developers and researchers.