A Framework for Evaluating the Risk of mHealth and Mobile Medical Apps

Michael Phillips/E+/Getty Images.

 Medical professionals are using mobile apps in nearly every dimension of patient care. Given that defective apps can compromise patient safety, it is important to evaluate and regulate the safety of apps. Candidates for evaluating the safety of mHealth apps include the FDA, independent review organizations, and mobile platform manufacturers.

However, it is unlikely that any single organization or system can keep pace with the massive volume of medically-oriented apps being produced today.

This article will review a framework for evaluating the risk associated with mHealth and mobile medical apps, as described by Thomas Lewis and Jeremy Wyatt in an editorial in the Journal of Medical Internet Research.

The authors proposed that the best approach to evaluate and manage the risk associated with an app is dependent on the risk posed by the app. The risk, in turn, is determined by two major factors. The first factor is the probability that the app will cause harm. Apps with a smaller chance of harm are less risky. The second factor is the the app’s complexity. Simple apps are less risky than complex apps. Apps which score low both scales  (probability of harm and complexity) are deemed to be lower risk than apps which score higher on one or both scales. According to the author’s system, an app would be placed in one of four zones depending on a combination of the app’s probability of harm and complexity.

Zone A includes apps which pose low risk even if they are misused. Examples include apps which calculate body mass index, provide education, or facilitate access to medical records. The safety of these apps would be evaluated by the individual clinicians who use them.

In Zone B, there are apps which may cause harm if they are used incorrectly.

Apps for supporting communication between health care providers would be in this category. The authors propose that these apps undergo a peer review process and be subject to self-certification processes.

Zone C contains apps which carry a significant risk to patients because the apps are either very complex or they can cause harm if not used correctly. An example would be an app used by a health care provider to arrive at a diagnosis. These apps should be evaluated against best practice guidelines and formally reviewed by local health organizations.

Zone D, comprising only 0.5% of medical apps, is reserved for apps which “pose significant risk to patients due to combination of inherent complexity, functionality and potential major harm if misused.” This category includes apps which are already regulated by the U.S. Food and Drug Administration (FDA) because they transform a mobile platform into a regulated medical device. Although Lewis and Wyatt didn’t identify specific Zone D apps, I believe that the AliveCor app would be Zone D.

The app coordinates the functions of the Alivecor FDA-approved portable electrocardiogram (ECG) monitor. Other types of apps in Zone D would be clinical decision support tools. The authors propose that all Zone D apps fall under the highest level of regulatory purview, such as the FDA or the Medicines and Healthcare Products Regulatory Agency (U.K.)

In summary, Lewis and Wyatt propose to assign apps to different levels of evaluation and regulation according to the risk associated with the app. They also believe that apps are usually not inherently harmful, but harm arises from the way a user acts in response to an app. Therefore, educational efforts are needed to inform users about the risks involved in using mHealth apps.


Lewis TL, Wyatt JC. mHealth and Mobile Medical Apps: A Framework to Assess Risk and Promote Safer Use. J Med Internet Res 2014;16(9):e210

Continue Reading