Framework to Assess Medical App Safety Risks

The use of mobile medical apps by clinicians, patients, and others has grown dramatically since the proliferation of mobile phones and tablet computers. A mobile medical app is defined as any software application created for or used on a mobile device for medical or other health-related purposes. Recent studies show that mobile devices and apps can support a variety of routine medical tasks including clinical reference, drug dose calculation, patient education, medical records assessment, and clinical decision support. Mobile phone apps have also been shown to benefit patients in a range of interventions across numerous medical specialties and treatment modalities.

The intersection of mobile technology, apps, and health care is currently in its most dynamic phase, and there is a need to ensure that patient safety is not compromised before this field matures. A new study, published in the Journal of Medical Internet Research, identifies a range of different risks that medical apps can contribute to and important contextual variables that can modify these risks. The authors developed a simple generic risk framework that app users, developers, and other stakeholders can use to assess the likely risks posed by a specific app in a specific context. This should help app commissioners, developers, and users to manage risks and improve patient safety.

Evidence of Unsafe Apps and Calls for Increased Regulation

Several studies have highlighted a number of medical apps that can compromise patient safety and are potentially dangerous in clinical use. For example, certain apps designed for opioid dosage conversion or melanoma detection demonstrate dangerously poor accuracy, while a number of other medical apps do not follow evidence-based guidelines.

Such risks have led to recent calls for increased regulation before further use and adoption of some apps in clinical practice. One issue highlighted by a small number of studies is that many app developers have little or no formal medical training and do not involve clinicians in the development process -- and may therefore be unaware of patient safety issues raised by inappropriate app content or functioning. Another issue is the sheer volume and exponential growth of medical apps, and how it is practically impossible to assess each and every medical app.

The Food and Drug Administration (FDA) released their guidance in July 2013 after a two-year consultation period and are focusing primarily on apps that transform the mobile platform into a regulated medical device, which to date numbers approximately 100 apps. The remainder will be subject to what the FDA calls “enforcement discretion”; that is, no regulation.

The Need for a Risk Framework to Support Clinical Use of Medical Apps

It is generally accepted that two dimensions define risk: (1) the probability of an event occurring that could lead to harm, and (2) the severity of the harm that is likely to follow that event. There is currently no clinically relevant risk assessment framework for medical apps, so healthcare practitioners, patients, and app developers find it challenging to quickly assess the risks posed by a specific app.

In order to develop a comprehensive risk assessment framework, and to distinguish the different kinds of risk (listed in Table 1), it is necessary to understand the key variables that can influence risk in medical apps. These variables can be broken down into those risk factors that are inherent to an app and those that depend on the external context where the app is used (see Table 2). Risk factors inherent to an app may be reduced through appropriate regulation, while managing contextual risk factors may require a formal education program to raise awareness among app users.

The authors developed the idea of the app usage factor (AUF) to help estimate the risk impact of a particular app on a given population. It thus follows that a popular app with a high number of frequent users will have a high AUF and subsequent high impact on the population.

It is also important to consider the generic clinical safety hazards posed by the hardware, software, and sensors that make up a typical medical software application, not just mobile apps. This includes risks posed by the display, user interface, network issues, and subsequent loss of information. For the purposes of the proposed risk assessment framework, these factors have been included within the "complexity of task" variable.

Estimation of an App's Overall Probability and Severity of Harm

The risks posed by a specific medical app depend on three main dimensions: (1) the probability and the severity of harm, defined by the risk scenarios listed in Table 1, (2) the inherent complexity of the app, which determines how predictable that risk is, and (3) the external or contextual factors listed above.

Given the wide variety of medical apps, the authors believe that different approaches to risk assessment and management will be required dependent on app risk. This is illustrated in Figure 1, which shows a 2-dimensional “app-space” where an app can be located depending on its probability of harm, based on the variables above, and its complexity. According to its combined chances of harm and complexity, it will fall into one of four broad zones. Apps in Zone A require only local inspection, those in Zone B require a more formal risk assessment, and those in Zone C require professional review of a full safety case and the use of safety critical development methods. Apps that fall into Zone D should meet the criteria for formal regulation and review by governmental bodies such as the FDA due to their high probability of causing harm.

This classification into four broad risk zones should help app users, developers, and regulators to evaluate each app using a relevant risk assessment and management model based on the zone where the app is located. It is important to note that these zones form a spectrum rather than discrete entities, hence the grey lines at the boundaries of each zone.

In the vast majority of cases, it is probably the actions of a user resulting from a specific app that leads to harm, rather than the app itself. Therefore, an important additional strategy to minimise the risks posed by apps is to develop an educational program to raise awareness of potential patient safety and other risks following inappropriate app use.

In the meantime, there are a range of proposed app regulation models that may provide some form of protection against hazardous medical apps for patients and health care practitioners.  


While the widespread use of high-quality apps by health care practitioners and patients is to be welcomed, there still remains a significant potential for harm. The risks to patient safety and professional reputation are real, and steps should be taken to mitigate them. Identification of all the different kinds of risk and of key variables that influence risk are key stages in the development of a risk assessment model, which should also take into account app complexity and the probability of harm. Education of current health practitioners about the risks posed by medical apps should start soon, before the first case reports of patients harmed by a medical app come to light.

Further work should focus on the recognition and mitigation of medical app risk, as the outlook for medical apps in healthcare is bright once their quality and safety can be reliably assessed and managed.

Image Credit:


Lewis TL, Wyatt JC (2014) mHealth and Mobile Medical Apps: A Framework to Assess Risk and Promote Safer Use. J Med Internet Res 2014;16(9):e210 URL: doi: 10.2196/jmir.3133 PMID: 25223398

Published on : Mon, 22 Sep 2014

Print as PDF

mhealth, patient safety, medical apps, mobile health, risk assessment The use of mobile medical apps by clinicians, patients, and others has grown dramatically since the proliferation of mobile phones and tablet computers. A

No comment

Please login to leave a comment...

Highlighted Products