This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

CMHAFF call, Tuesday July 11

From HL7Wiki
Jump to navigation Jump to search

Attendees: David Tao, Nathan Botts, Gora Datta, Frank Pfloeg


  • New meeting time(s) -- decision was to make it THURSDAY AT 3PM Eastern Time (USA). The next meeting will be on July 20th. Nathan will send out a calendar invite for that meeting, and David will update the HL7 Event Calendar.
  • Review of recommendations regarding French Good Practice Guidelines being considered to fill cMHAFF gaps:
    • Adamu -- Security/Reliability: Reliability. Discussed a couple of criteria as examples, but deferred until the next meeting since Adamu couldn't attend at this time.
      • Adamu sent the following in an email to last meeting's attendees: "I think most of the requirements /criteria could be part of the product risk assessment in cMHAFF. Some could be due to device or platform/system environment in which the application runs. In general cMHAFF product risk assessment & mitigation mentions security & privacy ( and rightly so ) as there is direct impact/dependency there but not much on indirect risk/dependency such as device , platform /system or network reliability. These are out of the developers control but any app that has critical indirect/ dependency on these indirect factors could mention them ( as part of CnA or requirements on vendors of these products). No new section in cMHAFF but some of the HAS Reliability criteria can be included in already existing cMHAFF sections."
      • Decide which specific Reliability criteria should be in cMHAFF, and which cMHAFF sections they should go into
    • Frank -- Usability/Use: Acceptability; Usability/Use: Integration/Import; Health Content: Standardisation; Health Content: Interpreted Content. Defer until next meeting.
    • Harry -- Technical Content: Data Flow. Defer until next meeting.
  • Review of changes in cMHAFF not previously reviewed
    • 2.3 Lifecycle -- Agreed to change "App Store Experience" to "Informing Consumers/Users" to be more descriptive.
    • 2.3.4 Risk Factors -- agreed to clarify that "Automatic logoff/timeout" is intended under Authentication/Authorization. Also started discussing whether "automatic login" should be prohibited or discouraged, but ran out of time.
  • Frank sent a helpful diagram used in the Netherlands to decide whether something is a "medical device" and which regulations apply. Medical devices are out of scope for the app guidelines in some EU countries, but apps that connect to medical devices are currently in scope for cMHAFF. Medical devices WITHOUT consumer apps are out of scope.


  • Review of recommendations re French Good Practice Guidelines -- report back from Adamu, Frank, Harry
  • Debrief from David on his review of the Andalusian Guidelines
  • New structure of cMHAFF document (new categories, classification of apps into levels)