Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build International flag

Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions

Requirements: APU.9 Product Upgrades (Header)

Page standards status: Informative
Statement N:
Criteria N:
APU.9#106 SHALL

The app respects operating system level permissions concerning automatic product updates.

APU.9#107 SHALL

[An updated version of the app includes updated terms of use] Updated Terms of Use are presented to the account holder for acceptance before an updated version of an app may be used. Significant changes to terms and conditions are highlighted, and a link to the full set of updated Terms of Use is available.

APU.9#108 SHALL

[Automatic app updates are not enabled] The app prompts the user to the availability of a new version of the app when a new version is available.

APU.9#109 SHALL

[Account holder elects to not install a new version of an app] The consequences of not installing the new version of the app, including information about support limitations for the older version of the app, are presented to the account holder.

APU.9#110 SHALL

[New version of app increases what information is exposed by alerts] The user must consent to the information being exposed, and the changes to the exposed information must be clearly highlighted when they make that consent.

Notes:

Implementation Guidance

Every consumer mobile health app needs an audit strategy, which includes what data will be generated for audit, who will be able to access audit records, the location where audit data is stored, the length of time audit information will be stored, and any ability to delete audit data. Audit for security events is highly dependent on the nature of the app itself; audit requirements will differ significantly based on app sponsorship (e.g., sponsor is a HIPAA entity or a commercial non-covered entity), the need for user authentication, and if data generated through an app is accessible by consumers, clinicians, or both.