Xcertia's New Guidance Documents for Mobile Health Apps

Executive Summary

We came across an interesting blog post recently by Evan Sweeney and wanted to share the information with the Healthcare Privacy Community. We are interested in generating some discussion on this topic. Visit the Community to join the conversation.

Four new guidance documents were released by Xcertia to provide more clarity around operability, privacy, security and content of mobile health apps. The guidelines feature input from a broad array of stakeholders to address several key concerns surrounding mobile health apps. The Xcertia guidelines will be updated annually by designated work groups drawn from Xcertia’s membership. Upon completion of each update, the guidelines will be made available to the public.

We are interested in generating some discussion on this topic in our Healthcare Privacy Community. Please visit this space to join the conversation.

About Xcertia

Xcertia is a joint mHealth app collaborative effort pioneered by the American Medical Association (AMA), American Heart Association (AHA), DHX Group and Healthcare Information and Management Systems Society (HIMSS). The collaboration builds on each organization’s ongoing efforts to foster safe, effective, and reputable health technologies. 


The early version of the guidelines assesses the quality, safety, and effectiveness of mobile health apps in the following four key areas:

  • Operability – assess whether a mobile health app installs, loads, and runs in a manner that provides a reasonable user experience.
  • Privacy - assess whether a mobile health app protects the user’s information, including Protected Health Information in full compliance with all applicable laws, rules, and regulations.
  • Security – assess if the application is protected from external threats.
  • Content – assess whether the information provided in the mobile health app is current and accurate.