This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

CMHAFF call, Thursday, Oct 12

From HL7Wiki
Revision as of 20:25, 12 October 2017 by David tao (talk | contribs)
Jump to navigation Jump to search

ATTENDEES: David Tao, Nathan Botts, Gary Dickinson, Adamu Haruna


  • Review short descriptions (most are new) of each section at the Heading 3 level (e.g., 3.4.1 User Authentication, 3.4.2 User Authorizations...). DONE THROUGH SECTION 3.4.5, Security for Data in Transit
  • We discovered a possible gap. While we talk about authorization/consent for collection and use of data, we may not have conformance statements regarding authorization for additional users on an account (e.g., primary user, secondary users). David and Nathan will check whether this concept is addressed, but we didn't see it in the Authentication and Authorization/Consent sections.
  • Comment DKT11: We decided to remove "Suggested Actor" from conformance tables. It would take too long, and not add enough value, to try to fill it out for all tables. In the few cases where it is important for the discussion (e.g., Product Development), it can be mentioned in the text, not in a dedicated table column.

Ran out of time. The following will be deferred till next week.

  • Review cMHAFF Label, a visual summary of key facts about an app and its conformance to cMHAFF (David)
    • Review of Label format and "consumer friendly language" descriptions (new Section 2.2 in cMHAFF document), including the notes that suggest how a section could be scored Green, Yellow, or Red, and who should decide (self-attestation vs inspection vs test vs ____?)
    • Work through two sections as examplars: Product Information and User Authorization (Consent) for Data Collection and Use, to work through how the label score might be determined by assessment against conformance statements.
  • Review and decision on specific comments:
    • DKT9 -- Environmental Scan
    • DKT14 -- Secure Coding practices reference
    • Other specific comments which will be added here...
  • Review of changes made, based on Adamu's recommendations from U.K. PAS277 Guidelines. Comments have been added, but specific wording has not all been incorporated yet. Adamu also sent an email on October 6th that we should consider (copied below)

Adamu's Oct 6th Email

Hi all, Coming back to PAS document and the general discussion about cMHAFF .

I think in general we need to figure out how we could leverage or incorporate or complement PAS as whole ( without UK specific standards) into cMHAFF . Not for this ballot session but may be during the resolution of the comments after January. PAS has a bit different style from all the specs we’ve looked at, in a sense that it looks at the project life cycle of the apps.. Product development in fact will become highly relevant in light of FDA precertification program : and some companies have already been selected :

In essence, FDA will follow & check your SW design and process and certifies it (like ISO certification ) so they don’t have to certify each individual product coming from that company. Any product from that will go directly to the market and FDA will go straight to post market data collection phase. This makes SW process/product development life cycle very key or central here …and that is where PAS comes in for health and wellness apps.

cMHAFF covers almost everything from PAS i.e. from the consumer or market perspective => translated backwards to what developer should do before releasing the product/app to the market . I think we can plug PAS ( or some part of it ) in 3.2 to guide the developer on what process to follow to meet cMHAFF conformance at the front end . Or we can also check PAS Annex A (informative ) : relation between PAS and IEC 62304 i.e. how PAS selected keys parts and light version of IEC 62304

I don’t know how in practice we can do this but definitely we should not re-do the work but smartly reference or incorporate or point to the developer what process to follow in product development …( liaison or work together to pick some parts into cMHAFF annex or direct reference)

Please , let’s have a look as general task outside the current ballot preparation . I think after January we need to see how to proceed to position cMHAFF to not only address current FDA direction but a “go to” framework for various app stakeholders in the consumer health industry

My two cents…