MHWG Consumer Mobile Health Application Functional Framework,
Project Lead: Tim McKay
Facilitators:
- Gora Datta
- Matthew Graham
- Harry Rhodes
Overview
This project will define security, privacy and data standards for secure mobile health applications (apps). The intent is to provide industry guidance and common methods to enable the development of mobile health smartphone apps targeted to consumers/citizens that use protected health information (PHI) and personally identifiable information (PII). These standards will not address the content of such apps, but will provide a framework for security, privacy and the integration of data generated from apps into Personal Health Record (PHR) and Electronic Health Record (EHR) systems as well as into other types of data repositories (e.g., personal data stores, population care systems).
This project will reuse conformance criteria already available within the HL7 PHR-S and EHR-S Functional Models, augmenting with new conformance criteria specific to mobile platforms (e.g., use of geolocation services, accelerometers, cameras, microphones).
In particular, standards will address the following areas:
- Privacy policy, terms of use, and in-app disclaimers
- User, device, and cross-system authentication
- Authorization to content and features
- Proxy designations
- Use of location services, camera, accelerometers and other smartphone services
- Security of data at rest (local and cloud)
- Security of data in transit (wired and wireless)
- Minimum data standards for device generated and device transmitted information
- Record system reliability; record authenticity (it is what it represents to be)
- Data provenance
- Audit
- Standards related to discontinuation of use of an app
