Prime Time: Can the Health App Wild West Be Tamed?
Mobile health applications can have a big impact on people’s health and lifestyle habits and gather vast amounts of personal data — all without any oversight. Is this a problem? Or can the makers of over 40,000 info-hording apps be trusted touphold the safety and security of their user data?
Adam C. Powell, PhD, of Payer+Provider Syndicate in Boston, sees security breaches in the future of mobile health applications (mhealth apps). In a Viewpoint article published online in JAMA, Powell and colleagues estimate the number of health, fitness, and medical apps on the market topping 40,000 and counting.
But with so many mHealth apps — and let’s not forget, these are software programs that hold massive amounts of personal health data — how does one begin to sift out useful and safe from the chaff?
The FDA has declared regulatory oversight for mHealth apps tied to medical devices; however, mHealth apps that collect and organize data from the veritable ocean of people’s medical content, health activities, and health care provider communications will remain outside FDA jurisdiction.
Is this really a problem? Maybe third-party oversight over a person’s running log, or calorie counter app would be excessive, and more trouble than it’s worth.
According to Powell and colleagues, the FDA is focused on safety with medical device mHealth apps, and has chosen to leave the rest of the apps up to the review and certification of the marketplace.
Powell suggests, and rightfully so, that the FDA would have a hard time regulating mHealth apps without evidence-based, unbiased reviews of the clinical performance and data security, such as the reviews that are available for health information technology (IT) software.
Entire companies like KLAS turn a profit generating reports on health IT software packages for users.
The main difference between evaluating health IT and mHealth apps, however, is a matter of scale. Analyzing enterprise software is well-funded by hospitals and other parties looking to quantify return on investment. It’s unlikely that individual users would fund mHealth app assessments — not to mention that many of the apps are free.
If certification companies were to charge the app maker for assessment directly, a conflict of interest would emerge, Powell noted.
Powell and colleagues suggest the formation of a review organization, much like the Health On the Net Foundation (HON), to create a set of guidelines and standardized approaches for developing mHealth apps that incorporate safety, accuracy, and security from the get-go. Furthermore, the organization could implement a certification process to address privacy vulnerabilities and potential harms of the mHealth app.
Perhaps the Office of the National Coordinator for Health Information Technology (ONC), a group involved with accreditation of electronic medical records now, could play a role in overseeing mHealth certification entities?
Overall, Powell and colleagues suggest mHealth apps have incredible potential to affect health care, and could be so much more than they are now.
“The development and use of standardized vocabularies and interfaces for data storage and reporting could make apps even more valuable tools in patient care.” Powell and colleagues write.
But the question of scale remains. Regardless of the solution, the fact is that as the market grows, so will the security issues. At some point, certification may feel like stuffing a bandanna in the mouth of a geyser.