ISO/PRF TS 82304-2
(Main)Health software
Health software
Logiciels de santé
General Information
Standards Content (sample)
TECHNICAL ISO/TS
SPECIFICATION 82304-2
First edition
Health software —
Part 2:
Health and wellness apps—Quality
and reliability
Member bodies are requested to consult relevant national interests in IEC/SC
62A before casting their ballot to the e-Balloting application.
PROOF/ÉPREUVE
Reference number
ISO/TS 82304-2:2021(E)
ISO 2021
---------------------- Page: 1 ----------------------
ISO/TS 82304-2:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TS 82304-2:2021(E)
Contents Page
Foreword ........................................................................................................................................................................................................................................iv
Introduction ..................................................................................................................................................................................................................................v
1 Scope ................................................................................................................................................................................................................................. 1
2 Normative references ...................................................................................................................................................................................... 1
3 Terms and definitions ..................................................................................................................................................................................... 1
3.1 General terms ........................................................................................................................................................................................... 1
3.2 Terms relating to apps ...................................................................................................................................................................... 5
3.3 Terms relating to risk management ...................................................................................................................................... 7
4 Health app assessment process ............................................................................................................................................................ 8
4.1 Conformity assessment ................................................................................................................................................................... 8
4.2 Quality requirements ........................................................................................................................................................................ 8
4.3 Health app quality report .............................................................................................................................................................. 9
4.4 Health app quality evidence pack ........................................................................................................................................... 9
4.5 Health app quality label .................................................................................................................................................................. 9
5 Quality requirements ...................................................................................................................................................................................... 9
5.1 Product information ........................................................................................................................................................................... 9
5.1.1 Product ..................................................................................................................................................................................... 9
5.1.2 App manufacturer ........................................................................................................................................................10
5.2 Healthy and safe ..................................................................................................................................................................................11
5.2.1 Health requirements..................................................................................................................................................11
5.2.2 Health risks ........................................................................................................................................................................13
5.2.3 Ethics .......................................................................................................................................................................................17
5.2.4 Health benefit ..................................................................................................................................................................18
5.2.5 Societal benefit ...............................................................................................................................................................22
5.3 Easy to use ...............................................................................................................................................................................................23
5.3.1 Accessibility ......................................................................................................................................................................23
5.3.2 Usability ................................................................................................................................................................................25
5.4 Secure data ..............................................................................................................................................................................................29
5.4.1 Privacy ...................................................................................................................................................................................29
5.4.2 Security .................................................................................................................................................................................35
5.5 Robust build ...........................................................................................................................................................................................41
5.5.1 Technical robustness .................................................................................................................................................41
5.5.2 Interoperability ..............................................................................................................................................................44
Annex A (Informative) Health app quality label ....................................................................................................................................46
Annex B (Informative) Health app quality score calculation method .............................................................................53
Annex C (informative) Rationale ...........................................................................................................................................................................57
Annex D (informative) Product safety and lifecycle process recommendations .................................................58
Annex E (informative) Application profile – Contact tracing apps .....................................................................................66
Annex F (informative) Ethical considerations in health apps .................................................................................................69
Annex G (informative) Potential uses of this document ................................................................................................................72
Bibliography .............................................................................................................................................................................................................................74
© ISO 2021 – All rights reserved PROOF/ÉPREUVE iii---------------------- Page: 3 ----------------------
ISO/TS 82304-2:2021(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.This document was prepared by Technical Committee ISO/TC 215, Health informatics, in collaboration
with Technical Committee IEC/TC 62, Electrical equipment in medical practice, Subcommittee SC 62A,
Common aspects of electrical equipment used in medical practice, and with the European Committee for
Standardization (CEN) Technical Committee CEN/TC 251, Health informatics, in accordance with the
Agreement on technical cooperation between ISO and CEN (Vienna Agreement).A list of all parts in the ISO 82304 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.iv PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TS 82304-2:2021(E)
Introduction
Context
Health and wellness apps are a fast-growing market, and there are now hundreds of thousands, with
the most popular of these having many millions of downloads each. Some of these apps fall under
medical devices regulations, most do not. These apps are often promoted directly to consumers through
app stores without going through any formal evaluation. The apps often collect sensitive personal
information yet do not have appropriate privacy controls, and provide advice on topics such as fertility,
diet or activity that are not supported by any evidence. There are widespread concerns about the risks
involved. At the same time, health apps that have proven to be effective and add to quality of life and
even length of life, are not necessarily adopted at scale and reimbursed.Many health organizations have projects to evaluate, endorse and procure apps that meet locally defined
requirements. These activities are important for any app developer who want to promote or sell their
product to or through providers of health and wellness services, as providers want the reassurance that
the apps they recommend to patients will be safe, reliable and effective. However, the cost of responding
to different extensive sets of criteria and different evaluation regimes in each country, organization, or
region is a barrier for app developers wanting to make their products available in multiple markets.
It is also a problem for those evaluating apps and maintaining libraries of health and wellness apps.
They can miss out on products that effectively address health issues and health system inefficiencies,
do not benefit from economies of scale of others evaluating the same apps and different evaluations
can contradict one another, causing further confusion instead of trust. Because of the time investment
involved, the vast majority of apps are not evaluated at all, although top 10 lists suggest otherwise.
There are several International Standards on health software related to product safety and lifecycle
processes that are applicable to all health software, including health apps. This document provides
quality requirements and health app quality labels as ways for app manufacturers and app assessment
organizations to communicate the quality and reliability of health apps.The working practice within app development is to deliver a focused piece of functionality, building
on an existing platform - often with a small team doing the work who can be unfamiliar with health
software development. This document includes Annex D to provide guidance specific to this community.
A vibrant transparent market for health apps will benefit individuals and programs across the world
that are addressing issues such as aging population, unhealthy lifestyles, chronic diseases, affordability
of or constrained budgets for health and care, unequal quality and access to health services, and
shortages in health professionals.Development methodology
The quality requirements (Clause 5) and health app quality score calculation method (Annex B) have
been developed with a Delphi consensus study. Further input was gathered with surveys, interviews,
and review of existing standards and health app assessment frameworks. The health app quality label
(Annex A) has been inspired by the EU energy label that is also used in more than 50 countries outside
Europe, the Nutriscore and the FDA over-the-counter medicine label. Think-aloud testing of the health
app quality label with people with low health literacy in the Netherlands and subsequently Egypt and
Mexico was used to ensure adequate understanding in different contexts.Outline
This document defines a set of questions and supporting evidence that can be used to clarify the quality
and reliability of a health app. A health app quality label is defined to summarize this information in a
visually appealing way.The questions and evidence are listed under the following headings taking into account the need to be
understood by those with low health literacy:— Product information;
© ISO 2021 – All rights reserved PROOF/ÉPREUVE v
---------------------- Page: 5 ----------------------
ISO/TS 82304-2:2021(E)
— Healthy and safe;
— Easy to use;
— Secure data;
— Robust build.
This document provides requirements for the specification for the Health App Quality Label in
Annex A, and a calculation method in Annex B to generate the quality score information that is
displayed on the label.This document also contains annexes covering the following:
— Annex C: the rationale for the scope of this document and content decisions;
— Annex D: a walk through the relevant international health software products and process standards,
providing recommendations and explanations, where appropriate, to help those developing or
evaluating health and wellness apps to understand how the standards can be applied;
— Annex E: an example of how a profile of this document can be defined for the assessment of contact
tracing apps. Similar profiles can be produced for other specific use cases;— Annex F: ethical considerations for app developers and evaluators to take into account;
— Annex G: a range of ways that this document can be used by different stakeholders throughout the
lifecycle of a health app.vi PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/TS 82304-2:2021(E)
Health software —
Part 2:
Health and wellness apps—Quality and reliability
1 Scope
This document provides quality requirements for health apps and defines a health app quality label in
order to visualize the quality and reliability of health apps.This document is applicable to health apps, which are a special form of health software. It covers the
entire life cycle of health apps.This document is intended for use by app manufacturers as well as app assessment organizations in
order to communicate the quality and reliability of a health app. Consumers, patients, carers, health
care professionals and their organizations, health authorities, health insurers and the wider public can
use the health app quality label and report when recommending or selecting a health app for use, or for
adoption in care guidelines, care pathways and care contracts.NOTE Health apps can be subject to national legislation, such as for medical devices.
2 Normative referencesThere are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp— IEC Electropedia: available at http:// www .electropedia .org/
3.1 General terms
3.1.1
accessibility
extent to which products, systems, services, environments and facilities can be used by people from a
population with the widest range of user needs, characteristics and capabilities to achieve identified
goals in identified contexts of useNote 1 to entry: Context of use includes direct use or use supported by assistive technologies.
[SOURCE: ISO 9241-11:2018, 3.2.2]3.1.2
conformity assessment
demonstration that specified requirements are fulfilled
Note 1 to entry: The process of conformity assessment can have a negative outcome, i.e. demonstrating that the
specified requirements are not fulfilled.© ISO 2021 – All rights reserved PROOF/ÉPREUVE 1
---------------------- Page: 7 ----------------------
ISO/TS 82304-2:2021(E)
3.1.3
effectiveness
ability to produce the intended result
[SOURCE: ISO 81001-1:— , 3.2.5]
3.1.4
efficiency
resources used in relation to the results achieved
Note 1 to entry: Typical resources include time, human effort, costs and materials.
[SOURCE: ISO 9241-11:2018, 3.1.13]3.1.5
evidence
directly measurable characteristics of a process and/or product that represent objective, demonstrable
proof that a specific activity satisfied a specified requirement[SOURCE: ISO/IEC 21827:2008, 3.19]
3.1.6
health
state of complete physical, mental and social well-being and not merely the absence of disease of
infirmity[53]
[SOURCE: WHO 1948 ]
3.1.7
health benefit
positive impact or desirable outcome of the use of health software on the health of an individual
3.1.8health intervention
act performed for, with or on behalf of a person or population whose purpose is to assess, improve,
maintain, promote or modify health, functioning or health conditions[53]
[SOURCE: WHO 1948 ]
3.1.9
health issue
representation of an issue related to the health of a subject of care as identified by one or more
healthcare actorsNote 1 to entry: According to this definition, a health issue can correspond to a health problem, a disease, an
illness or another kind of health condition.EXAMPLE A loss of weight, a heart attack, a drug addiction, an injury, dermatitis.
[SOURCE: ISO 13940:2015]3.1.10
health need
deficit in the current health state compared to aspects of a desired future health state
[SOURCE: ISO 13940:2015]1) Under preparation. Stage at the time of publication: ISO/FDIS 81001-1:2020.
2 PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TS 82304-2:2021(E)
3.1.11
intended use
health-related use for which a product, process or service is intended according to the specifications,
instructions and information provided by the manufacturerNote 1 to entry: The intended health benefit, patient population, part of the body or type of tissue interacted
with, user profile, use environment, and operating principle are typical elements of the intended use.
Note 2 to entry: A health app has an intended use irrespective of whether it is a medical device. A concept of
“intended use” is used in a more restrictive sense in some medical device regulations.
[SOURCE: ISO/IEC Guide 63:2019, 3.4, modified — Note 2 to entry added.]3.1.12
intended users
group(s) of people for whom a product is designed
Note 1 to entry: In many cases the actual user population is different from that originally intended by the
manufacturer. The intended user group is based on realistic estimations of who the actual users of the product
will be.[SOURCE: ISO 20282-1:2006, 3.12]
3.1.13
interoperability
ability of two or more systems or components to exchange information and to use the information that
has been exchanged[SOURCE: IEEE standard computer dictionary: a compilation of IEEE standard computer glossaries.
New York: Institute of Electrical and Electronics Engineers; 1990]3.1.14
joint PII controller
PII controller that determines the purposes and means of the processing of PII jointly with one or more
other PII controllers[SOURCE: ISO/IEC 27701:2019, 3.1]
3.1.15
medical device
instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software,
material or other similar or related article, intended by the manufacturer to be used, alone or in
combination, for human beings, for one of more of the specific medical purpose(s) of
— diagnosis, prevention, monitoring, treatment or alleviation of disease,— diagnosis, monitoring, treatment, alleviation of or compensation for an injury,
— investigation, replacement, modification, or support of the anatomy or of a physiological process,
— supporting or sustaining life,— control of conception,
— disinfection of medical devices,
— providing information by means of in vitro examination of specimens derived from the human body,
and does not achieve its primary intended action by pharmacological, immunological or metabolic
means, in or on the human body, but which may be assisted in its function by such means
Note 1 to entry: Products that can be considered to be medical devices in some jurisdictions but not in others include
— disinfection substances,© ISO 2021 – All rights reserved PROOF/ÉPREUVE 3
---------------------- Page: 9 ----------------------
ISO/TS 82304-2:2021(E)
— aids for persons with disabilities,
— devices incorporating animal and/or human tissues, and
— devices for in-vitro fertilization or assisted reproductive technologies.
[SOURCE: ISO/IEC Guide 63:2019, 3.7]
3.1.16
personally identifiable information
PII
any information that (a) can be used to establish a link between the information and the natural person
to whom such information relates, or (b) is or can be directly or indirectly linked to a natural person
[SOURCE: ISO/IEC 29100:2011/Amd.1:2018, 2.9, modified — Note to entry removed.]3.1.17
privacy
freedom from intrusion into the private life or affairs of an individual when that intrusion results from
undue or illegal gathering and use of data about that individual[SOURCE: ISO/TS 27790:2009, 3.56]
3.1.18
processing of PII
operation or set of operations performed upon Personally Identifiable Information (PII)
Note 1 to entry: Examples of processing operations of PII include, but are not limited to, the collection, storage,
alteration, retrieval, consultation, disclosure, anonymization, pseudonymization, dissemination or otherwise
making available, deletion or destruction of PII.[SOURCE: ISO/IEC 29100:2011, 2.23]
3.1.19
quality
degree to which a set of inherent characteristics of an object fulfils requirements
[SOURCE: ISO 9000:2015, 3.6.2, modified — Notes to entry removed.]3.1.20
reliability
ability of a device or a system to perform its intended function under given conditions of use for a
specified period of time or number of cycles[SOURCE: ISO 14907-1:2020, 3.23]
3.1.21
safety
freedom from unacceptable risk
[SOURCE: ISO/IEC Guide 63, 2019, 3.16]
3.1.22
satisfaction
extent to which the user's physical, cognitive and emotional responses that result from the use of a
system, product or service meet the user’s needs and expectationsNote 1 to entry: Satisfaction includes the extent to which the user experience that results from actual use meets
the user’s needs and expectations.Note 2 to entry: Anticipated use can influence satisfaction with actual use.
[SOURCE: ISO 9241-11:2018, 3.1.14]
4 PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/TS 82304-2:2021(E)
3.1.23
security
condition that results from the establishment and maintenance of protective measures that ensure a
state of inviolability from hostile acts or influencesNote 1 to entry: Hostile acts or influences could be intentional or unintentional.
3.1.24usability
extent to which a system, product or service can be used by specified users to achieve specified goals
with effectiveness, efficiency and satisfaction in a specified context of use[SOURCE: ISO 9241-210:2019, 3.13]
3.1.25
user
person who interacts with a system, product or service
Note 1 to entry: Users of a system, product or service include people who operate the system, people who make
use of the output of the system and people who support the system (including providing maintenance and
training).[SOURCE: ISO 9241-11:2018, 3.1.7]
3.1.26
use error
reasonably foreseeable misuse
3.2 Terms relating to apps
3.2.1
app
software application that can be executed (run) on a computing platform
Note 1 to entry: Apps were initially established as a category of software developed to run on mobile platforms
for a single or limited number of purposes. However, the distinction between apps and other software
applications has become less clear as a wider range of computing platforms are marketed as supporting apps and
app repositories, and as apps with a wider range of functions are developed.Note 2 to entry: An example is a software application running on a handheld commercial off-the shelf computing
platform, with or without wireless connectivity, or a web-based software application that is tailored to a mobile
platform but is executed on a server.[SOURCE: BS PAS 277:2015, 3.1.1, modified — 'and is typically a small application run or accessed on
mobile devices' removed from the definition, Note 2 to entry modified.]3.2.2
app assessment organization
organization that evaluates apps
Note 1 to entry: This can be done to inform the purchasing or recommendation of an app, or as part of a
certification program.3.2.3
health app
health and wellness app
app intended to be used specifically for managing, maintaining or improving health of individual
persons, or the delivery of care[SOURCE: IEC 82304-1:2016 3.6, modified — Changed 'software' to 'app' in term and definition, 'health
and wellness app' was added as a term, notes to entry deleted.]© ISO 2021 – All rights reserved PROOF/ÉPREUVE 5
---------------------- Page: 11 ----------------------
ISO/TS 82304-2:2021(E)
3.2.4
health software
software intended to be used specifically for managing, maintaining or improving health of individual
persons, or the delivery of careNote 1 to entry: Health software fully includes what is considered software as a medical device.
Note 2 to entry: The scope of IEC 82304-1 refers to the subset of health software that is intended to run on general
computing platforms.[SOURCE: IEC 82304-1:2016, 3.6, modified — 'documents' changed to 'documentation'.]
3.2.5health software product
combination of health software and accompanying documentation
[SOURCE: IEC 82304-1:2016, 3.7]
3.2.6
manufacturer
app manufacturer
natural or legal person with responsibility for design and/or manufacture of a health app with the
intention of making the health app available for use, under their own name; whether or not such a health
app is designed and/or manufactured by that natural or legal person themselves or on their behalf by
(an)other natural or legal person(s)Note 1 to entry: This ‘natural or legal person’ has ultimate legal responsibility for ensuring compliance with all
applicable regulatory requirements for the health app in the countries or jurisdictions whe
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.