Safer apps for safer patients

  • 5th February 2020
Safer apps blog image

Photo by Robin Worrall on Unsplash

In October, health app evaluation and advisor organisation ORCHA revealed that 85% of healthcare apps available for download do not meet the minimum standards set by its review process.

There are currently around 350,000 health and care apps across Apple and Android app stores, targeted at a range of users, from those interested in general health and wellbeing to those seeking professional medical advice. ORCHA has created five different 'levels' to classify the different types of apps in terms of their functionality and scope. After classifying an app, ORCHA can then determine how best to review it.

The ORCHA Levels are as follows:

  • Level 0 - Simple Wellbeing
  • Level 1 - Advanced Wellbeing
  • Level 2 - General Health
  • Level 3 - Condition Management
  • Level 4 - Regulated

What makes an app unsafe?

According to ORCHA, there are three main areas that should be considered when looking at app safety. These are data privacy, clinical assurance and efficacy (the app is created and endorsed by experts, and includes evidence to support the use of the app if necessary) and user experience (functionality, degree of personalisation, accessibility, etc.).

How is UK healthcare addressing the issue of unsafe apps?

A number of NHS bodies, including regulators, are now setting standards and requirements that digital health and care products have to meet. This covers the different levels referred to above, and requirements are more stringent the higher the level of app.

  • NHS Digital has created digital assessment questions (DAQ) to assess the suitability of a digital product to be included in the NHS app library (at the time of writing, there are 79 apps currently in the NHS app library).
  • The National Institute for Health and Care Excellence (NICE) has created an evidence standards framework that helps developers to evidence that they have done the necessary research to support the implementation of their digital health technology. Again, the higher the level of app, the more stringent the requirements.
  • The Medicines & Healthcare products Regulatory Agency (MHRA) has produced guidance for developers creating software apps that should be regarded as a medical device. New Medical Device Regulations come into force in May 2020 and will be far stricter than they are currently.

What's missing from existing regulation?

The existing regulations tend to consider what developers need to do to produce a technically sound app that is also clinically fit for purpose. What they don't consider in very much detail is the user perspective - how the apps are actually being used by patients and what factors are at play that could influence the way that they're being used.

One area of concern is that, while a user's data may be held in a safe and secure database, should the user wish to close their account, it may not be easy for them to do so or for them to manage the deletion of their data.

Another area of concern is apps that use behavioural change in order to influence the way users think about their health, but not being clear about this purpose with the user. They most likely fail to tell the user about the changes they are seeking to make in their life, or how the app facilitates this. For example, a user could download a pregnancy app to get advice and support on how to manage some of the health implications of their situation (such as morning sickness), without realising that the app attempts to influence their behaviour by encouraging them to make healthier decisions in other areas of their life too. The user may not be aware of this or may not be seeking a lifestyle change. This raises questions about whether an app is ethical or not in the way it interacts with its users.

Patient Safety Learning is working with ORCHA to introduce patient safety requirements and criteria into their app review process.

Currently, there are no organisational standards for patient safety. This makes it difficult for organisations to set goals, design improvement programmes and ensure that staff have the skills required. We are currently looking to create organisational standards for patient safety with criteria for evaluating whether these have been met and an evidence base for review and assessment.

When ready, the patient safety requirements and criteria will be used as the basis for the review of apps and healthcare technologies in association with the existing review frameworks, e.g. NICE, MHRA.

What's next?

Patient Safety Learning and ORCHA are going to create a combined review process and trial it on a number of apps that have already gone through the ORCHA review process to see how it would have affected the outcomes of those reviews.

Once the combined review process has been refined, it will be implemented by ORCHA; users and clinicians will be able to see how safe apps are for them to use and prescribe, and developers will receive feedback on how to make their apps safer.


A platform for anyone with an interest in patient safety to share and learn from one another. Learn more.

Sign up to our newsletter