Health software

Logiciels de santé

General Information

Status
Published
Current Stage
5060 - Close of voting Proof returned by Secretariat
Start Date
27-May-2021
Completion Date
27-May-2021
Ref Project

Buy Standard

Draft
ISO/PRF TS 82304-2 - Health software
English language
76 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/TS
SPECIFICATION 82304-2
First edition
Health software —
Part 2:
Health and wellness apps—Quality
and reliability
Member bodies are requested to consult relevant national interests in IEC/SC
62A before casting their ballot to the e-Balloting application.
PROOF/ÉPREUVE
Reference number
ISO/TS 82304-2:2021(E)
ISO 2021
---------------------- Page: 1 ----------------------
ISO/TS 82304-2:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TS 82304-2:2021(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

3.1 General terms ........................................................................................................................................................................................... 1

3.2 Terms relating to apps ...................................................................................................................................................................... 5

3.3 Terms relating to risk management ...................................................................................................................................... 7

4 Health app assessment process ............................................................................................................................................................ 8

4.1 Conformity assessment ................................................................................................................................................................... 8

4.2 Quality requirements ........................................................................................................................................................................ 8

4.3 Health app quality report .............................................................................................................................................................. 9

4.4 Health app quality evidence pack ........................................................................................................................................... 9

4.5 Health app quality label .................................................................................................................................................................. 9

5 Quality requirements ...................................................................................................................................................................................... 9

5.1 Product information ........................................................................................................................................................................... 9

5.1.1 Product ..................................................................................................................................................................................... 9

5.1.2 App manufacturer ........................................................................................................................................................10

5.2 Healthy and safe ..................................................................................................................................................................................11

5.2.1 Health requirements..................................................................................................................................................11

5.2.2 Health risks ........................................................................................................................................................................13

5.2.3 Ethics .......................................................................................................................................................................................17

5.2.4 Health benefit ..................................................................................................................................................................18

5.2.5 Societal benefit ...............................................................................................................................................................22

5.3 Easy to use ...............................................................................................................................................................................................23

5.3.1 Accessibility ......................................................................................................................................................................23

5.3.2 Usability ................................................................................................................................................................................25

5.4 Secure data ..............................................................................................................................................................................................29

5.4.1 Privacy ...................................................................................................................................................................................29

5.4.2 Security .................................................................................................................................................................................35

5.5 Robust build ...........................................................................................................................................................................................41

5.5.1 Technical robustness .................................................................................................................................................41

5.5.2 Interoperability ..............................................................................................................................................................44

Annex A (Informative) Health app quality label ....................................................................................................................................46

Annex B (Informative) Health app quality score calculation method .............................................................................53

Annex C (informative) Rationale ...........................................................................................................................................................................57

Annex D (informative) Product safety and lifecycle process recommendations .................................................58

Annex E (informative) Application profile – Contact tracing apps .....................................................................................66

Annex F (informative) Ethical considerations in health apps .................................................................................................69

Annex G (informative) Potential uses of this document ................................................................................................................72

Bibliography .............................................................................................................................................................................................................................74

© ISO 2021 – All rights reserved PROOF/ÉPREUVE iii
---------------------- Page: 3 ----------------------
ISO/TS 82304-2:2021(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 215, Health informatics, in collaboration

with Technical Committee IEC/TC 62, Electrical equipment in medical practice, Subcommittee SC 62A,

Common aspects of electrical equipment used in medical practice, and with the European Committee for

Standardization (CEN) Technical Committee CEN/TC 251, Health informatics, in accordance with the

Agreement on technical cooperation between ISO and CEN (Vienna Agreement).
A list of all parts in the ISO 82304 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
iv PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TS 82304-2:2021(E)
Introduction
Context

Health and wellness apps are a fast-growing market, and there are now hundreds of thousands, with

the most popular of these having many millions of downloads each. Some of these apps fall under

medical devices regulations, most do not. These apps are often promoted directly to consumers through

app stores without going through any formal evaluation. The apps often collect sensitive personal

information yet do not have appropriate privacy controls, and provide advice on topics such as fertility,

diet or activity that are not supported by any evidence. There are widespread concerns about the risks

involved. At the same time, health apps that have proven to be effective and add to quality of life and

even length of life, are not necessarily adopted at scale and reimbursed.

Many health organizations have projects to evaluate, endorse and procure apps that meet locally defined

requirements. These activities are important for any app developer who want to promote or sell their

product to or through providers of health and wellness services, as providers want the reassurance that

the apps they recommend to patients will be safe, reliable and effective. However, the cost of responding

to different extensive sets of criteria and different evaluation regimes in each country, organization, or

region is a barrier for app developers wanting to make their products available in multiple markets.

It is also a problem for those evaluating apps and maintaining libraries of health and wellness apps.

They can miss out on products that effectively address health issues and health system inefficiencies,

do not benefit from economies of scale of others evaluating the same apps and different evaluations

can contradict one another, causing further confusion instead of trust. Because of the time investment

involved, the vast majority of apps are not evaluated at all, although top 10 lists suggest otherwise.

There are several International Standards on health software related to product safety and lifecycle

processes that are applicable to all health software, including health apps. This document provides

quality requirements and health app quality labels as ways for app manufacturers and app assessment

organizations to communicate the quality and reliability of health apps.

The working practice within app development is to deliver a focused piece of functionality, building

on an existing platform - often with a small team doing the work who can be unfamiliar with health

software development. This document includes Annex D to provide guidance specific to this community.

A vibrant transparent market for health apps will benefit individuals and programs across the world

that are addressing issues such as aging population, unhealthy lifestyles, chronic diseases, affordability

of or constrained budgets for health and care, unequal quality and access to health services, and

shortages in health professionals.
Development methodology

The quality requirements (Clause 5) and health app quality score calculation method (Annex B) have

been developed with a Delphi consensus study. Further input was gathered with surveys, interviews,

and review of existing standards and health app assessment frameworks. The health app quality label

(Annex A) has been inspired by the EU energy label that is also used in more than 50 countries outside

Europe, the Nutriscore and the FDA over-the-counter medicine label. Think-aloud testing of the health

app quality label with people with low health literacy in the Netherlands and subsequently Egypt and

Mexico was used to ensure adequate understanding in different contexts.
Outline

This document defines a set of questions and supporting evidence that can be used to clarify the quality

and reliability of a health app. A health app quality label is defined to summarize this information in a

visually appealing way.

The questions and evidence are listed under the following headings taking into account the need to be

understood by those with low health literacy:
— Product information;
© ISO 2021 – All rights reserved PROOF/ÉPREUVE v
---------------------- Page: 5 ----------------------
ISO/TS 82304-2:2021(E)
— Healthy and safe;
— Easy to use;
— Secure data;
— Robust build.

This document provides requirements for the specification for the Health App Quality Label in

Annex A, and a calculation method in Annex B to generate the quality score information that is

displayed on the label.
This document also contains annexes covering the following:
— Annex C: the rationale for the scope of this document and content decisions;

— Annex D: a walk through the relevant international health software products and process standards,

providing recommendations and explanations, where appropriate, to help those developing or

evaluating health and wellness apps to understand how the standards can be applied;

— Annex E: an example of how a profile of this document can be defined for the assessment of contact

tracing apps. Similar profiles can be produced for other specific use cases;

— Annex F: ethical considerations for app developers and evaluators to take into account;

— Annex G: a range of ways that this document can be used by different stakeholders throughout the

lifecycle of a health app.
vi PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/TS 82304-2:2021(E)
Health software —
Part 2:
Health and wellness apps—Quality and reliability
1 Scope

This document provides quality requirements for health apps and defines a health app quality label in

order to visualize the quality and reliability of health apps.

This document is applicable to health apps, which are a special form of health software. It covers the

entire life cycle of health apps.

This document is intended for use by app manufacturers as well as app assessment organizations in

order to communicate the quality and reliability of a health app. Consumers, patients, carers, health

care professionals and their organizations, health authorities, health insurers and the wider public can

use the health app quality label and report when recommending or selecting a health app for use, or for

adoption in care guidelines, care pathways and care contracts.

NOTE Health apps can be subject to national legislation, such as for medical devices.

2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1 General terms
3.1.1
accessibility

extent to which products, systems, services, environments and facilities can be used by people from a

population with the widest range of user needs, characteristics and capabilities to achieve identified

goals in identified contexts of use

Note 1 to entry: Context of use includes direct use or use supported by assistive technologies.

[SOURCE: ISO 9241-11:2018, 3.2.2]
3.1.2
conformity assessment
demonstration that specified requirements are fulfilled

Note 1 to entry: The process of conformity assessment can have a negative outcome, i.e. demonstrating that the

specified requirements are not fulfilled.
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 1
---------------------- Page: 7 ----------------------
ISO/TS 82304-2:2021(E)
3.1.3
effectiveness
ability to produce the intended result
[SOURCE: ISO 81001-1:— , 3.2.5]
3.1.4
efficiency
resources used in relation to the results achieved

Note 1 to entry: Typical resources include time, human effort, costs and materials.

[SOURCE: ISO 9241-11:2018, 3.1.13]
3.1.5
evidence

directly measurable characteristics of a process and/or product that represent objective, demonstrable

proof that a specific activity satisfied a specified requirement
[SOURCE: ISO/IEC 21827:2008, 3.19]
3.1.6
health

state of complete physical, mental and social well-being and not merely the absence of disease of

infirmity
[53]
[SOURCE: WHO 1948 ]
3.1.7
health benefit

positive impact or desirable outcome of the use of health software on the health of an individual

3.1.8
health intervention

act performed for, with or on behalf of a person or population whose purpose is to assess, improve,

maintain, promote or modify health, functioning or health conditions
[53]
[SOURCE: WHO 1948 ]
3.1.9
health issue

representation of an issue related to the health of a subject of care as identified by one or more

healthcare actors

Note 1 to entry: According to this definition, a health issue can correspond to a health problem, a disease, an

illness or another kind of health condition.

EXAMPLE A loss of weight, a heart attack, a drug addiction, an injury, dermatitis.

[SOURCE: ISO 13940:2015]
3.1.10
health need

deficit in the current health state compared to aspects of a desired future health state

[SOURCE: ISO 13940:2015]
1) Under preparation. Stage at the time of publication: ISO/FDIS 81001-1:2020.
2 PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TS 82304-2:2021(E)
3.1.11
intended use

health-related use for which a product, process or service is intended according to the specifications,

instructions and information provided by the manufacturer

Note 1 to entry: The intended health benefit, patient population, part of the body or type of tissue interacted

with, user profile, use environment, and operating principle are typical elements of the intended use.

Note 2 to entry: A health app has an intended use irrespective of whether it is a medical device. A concept of

“intended use” is used in a more restrictive sense in some medical device regulations.

[SOURCE: ISO/IEC Guide 63:2019, 3.4, modified — Note 2 to entry added.]
3.1.12
intended users
group(s) of people for whom a product is designed

Note 1 to entry: In many cases the actual user population is different from that originally intended by the

manufacturer. The intended user group is based on realistic estimations of who the actual users of the product

will be.
[SOURCE: ISO 20282-1:2006, 3.12]
3.1.13
interoperability

ability of two or more systems or components to exchange information and to use the information that

has been exchanged

[SOURCE: IEEE standard computer dictionary: a compilation of IEEE standard computer glossaries.

New York: Institute of Electrical and Electronics Engineers; 1990]
3.1.14
joint PII controller

PII controller that determines the purposes and means of the processing of PII jointly with one or more

other PII controllers
[SOURCE: ISO/IEC 27701:2019, 3.1]
3.1.15
medical device

instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software,

material or other similar or related article, intended by the manufacturer to be used, alone or in

combination, for human beings, for one of more of the specific medical purpose(s) of

— diagnosis, prevention, monitoring, treatment or alleviation of disease,

— diagnosis, monitoring, treatment, alleviation of or compensation for an injury,

— investigation, replacement, modification, or support of the anatomy or of a physiological process,

— supporting or sustaining life,
— control of conception,
— disinfection of medical devices,

— providing information by means of in vitro examination of specimens derived from the human body,

and does not achieve its primary intended action by pharmacological, immunological or metabolic

means, in or on the human body, but which may be assisted in its function by such means

Note 1 to entry: Products that can be considered to be medical devices in some jurisdictions but not in others include

— disinfection substances,
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 3
---------------------- Page: 9 ----------------------
ISO/TS 82304-2:2021(E)
— aids for persons with disabilities,
— devices incorporating animal and/or human tissues, and
— devices for in-vitro fertilization or assisted reproductive technologies.
[SOURCE: ISO/IEC Guide 63:2019, 3.7]
3.1.16
personally identifiable information
PII

any information that (a) can be used to establish a link between the information and the natural person

to whom such information relates, or (b) is or can be directly or indirectly linked to a natural person

[SOURCE: ISO/IEC 29100:2011/Amd.1:2018, 2.9, modified — Note to entry removed.]
3.1.17
privacy

freedom from intrusion into the private life or affairs of an individual when that intrusion results from

undue or illegal gathering and use of data about that individual
[SOURCE: ISO/TS 27790:2009, 3.56]
3.1.18
processing of PII

operation or set of operations performed upon Personally Identifiable Information (PII)

Note 1 to entry: Examples of processing operations of PII include, but are not limited to, the collection, storage,

alteration, retrieval, consultation, disclosure, anonymization, pseudonymization, dissemination or otherwise

making available, deletion or destruction of PII.
[SOURCE: ISO/IEC 29100:2011, 2.23]
3.1.19
quality

degree to which a set of inherent characteristics of an object fulfils requirements

[SOURCE: ISO 9000:2015, 3.6.2, modified — Notes to entry removed.]
3.1.20
reliability

ability of a device or a system to perform its intended function under given conditions of use for a

specified period of time or number of cycles
[SOURCE: ISO 14907-1:2020, 3.23]
3.1.21
safety
freedom from unacceptable risk
[SOURCE: ISO/IEC Guide 63, 2019, 3.16]
3.1.22
satisfaction

extent to which the user's physical, cognitive and emotional responses that result from the use of a

system, product or service meet the user’s needs and expectations

Note 1 to entry: Satisfaction includes the extent to which the user experience that results from actual use meets

the user’s needs and expectations.
Note 2 to entry: Anticipated use can influence satisfaction with actual use.
[SOURCE: ISO 9241-11:2018, 3.1.14]
4 PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/TS 82304-2:2021(E)
3.1.23
security

condition that results from the establishment and maintenance of protective measures that ensure a

state of inviolability from hostile acts or influences

Note 1 to entry: Hostile acts or influences could be intentional or unintentional.

3.1.24
usability

extent to which a system, product or service can be used by specified users to achieve specified goals

with effectiveness, efficiency and satisfaction in a specified context of use
[SOURCE: ISO 9241-210:2019, 3.13]
3.1.25
user
person who interacts with a system, product or service

Note 1 to entry: Users of a system, product or service include people who operate the system, people who make

use of the output of the system and people who support the system (including providing maintenance and

training).
[SOURCE: ISO 9241-11:2018, 3.1.7]
3.1.26
use error
reasonably foreseeable misuse
3.2 Terms relating to apps
3.2.1
app
software application that can be executed (run) on a computing platform

Note 1 to entry: Apps were initially established as a category of software developed to run on mobile platforms

for a single or limited number of purposes. However, the distinction between apps and other software

applications has become less clear as a wider range of computing platforms are marketed as supporting apps and

app repositories, and as apps with a wider range of functions are developed.

Note 2 to entry: An example is a software application running on a handheld commercial off-the shelf computing

platform, with or without wireless connectivity, or a web-based software application that is tailored to a mobile

platform but is executed on a server.

[SOURCE: BS PAS 277:2015, 3.1.1, modified — 'and is typically a small application run or accessed on

mobile devices' removed from the definition, Note 2 to entry modified.]
3.2.2
app assessment organization
organization that evaluates apps

Note 1 to entry: This can be done to inform the purchasing or recommendation of an app, or as part of a

certification program.
3.2.3
health app
health and wellness app

app intended to be used specifically for managing, maintaining or improving health of individual

persons, or the delivery of care

[SOURCE: IEC 82304-1:2016 3.6, modified — Changed 'software' to 'app' in term and definition, 'health

and wellness app' was added as a term, notes to entry deleted.]
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 5
---------------------- Page: 11 ----------------------
ISO/TS 82304-2:2021(E)
3.2.4
health software

software intended to be used specifically for managing, maintaining or improving health of individual

persons, or the delivery of care

Note 1 to entry: Health software fully includes what is considered software as a medical device.

Note 2 to entry: The scope of IEC 82304-1 refers to the subset of health software that is intended to run on general

computing platforms.

[SOURCE: IEC 82304-1:2016, 3.6, modified — 'documents' changed to 'documentation'.]

3.2.5
health software product
combination of health software and accompanying documentation
[SOURCE: IEC 82304-1:2016, 3.7]
3.2.6
manufacturer
app manufacturer

natural or legal person with responsibility for design and/or manufacture of a health app with the

intention of making the health app available for use, under their own name; whether or not such a health

app is designed and/or manufactured by that natural or legal person themselves or on their behalf by

(an)other natural or legal person(s)

Note 1 to entry: This ‘natural or legal person’ has ultimate legal responsibility for ensuring compliance with all

applicable regulatory requirements for the health app in the countries or jurisdictions whe

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.