The image below shows the stages involved, followed by detail to explain it.
We must make sure that all products do what they say they do.
We will ask developers to show us how their product improves health and wellbeing.
For example, if an app is designed to help patients with their mental health, developers must give examples of how it could help people or has already done so.
We also ask if there is any evidence of the clinical, economic or behavioural benefits of using a developer's product.
This could be how it has helped to improve symptom control, clinical outcomes or patient reported outcomes.
We must make sure that developers have taken all appropriate action to keep patients safe using their product.
For example, if an app reminds patients to take their medication, developers must give evidence to show that any risk of reminders being incorrect has been completely removed or made as low as possible.
Developers of any product that could put a user at risk must meet the clinical risk management standards required by the Health and Social Care Act 2012.
This would mean producing Hazard Logs and Safety Case Reports, which would be reviewed by experts at NHS Digital.
We must make sure that any personal information collected or shared, by an app or digital tool, is handled in a safe, fair and lawful way.
This would include health information recorded by the user, like diabetes readings, or available from a person’s health record.
The UK Data Protection Act 2018:
- gives people rights and control over their information
- places greater responsibilities on organisations to use people’s information appropriately and securely
The developer must:
- assess the security assurance of an app or digital tool
- make sure that a user’s data has been correctly categorised, taking account of data protection regulations and clinical impact
We also ask for confirmation that a security assessment has been carried out against applicable Open Web Application Security Project standards.
We need to make sure that a person can understand and use an app or digital tool effectively.
Text must be clear and easy to read.
Action buttons must be big enough, easy to press and marked with commands that make sense to users.
The product's functions must do what the user expects and not perform any extra actions that are not made clear.
All products are assessed against Web Content Accessibility Guidelines 2.1, which are the agreed international standards for digital accessibility that all web content must satisfy.
- is to make sure that products provide access to as many people as possible, including older users, younger users and those with disabilities
- might involve being able to increase text size where needed and work with voice software to help people with visual impairment
The usability of an app or digital tool must satisfy the International Organization for Standardization’s requirements and recommendations for human-centred design principles and activities throughout its life cycle.
We need to test how well a product exchanges data with other systems.
For example, how it connects with a patient’s medical record, or collects readings from another device, like a smart watch or a blood pressure monitor.
This process helps developers to use data within their products, to build new functions that benefit users.
To do this, developers use Application Programming Interfaces (APIs), which allow third parties to view a product’s data in a more digestible format.
Not all apps exchange data, but those that do must adhere to NHS England’s Open API policy.
These rules make the sharing process simple, while also keeping it safe and secure.
These questions are used to understand how an app or digital tool has been tested and how testing will continue over time.
Developers must show how patients can report any problems with a product and how the developer will work to correct them.
These questions also cover what happens to any patient information a product has collected if the patient stops using it, or it's shut down by the developer.