4 Risk Management Concerns for Mobile Medical Apps Blog Feature
Nick Schofield

By: Nick Schofield on December 11th, 2018

Print/Save as PDF

4 Risk Management Concerns for Mobile Medical Apps

Thought Leadership

Mobile medical applications are part of the future in medical devices. More apps are coming online now than ever before; an estimated 200 health-related mobile apps make it to market each day. Their growing presence in healthcare has significant impact, from reductions in healthcare costs, to advancing smarter diagnostics (through leveraging big data analytics and AI), to greater access to care—especially in remote locations.

However, these apps can pose serious risks to users. Identifying and evaluating these risks now can allow developers to manage and control them more effectively throughout the product life cycle.


MobileApps_Image1Usability is perhaps the biggest risk management aspect your organization needs to account for when evaluating risks associated with your mobile medical app. Like all medical devices, human interaction is necessary to operate your app. Major usability concerns include:

  • The mobile device used to access the app
  • User expectations (ease of use, expected output, reminders/notifications, etc.)
  • Overall accessibility

One essential approach to mitigating usability risks is having user processes mapped early on. This way you can identify variables in the use environment and other contextual concerns that can be evaluated for risk. Battery issues in the user’s mobile device, for example, impact user processes; finding ways to control the resulting risks is key.  


As more devices and applications become interconnected, hacking risks grow. WannaCry and other cyberattacks have shown us that even though hackers might not specifically be aiming to take down medical devices, they are certainly using them to get at information they want. With many mobile apps, a lot of sensitive information is generated and retained that needs to be protected. Making sure that adequate risk controls are in place to maintain users’ privacy is therefore a vital concern that developers need to consider in their risk management activities.


Data Integrity

Ensuring data integrity is critical in managing the risks of mobile medical apps. Developers need to verify that data is stored safely, remains free from tampering, and is managed thoroughly, whether by users or your organization. Likewise, any information generated by the app, such as outputs from algorithms that could be used as diagnostics, must be accurate. Possible risks to data integrity can include:

  • Errors resulting from updates/patches
  • Breakdowns in code
  • Server/data storage changes (i.e., migrating data to a new vendor’s storage systems)
  • Improper access by users or persons involved in manufacturing or maintenance

For an understanding of how important data integrity is, you can look at recent FDA guidance. While this guidance focuses more on current GMP for drug manufacturing, the principles they discuss can be more broadly applied to other life science products—including mobile medical apps. Things like access controls, software validation, audit trails, and so on can be applied to your app and maintain data integrity.

Platform/Software Updates

MobileApps_Image3Whether your organization is putting patches onto existing code, introducing new features, or rolling out new interfaces for your mobile medical app, these all present different levels of risk to users. If a patch compromises other software coding, for example, the system might malfunction or become inaccurate. New features introduced may also misalign with user expectations and result in use errors. Understanding these risks early in planning assists your organization in constructing procedures and processes for controlling and managing them throughout the lifecycle of your app.


About Nick Schofield

Nick Schofield is a content creator for Cognition Corporation. A graduate of the University of Massachusetts Lowell, he has written for newspapers, the IT industry, and cybersecurity firms. In his spare time, he is writing, hanging out with his girlfriend and his cats, or geeking out over craft beer. He can be reached at nick.schofield@cognition.us.

  • Connect with Nick Schofield