Work begins on new mobile health apps code

Out-Law News | 05 Jun 2015 | 4:26 pm | 3 min. read

The European Commission is helping mobile health app developers to draw up a new code of conduct in a bid to ensure the apps adhere to EU data protection rules.

The Commission said work has started on the development of the code and that it hopes that consumers' trust in mobile health apps will grow as a result of the initiative.

"To follow up on the m-health green paper, the European Commission has started paving the way for an industry-led code of conduct for mobile health apps," the Commission said. It said it presented the plans at a meeting of m-health industry stakeholders in mid-May.

"The participants of the meeting saw the need for efficient privacy and security safeguards to protect citizens' data collected by m-health apps as crucial in the public consultation. In this context, the European Commission presented their recently started initiative on drawing up an industry-led code of conduct on mobile health apps, covering the topics of privacy and security. The objective of this code is to foster citizens' trust in m-health apps, raise awareness of and facilitate compliance with EU data protection rules for app developers," it said.

The Commission said that businesses present at the meeting also identified the need for new "guidelines or standards for quality criteria of lifestyle and wellbeing apps". It said it would "inform stakeholders" of what steps it plans to take to address this.

Last year, the Commission opened a consultation on m-health in a bid to understand what businesses believe are the main barriers to the adoption of mobile health solutions, such as apps and other services.

In January this year, the Commission published a summary of the responses it received which confirmed that "a strong majority" of respondents to the consultation said "strong privacy and security principles" for m-health are necessary "to build users' trust".

The Commission said it would lay out its policy plans in response to the findings of its consultation later this year. However, it has now confirmed that it has initiated the development of a new mobile health apps code to address privacy and security issues.

Digital health expert Alison Ross Eckford of Pinsent Masons, the law firm behind Out-Law.com, said the initiative was welcome because "the key overarching priority identified" by businesses in response to the Commission's consultation was the development of a code or guidance for m-health apps to sit alongside forthcoming new EU data protection legislation.

"It is crucial for developers to have a clear understanding of their responsibilities and – critically – their liabilities," Ross Eckford said. "As ever the technology is ahead of the law and m-health has been in a grey area governed by a matrix of legislation, so the emergence of dedicated guidance will help clarify, develop, consolidate and codify their requirements."

Businesses' involvement in developing the new code with the Commission's help should help ensure it is "accessible and workable" for app developers, device manufacturers and other relevant businesses, Ross Eckford said. This should "help with its uptake", she said.

"The Commission's green paper emphasised the need to look internationally to best practice, given m-health is really a global development. It will be interesting to see whether that approach has been taken and the code reflects that – everyone agrees that international convergence and harmonisation of regulations and approach in this area is important, but of course this is more difficult to achieve in practice. This is a blank canvas opportunity to adopt best practice so hopefully that will be seized," she said.

Ross Eckford said that consumers need to have trust in the way their sensitive health data is collected, used and stored if they are to be encouraged to use m-health apps. The adoption of a new code addressing these issues "will help drive consumer confidence", but more steps are also necessary, she said.

Ross Eckford said: "A new code is only one element of establishing consumer confidence. Safety is still a paramount concern for consumers, arguably moreso than the peace of mind about the treatment of their data and adherence to policies. Consumers want to know that the app they are using is safe for them and will not cause them harm."

"It will be interesting to see what further policy and legislative measures are introduced to address the other concerns in the green paper, such as user safety, big data, data mining, transparency of information, interoperability, market access and reimbursement," she said.

Last month, the European data protection supervisor (EDPS) Giovanni Buttarelli said that EU law makers should "foster accountability and allocation of responsibility of those involved in the design, supply and functioning of apps", including designers of those apps and device manufacturers, when setting out future policy related to m-health. Buttarelli also called for data security in the m-health environment to be enhanced by law makers too.

Buttarelli said designers of m-health apps must ensure those apps are developed in a way that offers users more transparency and greater detail about the processing of personal data, that people using m-health apps should be given greater control over how their personal data is used, and that the apps should designed in a way that ensures no more personal data than necessary is collected for the "expected function" being performed.

Privacy and data protection settings should be embedded in the design of m-health apps and be "applicable by default", he said.

Buttarelli also said that health market businesses and organisations should look to harness 'big data' "for purposes that are beneficial to the individuals" and not exploit datasets and analytics software for "practices that could cause them harm, such as discriminatory profiling".