So, you want to build a mobile app for use in medical or health applications and believe that it may fall under government regulations? Getting regulatory approval is no small task, but focusing on building a great product will significantly increase your ability to succeed.
Many mobile medical apps fail. Some fail because they don’t solve a problem or aren’t better than existing solutions. Others fail because they’re too challenging or tedious to use. Then there are those that get shut down for failing to follow FDA, HIPAA, or HITECH regulations.
Do One Thing and Do it Well
The first step on the path to building a great mobile medical app is solving a real problem. As declared in Unix Philosophy, software must do one thing and do it well.
Start by defining a plan to solve the problem. Consult experts in the field and your expected user base to confirm that your approach will solve a real problem or significantly improve upon an existing solution. Involve mobile software engineers early on in the planning phase; they’ll be able to tell you when something is impossible or impractical to implement.
If you’re involved in decisions regarding monetization of the app, research monetization strategies and decide on your approach from the beginning. Architecting for subscriptions, in-app purchases, advertisements, or a watered-down free version of the app upfront will save time during development and lead to a cleaner implementation of your chosen strategy.
Begin developing your app. Focus on creating an MVP (Minimum Viable Product). The sooner your app has basic functionality, the sooner you can start testing and refining the app’s core.
Now that your app solves a problem, you need to make people want to use it. In the case where your app may be prescribed to users as a treatment, making the app easier to use will increase the chances that the app is used as designed and that the treatment is successful. Consider your expected user base and use case. For example, some things to consider:
- Are they naturally proficient at using smartphones?
- If not, you’ll want to trade icons and gestures for buttons with text descriptions.
- Are they expected to have poor vision or poor fine-motor skills?
- In these cases, you’ll want to take advantage of the phone’s accessibility settings to improve their user experience (UX).
- Are there risks associated with accidental misuse of the app?
- If so, you’ll need to make sure your user interface (UI) is clear and explicit. You’ll also want to take extra steps to minimize the chances of accidental misuse.
Your use case and user base affect how your user interface should look to foster a positive user experience. A UX designer can be a huge help here. You should seriously consider getting one if your budget allows.
Performing usability testing with your target demographic will provide the best insights on how to improve. Keep testing and iterating on your UI until you are happy with your user’s feedback. Don’t be afraid to go back to the drawing board and try new things. Being usable is not enough; successful apps engage users.
That doesn’t mean that your mobile medical app needs to be the same as what users are familiar with. Users can and should learn how to use your app. Many apps are designed based on insights from a small board of doctors. These apps tend to break from standard app UX in favor of being familiar to the stakeholders. Your app should help these users to transition towards what is standard. This way, they are not forever stuck in the same ideas of what an app should look like.
Once you have an app that solves a problem and has an engaging user experience, then you can focus on preparing the app for regulatory approval.
Preparing Your Mobile Medical App for Regulatory Submissions
Regulatory submissions can be quite a challenge. It often takes a team months to create a submission. Submissions generally require full documentation of software and proper document revision control. Due to the scope of this subject, we’ll only be focusing on the parts most applicable during the design phase: Human Factors and HIPAA Compliance.
If you haven’t yet, determine whether your app is classified as a Mobile Medical App and whether the FDA intends to exercise enforcement discretion, as this will affect your approach to achieve regulatory compliance. You can find FDA guidance here.
Human factors and usability engineering study how users interact with a medical device. The results of the study are used to validate that the app will be used safely and effectively. Like most design processes, usability engineering is iterative, consisting of multiple rounds of testing, improvement, and validation.
The interaction between user and device consists of the way users:
- Perceive information from the device
- Interpret that information and decide how to proceed
- Perform actions on the device
This interaction also consists of how devices:
- Receive user input
- Respond to input and provide feedback about the action taken.
The FDA provides guidance on their expectations for human factors and usability engineering, which you can find here. Understanding the expectations for your submission’s human factors testing before you start on your UX design will help prevent you from having to redo aspects of your Usability testing.
Health Insurance Portability and Accountability Act (HIPAA) is a set of regulations enforcing the privacy and security of certain health information. This health information, referred to as (electronic) Protected Health Information (PHI or ePHI), includes any healthcare information that can be linked back to a specific individual. If your app handles any data that may qualify as PHI, then these regulations apply. Compliance generally consists of 4 principles:
- Access Control: Who can access the data? Are there rules in place about who is given access to PHI and are steps taken to prevent unauthorized access?
- Audit Control: Who accessed PHI data and when? Can you tell who accessed PHI data and what PHI data they accessed?
- Integrity Control: Who can modify PHI Data? Are modifications covered by Audit Control? Can the data become corrupted?
- Transmission Control: How is PHI data transferred, and how is the data kept secure during transport?
The way that these questions are answered should give you a basic idea of whether or not your app will be HIPAA compliant.
HIPAA is America’s answer to health privacy, and other countries have their own equivalents. GDPR (EU) and PIPEDA (Canada) are just a few such regulations. Electronic privacy is becoming a growing concern throughout the world, and with the increasing penalties for violations, you need to be sure that your app handles patient data responsibly for all regions where it is in use.
Ready to Get Started?
You might also like:
How to Use Agile Frameworks in the Medical Device Industry