EC Safety of App Safety: Consultation April 2017
Citizens raise app safety concerns
To begin with citizens made up nearly half of respondents to public consultation by the European Commission into app safety concerns around health apps.
With attention to the synopsis report, published in March 2017:
- Firstly it aimed to explore concerns about app safety raised following the publication of the Commission’s Green Paper on mHealth in 2014
- Secondly it identified a range of specific safety concerns, which includes apps that assess or monitor health or link to electronic health records
- And lastly it identified a set of data security weaknesses and risks.
Exploring safety and data security concerns
Following on, the consultation aimed to gather stakeholder views on the safety of apps, and gained responses from:
- Citizens
- Industry
- Public Authorities.
Consulting on app safety
Identifying stakeholder’s safety concerns
Furthermore the respondents confirmed that health and wellness apps were the main app category that posed safety risks.
In particular, they identified safety concerns for apps other apps, for instance:
- give health advice
- help people to make a health or lifestyle-related decision
- track and collect data from the user to assess and monitor health-related measures
- apps that interface with electronic health records.
So if it’s not a medical device, who can say it’s safe?
“Several industry members say that safety risks exist in the so called “grey zone”, where the distinction between apps which fall under the regulatory framework of medical devices and other apps is unclear…
…health and wellbeing apps out of the scope of the medical devices framework are not subject to the same safety controls
….those apps in the “grey zone” may pose risks similar to those of medical devices.”
Identifying data risks
The respondents raised a number of concerns about the data security of apps, for example:
“…apps that do not respect data protection principles by accessing or collecting sensitive data without informing the user or requesting consent for processing these personal data.
…some apps may be subject to cyberattacks for various reasons (data collection, financial operations, controlling another device)
…data leakage of sensitive financial and health data can lead to identity theft and financial loss
… unexpected disclosure of private information to a third party may have severe consequences (e.g. breach of right to privacy, reputation, economic loss)”
NEXT STEPS:
Unfortunately the work of the EU mHealth stakeholder group towards mHealth data quality guidelines has been silently stopped without any public communication nor final result. There was a budget, 20 internal paid experts, a lot of external voluntary expertise … nevertheless : no deliverable result.
How to cope with the valid concerns raised above, especially on mHealth devices, sensors and their Apps, outside the Medical Device Regulatory scope ?