European mHealth Hub | Certification

Certification

Role this area should play in the mHealth space
Having a regulatory framework that requires some levels of certifications for the mobile health apps and their development processes, enables the reimbursement of the apps by health insurance companies while promoting the patient safety, suitability for use and evidence of positive health effect. According to this report, the cost of healthcare data breach rises 10% to an average of 7mill in 2020. Just a single breach could bring loss of reputation and trust in an institution brand. A certification would give one’s brand a competitive edge over the competitors, providing credibility and reducing time dedicated to audits.

Role this area should play in the mHealth space

Having a regulatory framework that requires some levels of certifications for the mobile health apps and their development processes, enables the reimbursement of the apps by health insurance companies while promoting the patient safety, suitability for use and evidence of positive health effect.

According to this report, the cost of healthcare data breach rises 10% to an average of 7mill in 2020. Just a single breach could bring loss of reputation and trust in an institution brand. A certification would give one’s brand a competitive edge over the competitors, providing credibility and reducing time dedicated to audits.

Current challenges and limitations
There will be challenges for the manufacturer that would like to have their DiGA reimbursed by health insurance companies since they will have to demonstrate compliance with requirements for data protection, interoperability, through generally recognized standards. The obligation to carry out studies with their own DiGA and the obligation to be better than alternative devices or procedures implies higher costs for the manufacturers. The requirements of the DiGAV framework, the first of this kind to become operational in Europe, are stricter than the requirements of the MDR when it comes to the clinical evaluation and this might increase the manufacturers costs. Certificates usually do not provide a sufficient proof that a product is secure, as they exhibit a perspective on an application’s security posture at a given time for a given scope by a single auditor or tester. A validity of up to twelve months, combined with comparatively short release cycles, is not appropriate for making precise statements about the product. Reporting and remediation of the vulnerabilities and the monitoring of this process by national security authorities.

Current challenges and limitations

There will be challenges for the manufacturer that would like to have their DiGA reimbursed by health insurance companies since they will have to demonstrate compliance with requirements for data protection, interoperability, through generally recognized standards.
The obligation to carry out studies with their own DiGA and the obligation to be better than alternative devices or procedures implies higher costs for the manufacturers.
The requirements of the DiGAV framework, the first of this kind to become operational in Europe, are stricter than the requirements of the MDR when it comes to the clinical evaluation and this might increase the manufacturers costs.
Certificates usually do not provide a sufficient proof that a product is secure, as they exhibit a perspective on an application’s security posture at a given time for a given scope by a single auditor or tester. A validity of up to twelve months, combined with comparatively short release cycles, is not appropriate for making precise statements about the product.
Reporting and remediation of the vulnerabilities and the monitoring of this process by national security authorities.

Examples

HAPPTIQUE Medical App Certification

Certification

Approach or solution Private firm Happtique has published certification standards and announced review boards to help hospitals and consumers cut through the crowded medical, health and fitness app marketplace. Happtique aims to benchmark apps within the healthcare industry and help leading consumers and hospitals in doubt over which ones to use. Until now there has… ...

European Health Data Space initiative /Standards/IOP Framework

Certification

Approach or solution European Health Data Space is an initiative around standardization and IOP Framework for health. CEN Technical Committee 251 Health Informatics is very supportive of this initiatives that will: promote safe exchange of patients’ data (including when they travel abroad) and citizens’ control over their health data support research on treatments, medicines, medical… ...

Belgium National Validation platform for digital apps

Certification

Approach or solution mHealthBelgium is an initiative of the Belgian Federal Government for the integration of mobile health apps in the Belgian healthcare system. The apps should be CE-marked as medical device and should target patients and healthcare professionals. The platform provides app information in Dutch, French and English on the CE marking, data protection,… ...

DiGAV – A Regulative Framework for mobile apps

Certification

Approach or solution On April 17, 2020, the German Federal Ministry of Health (Bundesministerium für Gesundheit) presented the preliminary draft of the Digital Health Applications Ordinance (DiGAV) establishing the requirements for the reimbursement of digital health applications (DiGA) by health insurance companies. A guidance on DiGAV was published by the BfArM (German Federal Institute for Drugs… ...

HITRUST CSF® Certification

Certification

Approach or solution HITRUST CSF® is a certification required by organizations that handle Protected Health Information. HITRUST’s mission is to establish a holistic approach for the healthcare industry to manage information security risks. HITRUST stands for Health Information Trust Alliance. It’s a combination of different security standards in the healthcare industry, including HIPAA, HITECH, PCI,… ...

No post found

What is on the horizon?
Healthcare organizations are increasingly requiring technology and service partners to demonstrate HITRUST certification from the not-for-profit HITRUST Alliance. Working together, providers, payers, technology partners, and everyone in the healthcare ecosystem can better collaborate to ensure that patient data is safe at every touchpoint. The push from DiGAV for “standardized standards” will lead to removal of sector boundaries in healthcare and this will increase efficiency and effectiveness. One of the benefits of standardization is to allow data exchange between different sectors in healthcare and DIGA is encouraging adherence to existing or new standards.

What is on the horizon?

Healthcare organizations are increasingly requiring technology and service partners to demonstrate HITRUST certification from the not-for-profit HITRUST Alliance. Working together, providers, payers, technology partners, and everyone in the healthcare ecosystem can better collaborate to ensure that patient data is safe at every touchpoint.

The push from DiGAV for “standardized standards” will lead to removal of sector boundaries in healthcare and this will increase efficiency and effectiveness. One of the benefits of standardization is to allow data exchange between different sectors in healthcare and DIGA is encouraging adherence to existing or new standards.

Keywords
Certification