Health software - Part 2: Health and wellness apps - Quality and reliability (ISO/TS 82304-2:2021)

This European Technical Specification will provide a set of requirements for developers of health and wellness apps, intending to meet the needs of health care professionals, patients, carers and the wider public. It will include a set of quality criteria and cover the app project life cycle, through the development, testing, releasing and updating of an app, including native, hybrid and web based apps, those apps associated with wearable, ambient and other health equipment and apps that are linked to other apps. It will also address fitness for purpose and the monitoring of usage. The specification will inform the development of health and wellness apps irrespective of whether they are placed in the market, and including free of charge.
The specification will not cover the processes or criteria that an app developer or publisher follow to establish whether a health and wellness app is subject to regulatory control (e.g. as a medical device, or related to information governance).

Gesundheits- und Wellness-Apps - Qualitätskriterien während des gesamten Lebenszyklus - Verhaltenskodex (ISO/TS 82304-2:2021)

Logiciels de santé - Partie 2: Applications de santé et de bien-être - Critères de qualité tout au long du cycle de vie - Code de pratique (ISO/TS 82304-2:2021)

Programska oprema v zdravstvu - 2. del: Aplikacije za zdravje in dobro počutje (wellness) - Kakovost in zanesljivost (ISO/TS 82304-2:2021)

General Information

Status
Published
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Due Date
11-Aug-2021
Completion Date
11-Aug-2021

Buy Standard

Technical specification
-TS CEN ISO/TS 82304-2:2021 - BARVE na PDF-str 61,63,64
English language
87 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST-TS CEN ISO/TS 82304-2:2021
01-oktober-2021
Programska oprema v zdravstvu - 2. del: Aplikacije za zdravje in dobro počutje
(wellness) - Kakovost in zanesljivost (ISO/TS 82304-2:2021)

Health software - Part 2: Health and wellness apps - Quality and reliability (ISO/TS

82304-2:2021)
Gesundheits- und Wellness-Apps - Qualitätskriterien während des gesamten
Lebenszyklus - Verhaltenskodex (ISO/TS 82304-2:2021)

Logiciels de santé - Partie 2: Applications de santé et de bien-être - Critères de qualité

tout au long du cycle de vie - Code de pratique (ISO/TS 82304-2:2021)
Ta slovenski standard je istoveten z: CEN ISO/TS 82304-2:2021
ICS:
35.080 Programska oprema Software
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
SIST-TS CEN ISO/TS 82304-2:2021 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
---------------------- Page: 2 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
CEN ISO/TS 82304-2
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
August 2021
TECHNISCHE SPEZIFIKATION
ICS 35.080; 35.240.80
English Version
Health software - Part 2: Health and wellness apps -
Quality and reliability (ISO/TS 82304-2:2021)

Logiciels de santé - Partie 2: Applications de santé et de Gesundheits- und Wellness-Apps - Qualitätskriterien

bien-être - Critères de qualité tout au long du cycle de während des gesamten Lebenszyklus -

vie - Code de pratique (ISO/TS 82304-2:2021) Verhaltenskodex (ISO/TS 82304-2:2021)

This Technical Specification (CEN/TS) was approved by CEN on 28 June 2021 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to

submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS

available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in

parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,

Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and

United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2021 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN ISO/TS 82304-2:2021 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
CEN ISO/TS 82304-2:2021 (E)
Contents Page

European foreword ....................................................................................................................................................... 3

---------------------- Page: 4 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
CEN ISO/TS 82304-2:2021 (E)
European foreword

This document (CEN ISO/TS 82304-2:2021) has been prepared by Technical Committee ISO/TC 215

"Health informatics" in collaboration with Technical Committee CEN/TC 251 “Health informatics” the

secretariat of which is held by NEN.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

Any feedback and questions on this document should be directed to the users’ national standards

body/national committee. A complete listing of these bodies can be found on the CEN websites.

According to the CEN-CENELEC Internal Regulations, the national standards organizations of the

following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,

Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,

Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of

North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the

United Kingdom.
Endorsement notice

The text of ISO/TS 82304-2:2021 has been approved by CEN as CEN ISO/TS 82304-2:2021 without any

modification.
---------------------- Page: 5 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
---------------------- Page: 6 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
TECHNICAL ISO/TS
SPECIFICATION 82304-2
First edition
2021-07
Health software —
Part 2:
Health and wellness apps—Quality
and reliability
Reference number
ISO/TS 82304-2:2021(E)
ISO 2021
---------------------- Page: 7 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
ISO/TS 82304-2:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved
---------------------- Page: 8 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
ISO/TS 82304-2:2021(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

3.1 General terms ........................................................................................................................................................................................... 1

3.2 Terms relating to apps ...................................................................................................................................................................... 5

3.3 Terms relating to risk management ...................................................................................................................................... 7

4 Health app assessment process ............................................................................................................................................................ 8

4.1 Quality assessment .............................................................................................................................................................................. 8

4.2 Quality requirements ........................................................................................................................................................................ 8

4.3 Health app quality report .............................................................................................................................................................. 9

4.4 Health app quality evidence pack ........................................................................................................................................... 9

4.5 Health app quality label .................................................................................................................................................................. 9

5 Quality requirements ...................................................................................................................................................................................... 9

5.1 Product information ........................................................................................................................................................................... 9

5.1.1 Product ..................................................................................................................................................................................... 9

5.1.2 App manufacturer ........................................................................................................................................................10

5.2 Healthy and safe ..................................................................................................................................................................................11

5.2.1 Health requirements..................................................................................................................................................11

5.2.2 Health risks ........................................................................................................................................................................14

5.2.3 Ethics .......................................................................................................................................................................................17

5.2.4 Health benefit ..................................................................................................................................................................18

5.2.5 Societal benefit ...............................................................................................................................................................23

5.3 Easy to use ...............................................................................................................................................................................................24

5.3.1 Accessibility ......................................................................................................................................................................24

5.3.2 Usability ................................................................................................................................................................................26

5.4 Secure data ..............................................................................................................................................................................................30

5.4.1 Privacy ...................................................................................................................................................................................30

5.4.2 Security .................................................................................................................................................................................36

5.5 Robust build ...........................................................................................................................................................................................42

5.5.1 Technical robustness .................................................................................................................................................42

5.5.2 Interoperability ..............................................................................................................................................................45

Annex A (normative) Health app quality label .......................................................................................................................................47

Annex B (normative) Health app quality score calculation method ................................................................................54

Annex C (informative) Rationale ...........................................................................................................................................................................58

Annex D (informative) Product safety and lifecycle process recommendations .................................................59

Annex E (informative) Application profile – Contact tracing apps .....................................................................................67

Annex F (informative) Ethical considerations in health apps .................................................................................................70

Annex G (informative) Potential uses of this document ................................................................................................................73

Bibliography .............................................................................................................................................................................................................................75

© ISO 2021 – All rights reserved iii
---------------------- Page: 9 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
ISO/TS 82304-2:2021(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 215, Health informatics, in collaboration

with Technical Committee IEC/TC 62, Electrical equipment in medical practice, Subcommittee SC 62A,

Common aspects of electrical equipment used in medical practice, and with the European Committee for

Standardization (CEN) Technical Committee CEN/TC 251, Health informatics, in accordance with the

Agreement on technical cooperation between ISO and CEN (Vienna Agreement).
A list of all parts in the ISO 82304 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO 2021 – All rights reserved
---------------------- Page: 10 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
ISO/TS 82304-2:2021(E)
Introduction
Context

Health and wellness apps are a fast-growing market, and there are now hundreds of thousands, with

the most popular of these having many millions of downloads each. Some of these apps fall under

medical devices regulations, most do not. These apps are often promoted directly to consumers through

app stores without going through any formal evaluation. The apps often collect sensitive personal

information yet do not have appropriate privacy controls, and provide advice on topics such as fertility,

diet or activity that are not supported by any evidence. There are widespread concerns about the risks

involved. At the same time, health apps that have proven to be effective and add to quality of life and

even length of life, are not necessarily adopted at scale and reimbursed.

Many health organizations have projects to evaluate, endorse and procure apps that meet locally

defined requirements. These activities are important for any app manufacturer who want to promote

or sell their product to or through providers of health and wellness services, as providers want the

reassurance that the apps they recommend to patients will be safe, reliable and effective. However,

the cost of responding to different extensive sets of criteria and different evaluation regimes in each

country, organization, or region is a barrier for app manufacturers wanting to make their products

available in multiple markets. It is also a problem for those evaluating apps and maintaining libraries

of health and wellness apps. They can miss out on products that effectively address health issues and

health system inefficiencies, do not benefit from economies of scale of others evaluating the same

apps and different evaluations can contradict one another, causing further confusion instead of trust.

Because of the time investment involved, the vast majority of apps are not evaluated at all, although top

10 lists suggest otherwise.

There are several International Standards on health software related to product safety and lifecycle

processes that are applicable to all health software, including health apps. This document provides

quality requirements and health app quality labels as ways for app manufacturers and app assessment

organizations to communicate the quality and reliability of health apps.

The working practice within app development is to deliver a focused piece of functionality, building

on an existing platform - often with a small team doing the work who can be unfamiliar with health

software development. This document includes Annex D to provide guidance specific to this community.

A vibrant transparent market for health apps will benefit individuals and programs across the world

that are addressing issues such as aging population, unhealthy lifestyles, chronic diseases, affordability

of or constrained budgets for health and care, unequal quality and access to health services, and

shortages in health professionals.

This document makes no attempt to determine whether a health app is or should be regulated.

Development methodology

The quality requirements (Clause 5) and health app quality score calculation method (Annex B) have

been developed with a Delphi consensus study. Further input was gathered with surveys, interviews,

and review of existing standards and health app assessment frameworks. The health app quality label

(Annex A) has been inspired by the EU energy label that is also used in more than 50 countries outside

Europe, the Nutriscore and the FDA over-the-counter medicine label. Think-aloud testing of the health

app quality label with people with low health literacy in the Netherlands and subsequently Egypt and

Mexico was used to ensure adequate understanding in different contexts.
Outline

This document defines a set of questions and supporting evidence that can be used to clarify the quality

and reliability of a health app. A health app quality label is defined to summarize this information in a

visually appealing way.
© ISO 2021 – All rights reserved v
---------------------- Page: 11 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
ISO/TS 82304-2:2021(E)

The questions and evidence are listed under the following headings taking into account the need to be

understood by those with low health literacy:
— Product information;
— Healthy and safe;
— Easy to use;
— Secure data;
— Robust build.

This document provides requirements for the specification for the health app quality label in Annex A,

and a calculation method in Annex B to generate the quality score information that is displayed on the

label.
This document also contains annexes covering the following:
— Annex C: the rationale for the scope of this document and content;

— Annex D: a walk through the relevant international health software products and process standards,

providing recommendations and explanations, where appropriate, to help those developing or

evaluating health and wellness apps to understand how the standards can be applied;

— Annex E: an example of how a profile of this document can be defined for the assessment of contact

tracing apps. Similar profiles can be produced for other specific use cases;

— Annex F: ethical considerations for app manufacturers and evaluators to take into account;

— Annex G: a range of ways that this document can be used by different stakeholders throughout the

lifecycle of a health app.
vi © ISO 2021 – All rights reserved
---------------------- Page: 12 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
TECHNICAL SPECIFICATION ISO/TS 82304-2:2021(E)
Health software —
Part 2:
Health and wellness apps—Quality and reliability
1 Scope

This document provides quality requirements for health apps and defines a health app quality label in

order to visualize the quality and reliability of health apps.

This document is applicable to health apps, which are a special form of health software. It covers the

entire life cycle of health apps.

This document is intended for use by app manufacturers as well as app assessment organizations in

order to communicate the quality and reliability of a health app. Consumers, patients, carers, health

care professionals and their organizations, health authorities, health insurers and the wider public can

use the health app quality label and report when recommending or selecting a health app for use, or for

adoption in care guidelines, care pathways and care contracts.

NOTE 1 Health apps can be subject to national legislation, such as for medical devices.

NOTE 2 See Annex C for additional details on the scope.

Outside the scope of this document are guidelines to comply to the medical device regulation.

2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1 General terms
3.1.1
accessibility

extent to which products, systems, services, environments and facilities can be used by people from a

population with the widest range of user needs, characteristics and capabilities to achieve identified

goals in identified contexts of use

Note 1 to entry: Context of use includes direct use or use supported by assistive technologies.

[SOURCE: ISO 9241-11:2018, 3.2.2]
© ISO 2021 – All rights reserved 1
---------------------- Page: 13 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
ISO/TS 82304-2:2021(E)
3.1.2
effectiveness
ability to produce the intended result
[SOURCE: ISO 81001-1:2021, 3.2.5]
3.1.3
efficiency
resources used in relation to the results achieved

Note 1 to entry: Typical resources include time, human effort, costs and materials.

[SOURCE: ISO 9241-11:2018, 3.1.13]
3.1.4
evidence

directly measurable characteristics of a process and/or product that represent objective, demonstrable

proof that a specific activity satisfied a specified requirement
[SOURCE: ISO/IEC 21827:2008, 3.19]
3.1.5
health

state of complete physical, mental and social well-being and not merely the absence of disease or

infirmity
[53]
[SOURCE: WHO 1948 ]
3.1.6
health benefit

positive impact or desirable outcome of the use of health software on the health of an individual

3.1.7
health intervention

act performed for, with or on behalf of a person or population whose purpose is to assess, improve,

maintain, promote or modify health, functioning or health conditions
[53]
[SOURCE: WHO 1948 ]
3.1.8
health issue

representation of an issue related to the health of a subject of care as identified by one or more

healthcare actors

Note 1 to entry: According to this definition, a health issue can correspond to a health problem, a disease, an

illness or another kind of health condition.

EXAMPLE A loss of weight, a heart attack, a drug addiction, an injury, dermatitis.

[SOURCE: ISO 13940:2015]
3.1.9
health need

deficit in the current health state compared to aspects of a desired future health state

[SOURCE: ISO 13940:2015]
2 © ISO 2021 – All rights reserved
---------------------- Page: 14 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
ISO/TS 82304-2:2021(E)
3.1.10
intended use
intended purpose

health-related use for which a product, process or service is intended according to the specifications,

instructions and information provided by the manufacturer

Note 1 to entry: The intended health benefit, patient population, part of the body or type of tissue interacted

with, user profile, use environment, and operating principle are typical elements of the intended use.

Note 2 to entry: A health app has an intended use irrespective of whether it is a medical device. A concept of

“intended use” is used in a more restrictive sense in some medical device regulations.

[SOURCE: ISO/IEC Guide 63:2019, 3.4, modified — Note 2 to entry added, "intended purpose added" as

a preferred term.]
3.1.11
intended users
group(s) of people for whom a product is designed

Note 1 to entry: In many cases the actual user population is different from that originally intended by the

manufacturer. The intended user group is based on realistic estimations of who the actual users of the product

will be.
[SOURCE: ISO 20282-1:2006, 3.12]
3.1.12
interoperability

ability of two or more systems or components to exchange information and to use the information that

has been exchanged

[SOURCE: IEEE standard computer dictionary: a compilation of IEEE standard computer glossaries.

New York: Institute of Electrical and Electronics Engineers; 1990]
3.1.13
joint PII controller

PII controller that determines the purposes and means of the processing of PII jointly with one or more

other PII controllers
[SOURCE: ISO/IEC 27701:2019, 3.1]
3.1.14
medical device

instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software,

material or other similar or related article, intended by the manufacturer to be used, alone or in

combination, for human beings, for one of more of the specific medical purpose(s) of

— diagnosis, prevention, monitoring, treatment or alleviation of disease,

— diagnosis, monitoring, treatment, alleviation of or compensation for an injury,

— investigation, replacement, modification, or support of the anatomy or of a physiological process,

— supporting or sustaining life,
— control of conception,
— disinfection of medical devices,

— providing information by means of in vitro examination of specimens derived from the human body,

© ISO 2021 – All rights reserved 3
---------------------- Page: 15 ----------------------
SIST-TS CEN ISO/TS 82304-2:2021
ISO/TS 82304-2:2021(E)

and does not achieve its primary intended action by pharmacological, immunological or metabolic

means, in or on the human body, but which may be assisted in its function by such means

Note 1 to entry: Products that can be considered to be medical devices in some jurisdictions but not in others

include
— disinfection substances,
— aids for persons with disabilities,
— devices incorporating animal and/or human tissues, and
— devices for in-vitro fertilization or assisted reproductive technologies.
[SOURCE: ISO/IEC Guide 63:2019, 3.7]
3.1.15
personally identifiable information
PII

any information that (a) can be used to establish a link between the information and the natural person

to whom such information relates, or (b) is or can be directly or indirectly linked to a natural person

[SOURCE: ISO/IEC 29100:2011/Amd.1:2018, 2.9, modified — Note to entry removed.]
3.1.16
privacy

freedom from intrusion into the private life or affairs of an individual when that intrusion results from

undue or illegal gathering and use of data about that individual
[SOURCE: ISO/TS 27790:2009, 3.56]
3.1.17
processing of PII
oper
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.