Building medical apps

09 April 2015

Q. GPs and software developers frequently come to the GPIT Group with ideas about medical apps they plan to build for smartphones and tablets. There is a standard list of questions that we ask them to consider. Here is the list.

A. This discussion document raises common questions worth asking before you start building a mobile app:

When you consider using or recommending a medical app please be careful about your own data and especially about patient data. Consider the business model for the app. If the app is free and there are no in-app purchases then your data may be the business model. In other words the company may sell on your data or your patient data as a method of generating income. There may be a hint of this in a carefully worded sentence in the terms and conditions, but does anyone ever read the terms and conditions before signing up?

Apps often claim to be compliant with data protection requirements, but there is no standard or benchmark or accreditation system to establish this claim. Sometimes they gather excessive information about patients, collecting a detailed address. Sometimes they send confidential information over normal insecure email. Sometimes they store data on their own servers without making this clear to users.

Underlying all this activity is the need for patient consent. Don't enter real patient data on medical apps without patient consent, and document that you obtained that consent. It's OK for people to do this themselves, for example a young diabetic using a smartphone app to track their blood glucose levels. We can expect to see much more of this as self-monitoring becomes established for a range of medical conditions such as hypertension, asthma and Parkinson's disease. Already you can use bands and smart watches to monitor heart rate and oxygen saturation. Wearable biochemical monitors are a couple of years away, at most.