Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build
Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions
Page standards status: Informative |
<Requirements xmlns="http://hl7.org/fhir">
<id value="CMHAFFR2-AST.1"/>
<meta>
<profile
value="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"/>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div/></span>
<span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
<table id="statements" class="grid dict">
<tr>
<td style="padding-left: 4px;">
<span>AST.1#115</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>An app Account Holder can remove an app from a mobile device at any time.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AST.1#116</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>An app Account Holder is informed of the consequences of removing the app (e.g., loss of locally-stored data) from a smartphone and given an opportunity to confirm the removal of the app before the app is removed.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AST.1#117</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>An app Account Holder can close an associated account or data store associated with the app.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AST.1#118</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>An app Account Holder is informed of the consequences of deleting the account and is given an opportunity to confirm closing the account before it is closed.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AST.1#119</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The user shall be informed that data that was part of the account may have been transmitted to other systems, outside of the account itself, and may persist. For example, suppose the user collects device data in an app, and transmits that data to an EHR which stores it as PGHD. In this case, the user shall be informed that deleting the account may not delete the data that is now in the EHR.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AST.1#120</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>Before closing an app account, the account holder can download data generated by the account holder or a proxy subject of the account holder to a data set under the full control of the account holder (data portability).</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AST.1#121</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>[The device permits remote or external access to device data] Any PHI or PII stored on a device can be wiped remotely by the account holder without deleting the account which is related to the wiped data.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AST.1#122</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>Clear criteria are set and communicated to the user regarding the deletion of data, including automatic deletion if the user has not used the app for a specified period.</p>
</div></span>
</td>
</tr>
</table>
</div>
</text>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
<valueCode value="mobile"/>
</extension>
<url value="http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-AST.1"/>
<version value="2.0.1"/>
<name value="AST_1_App_and_Data_Removal"/>
<title value="AST.1 App and Data Removal (Header)"/>
<status value="active"/>
<date value="2025-05-28T08:01:49+00:00"/>
<publisher value="HL7 International / Mobile Health"/>
<contact>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/mobile"/>
</telecom>
</contact>
<jurisdiction>
<coding>
<system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
<code value="001"/>
<display value="World"/>
</coding>
</jurisdiction>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-AST.1-115"/>
<label value="AST.1#115"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="An app Account Holder can remove an app from a mobile device at any time."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-AST.1-116"/>
<label value="AST.1#116"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="An app Account Holder is informed of the consequences of removing the app (e.g., loss of locally-stored data) from a smartphone and given an opportunity to confirm the removal of the app before the app is removed."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-AST.1-117"/>
<label value="AST.1#117"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="An app Account Holder can close an associated account or data store associated with the app."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-AST.1-118"/>
<label value="AST.1#118"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="An app Account Holder is informed of the consequences of deleting the account and is given an opportunity to confirm closing the account before it is closed."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-AST.1-119"/>
<label value="AST.1#119"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The user shall be informed that data that was part of the account may have been transmitted to other systems, outside of the account itself, and may persist. For example, suppose the user collects device data in an app, and transmits that data to an EHR which stores it as PGHD. In this case, the user shall be informed that deleting the account may not delete the data that is now in the EHR."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-AST.1-120"/>
<label value="AST.1#120"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="Before closing an app account, the account holder can download data generated by the account holder or a proxy subject of the account holder to a data set under the full control of the account holder (data portability)."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-AST.1-121"/>
<label value="AST.1#121"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="[The device permits remote or external access to device data] Any PHI or PII stored on a device can be wiped remotely by the account holder without deleting the account which is related to the wiped data."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-AST.1-122"/>
<label value="AST.1#122"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="Clear criteria are set and communicated to the user regarding the deletion of data, including automatic deletion if the user has not used the app for a specified period."/>
</statement>
</Requirements>