APU.9 Product Upgrades (Header) - Consumer Mobile Health Application Functional Framework, Release 2 v2.0.1

Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build International flag

Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions

Requirements: APU.9 Product Upgrades (Header)

Page standards status: Informative

Statement N:

Criteria N:

APU.9#106

SHALL

The app respects operating system level permissions concerning automatic product updates.

APU.9#107

SHALL

[An updated version of the app includes updated terms of use] Updated Terms of Use are presented to the account holder for acceptance before an updated version of an app may be used. Significant changes to terms and conditions are highlighted, and a link to the full set of updated Terms of Use is available.

APU.9#108

SHALL

[Automatic app updates are not enabled] The app prompts the user to the availability of a new version of the app when a new version is available.

APU.9#109

SHALL

[Account holder elects to not install a new version of an app] The consequences of not installing the new version of the app, including information about support limitations for the older version of the app, are presented to the account holder.

APU.9#110

SHALL

[New version of app increases what information is exposed by alerts] The user must consent to the information being exposed, and the changes to the exposed information must be clearly highlighted when they make that consent.

Notes:

Integrating the Healthcare Enterprise (IHE) Audit Trail and Node Authentication (ATNA) Integration Profile. This IHE profile references the Internet Engineering Task Force (IETF) RFC 3881 Audit Record standard
HL7 EHR Records Management and Evidentiary Support Functional Profile, Release 1 (RMES) Provides functions in an EHR system that can help an organization maintain a legal record for business and disclosure purposes

Implementation Guidance

Every consumer mobile health app needs an audit strategy, which includes what data will be generated for audit, who will be able to access audit records, the location where audit data is stored, the length of time audit information will be stored, and any ability to delete audit data. Audit for security events is highly dependent on the nature of the app itself; audit requirements will differ significantly based on app sponsorship (e.g., sponsor is a HIPAA entity or a commercial non-covered entity), the need for user authentication, and if data generated through an app is accessible by consumers, clinicians, or both.

<prev

top

next>

IG © 2025 HL7 International / Mobile Health. Package hl7.fhir.uv.cmhaffr2#2.0.1 based on FHIR 5.0.0. Generated 2025-05-28
Links: Table of Contents | QA Report | Version History | | Propose a change

Requirements: APU.9 Product Upgrades (Header)

Notes:

Related Regulations and Standards

Implementation Guidance