Skip header and navigation
CMA PolicyBase

Policies that advocate for the medical profession and Canadians


2 records – page 1 of 1.

Guiding principles for physicians recommending mobile health applications to patients

https://policybase.cma.ca/en/permalink/policy11521
Date
2015-05-30
Topics
Health information and e-health
Physician practice/ compensation/ forms
  1 document  
Policy Type
Policy document
Date
2015-05-30
Topics
Health information and e-health
Physician practice/ compensation/ forms
Text
GUIDING PRINCIPLES FOR PHYSICIANS RECOMMENDING MOBILE HEALTH APPLICATIONS TO PATIENTS This document is designed to provide basic information for physicians about how to assess a mobile health application for recommendation to a patient in the management of that patient's health, health care, and health care information. These guiding principles build on the Canadian Medical Association's (CMA) Physician Guidelines for Online Communication with Patients.1 Background * Mobile health applications, distinct from regulated medical devices, may be defined as an application on a mobile device that is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease. The functions of these applications may include: o The ability to store and track information about an individual or group's health or the social determinants thereof; o Periodic educational information, reminders, or motivational guidance; o GPS location information to direct or alert patients; o Standardized checklists or questionnaires.2 * Mobile health applications can enhance health outcomes while mitigating health care costs because of their potential to improve a patient's access to information and care providers.3 * Mobile health applications are most commonly used on a smart phone and/or tablet. Some may also interface with medical devices. * The use of mobile health applications reflects an emerging trend towards personalized medicine and patient involvement in the management of their health information. By 2016, 142 million health apps will have been downloaded.4 According to some industry estimates, by 2018, 50 percent of the more than 3.4 billion smartphone and tablet users worldwide will have downloaded at least one mobile health application.5 * While mobile health application downloads are increasing, there is little information about usage and adherence by patients. It is believed that many patients cease to use a mobile health application soon after downloading it. * Distributers of mobile health applications do not currently assess content provided by mobile health applications for accuracy, comprehensiveness, reliability, timeliness, or conformity to clinical practice guidelines.6 However, mobile applications may be subjected to certain standards to ensure critical technical requirements such as accessibility, reachability, adaptability, operational reliability, and universality. * Increasingly there are independent websites providing reviews of medical apps and checklists for health care professionals. However, the quality criteria used by these sites, potential conflicts of interest, and the scope and number of mobile apps assessed are not always declared by these groups. To date, randomized controlled trials are not usually employed to assess the effectiveness of mobile health applications. Some believe that the rigorousness of this type of assessment may impede the timeliness of a mobile health application's availability.7 * Some examples of the uses of mobile health applications include tracking fitness activities to supplement a healthy lifestyle; supported self-management of health and health information; post-procedure follow up; viewing of test results; and the virtualization of interaction between patients and providers, such as remote patient monitoring for chronic disease management. Some mobile health applications may be linked to a patient profile or patient portal associated with a professional or recognized association or medical society or health care organization. * Some mobile health applications may be an extension of an electronic medical records (EMR) platform. Guiding principles * The objective of recommending a mobile health application to a patient must be to enhance the safety and/or effectiveness of patient care or otherwise for the purpose of health promotion. * A mobile health application is one approach in health service delivery. Mobile health applications should complement, rather than replace, the relationship between a physician and patient. * No one mobile health application is appropriate for every patient. Physicians may wish to understand a patient's abilities, comfort level, access to technology, and the context of the application of care before recommending a mobile health application. * Should a physician recommend a mobile health application to a patient, it is the responsibility of the physician to do so in a way that adheres to legislation and regulation (if existing) and/or professional obligations. * If the mobile health application will be used to monitor the patient's condition in an ongoing manner, the physician may wish to discuss with the patient what they should watch for and the steps they should take in response to information provided. * Physicians are encouraged to share information about applications they have found effective with colleagues. * Physicians who require additional information about the competencies associated with eHealth and the use of health information technologies may wish to consult The Royal College of Physicians and Surgeons of Canada's (RCPSC) framework of medical competencies, CanMEDS.8 * Physicians may wish to enter into and document a consent discussion with their patient, which can include the electronic management of health information or information printed out from electronic management platforms like mobile health applications. This agreement may include a one-time conveyance of information and recommendations to cover the elements common to many mobile health applications, such as the general risk to privacy associated with storing health information on a mobile device. Characteristics of a safe and effective mobile health application A mobile health application does not need to have all of the following characteristics to be safe and effective. However, the more of the following characteristics a mobile health application has, the likelier it will be appropriate for recommendation to a patient: 1. Endorsement by a professional or recognized association or medical society or health care organization As recommended by the Canadian Medical Protective Association (CMPA), it is best to select mobile health applications that have been created or endorsed by a professional or recognized association or medical society.9 Some health care organizations, such as hospitals, may also develop or endorse applications for use in their clinical environments. There may also be mobile health applications associated with an EMR platform used by an organization or practice. Finally, some mobile health applications may have been subject to a peer review process distinct from endorsement by an association or organization. 2. Usability There are a number of usability factors than can complicate the use of mobile applications, including interface and design deficiencies, technological restrictions, and device and infrastructure malfunction. Many developers will release periodic updates and software patches to enhance the stability and usability of their applications. Therefore, it would be prudent for the physician recommending the mobile health application to also recommend to the patient that they determine if the application has been updated within the last year. Physicians considering recommending a mobile health application to a patient may wish to ask about the patient's level of comfort with mobile health technologies, their degree of computer literacy, whether or not the patient owns a mobile device capable of running the application, and whether or not the patient is able to bear potential one-time or ongoing costs associated with use of the application. Physicians may consider testing the application themselves beforehand to understand whether its functionality and interface make it easy to use. 3. Reliability of information Physicians considering recommending a mobile health application may wish to understand how the patient intends to use the information, and/or review the information with the patient to understand whether it is current and appropriate. Information presented by the mobile health application should be appropriately referenced and time-stamped with the last update by the application developer. 4. Privacy and security There are inherent security risks when a patient uses mobile health applications or enters sensitive information into their mobile device. Mobile devices can be stolen, and the terms of use for mobile health applications may include provisions for the sharing of information with the application developer and other third-parties, identified or un-identified, for commercial purposes. In 2014, the Officer of the Information and Privacy Commissioner of Alberta assessed approximately 1200 mobile applications and found nearly one-third of them required access to personal information beyond what should be required relative to their functionality and purpose, and that basic privacy information was not always made available.10 Physicians entering into and documenting a consent discussion with their patients may wish to include the electronic management of health information in the scope of these discussions, and make a notation of the discussion in the patient's health record. If physicians have not entered into and documented a general consent discussion, they may wish to indicate to the patient that there are security risks associated with mobile health applications, and recommend that the patient avail themselves of existing security features on their device. Physicians may wish to recommend to the patient that they determine whether a privacy policy has been made available which discloses how data is collected by the application and used by the developer, or a privacy impact assessment, which demonstrates the risks associated with the use of the application. Some mobile health applications may feature additional levels of authentication for use, such as an additional password or encryption protocols. If all other factors between applications are equal, physicians may wish to recommend that patients use mobile health applications adhering to this higher standard of security. 5. Avoids conflict-of-interest Physicians may wish to recommend that patients learn more about the company or organization responsible for the development of the application and their mandate. There is a risk of secondary gains by mobile health application developers and providers where information about patients and/or usage is gathered and sold to third parties. A standardized conflict of interest statement may be made available through the mobile health application or on the developer's website. If so, physicians may wish to refer the patient to this resource. Physicians who develop mobile applications for commercial gain or have a stake in those who develop applications for commercial gain may risk a complaint being made to the College on the basis that the physician engaged in unprofessional conduct if they recommend mobile health applications to their patients in the course of patient care. 6. Does not contribute to fragmentation of health information Some mobile health applications may link directly to an EMR, patient portal, or government data repository. These data resources may be standardized, linked, and cross-referenced. However, health information entered into an application may also be stored on a mobile device and/or the patient's home computer, or developers of mobile health applications may store information collected by their application separately. While there may be short-term benefits to using a particular mobile health application, the range of applications and developers may contribute to the overall fragmentation of health information. If all other factors between applications are considered equal, physicians may wish to recommend mobile health applications which contribute to robust existing data repositories, especially an existing EMR. 7. Demonstrates its impact on patient health outcomes While not all mobile health applications will have an appropriate scale of use and not all developers will have the capacity to collect and analyze data, physicians may wish to recommend mobile health applications that have undergone validation testing to demonstrate impact of use on patient health outcomes. If mobile health applications are claiming a direct therapeutic impact on patient populations, physicians may wish to recommend that their patients seek out or request resources to validate this claim. References 1 Canadian Medical Association. Physician guidelines for online communication with patients. Ottawa: The Association; 2005. Available: http://policybase.cma.ca/dbtw-wpd/PolicyPDF/PD05-03.pdf?_ga=1.32127742.1313872127.1393248073 2 US Food and Drug Administration, Center for Devices and Radiological Health, Center for Biologics Evaluation and Research. Mobile medical applications: guidance for industry and Food and Drug Administration staff. Rockville (MD): The Administration; 2015. Available: www.fda.gov/downloads/MedicalDevices/.../UCM263366.pdf 3 Canada Health Infoway. Mobile health computing between clinicians and patients. White paper. Toronto: The Infoway; 2014 Apr. Available: www.infoway-inforoute.ca/index.php/resources/video-gallery/doc_download/2081-mobile-health-computing-between-clinicians-and-patients-white-paper-full-report 4 iHealthBeat. 44M mobile health apps will be downloaded in 2012, report predicts. Available: www.ihealthbeat.org/articles/2011/12/1/44m-mobile-health-apps-will-be-downloaded-in-2012-report-predicts 5 Jahns R-G. 500m people will be using healthcare mobile applications in 2015. Research2guidance. Available: www.research2guidance.com/500m-people-will -be-using-healthcare-mobile-applications-in-2015/ 6 Lyver, M. Standards: a call to action. Future Practice. 2013 Nov. Available: www.cma.ca/Assets/assets-library/document/en/about-us/FP-November2013-e.pdf 7 Rich P. Medical apps: current status. Future Practice 2013 Nov. Available: www.cma.ca/Assets/assets-library/document/en/about-us/FP-November2013-e.pdf 8 Royal College of Physicians and Surgeons of Canada. The CanMEDS 2015 eHealth Expert Working Group report. Ottawa: The College; 2014. Available: www.royalcollege.ca/portal/page/portal/rc/common/documents/canmeds/framework/ehealth_ewg_report_e.pdf 9 Canadian Medical Protective Association. Managing information to delivery safer care. Ottawa: The Association; 2013. Available: https://oplfrpd5.cmpa-acpm.ca/en/duties-and-responsibilities/-/asset_publisher/bFaUiyQG069N/content/managing-information-to-deliver-safer-care 10 Office of the Information and Privacy Commissioner of Alberta. Global privacy sweep rasies concerns about mobile apps [news release]. Available: www.oipc.ab.ca/downloads/documentloader.ashx?id=3482
Documents
Less detail

Principles concerning physician information

https://policybase.cma.ca/en/permalink/policy208
Last Reviewed
2019-03-03
Date
2002-06-02
Topics
Health information and e-health
Ethics and medical professionalism
  1 document  
Policy Type
Policy document
Last Reviewed
2019-03-03
Date
2002-06-02
Topics
Health information and e-health
Ethics and medical professionalism
Text
Principles concerning physician information (CMA policy – approved June 2002) In an environment in which the capacity to capture, link and transmit information is growing and the need for fuller accountability is being created, the demand for physician information, and the number of people and organizations seeking to collect it, is increasing. Physician information, that is, information that includes personal health information about and information that relates or may relate to the professional activity of an identifiable physician or group of physicians, is valuable for a variety of purposes. The legitimacy and importance of these purposes varies a great deal, and therefore the rationale and rules related to the collection, use, access and disclosure of physician information also varies. The Canadian Medical Association (CMA) developed this policy to provide guiding principles to those who collect, use, have access to or disclose physician information. Such people are termed “custodians,” and they should be held publicly accountable. These principles complement and act in concert with the CMA Health Information Privacy Code (1), which holds patient health information sacrosanct. Physicians have legitimate interests in what information about them is collected, on what authority, by whom and for what purposes it is collected, and what safeguards and controls are in place. These interests include privacy and the right to exercise some control over the information; protection from the possibility that information will cause unwarranted harm, either at the individual or the group level; and assurance that interpretation of the information is accurate and unbiased. These legitimate interests extend to information about physicians that has been rendered in non-identifiable or aggregate format (e.g., to protect against the possibility of individual physicians being identified or of physician groups being unjustly stigmatized). Information in these formats, however, may be less sensitive than information from which an individual physician can be readily identified and, therefore, may warrant less protection. The purposes for the use of physician information may be more or less compelling. One compelling use is related to the fact that physicians, as members of a self-regulating profession, are professionally accountable to their patients, their profession and society. Physicians support this professional accountability purpose through the legislated mandate of their regulatory colleges. Physicians also recognize the importance of peer review in the context of professional development and maintenance of competence. The CMA supports the collection, use, access and disclosure of physician information subject to the conditions outlined below. Purpose(s): The purpose(s) for the collection of physician information, and any other purpose(s) for which physician information may be subsequently used, accessed or disclosed, should be precisely specified at or before the collection. There should be a reasonable expectation that the information will achieve the stated purpose(s). The policy does not prevent the use of information for purposes that were not intended and not reasonably anticipated if principles 3 and 4 of this policy are met. Consent: As a rule, information should be collected directly from the physician. Subject to principle 4, consent should be sought from the physician for the collection, use, access or disclosure of physician information. The physician should be informed about all intended and anticipated uses, accesses or disclosures of the information. Conditions for collection, use, access and disclosure: The information should: be limited to the minimum necessary to carry out the stated purpose(s), be in the least intrusive format required for the stated purpose(s), and its collection, use, access and disclosure should not infringe on the physician’s duty of confidentiality with respect to that information. Use of information without consent: There may be justification for the collection, use, access or disclosure of physician information without the physician’s consent if, in addition to the conditions in principle 3 being met, the custodian publicly demonstrates with respect to the purpose(s), generically construed, that: the stated purpose(s) could not be met or would be seriously compromised if consent were required, the stated purpose(s) is(are) of sufficient importance that the public interest outweighs to a substantial degree the physician’s right to privacy and right of consent in a free and democratic society, and that the collection, use, access or disclosure of physician information with respect to the stated purpose(s) always ensures justice and fairness to the physician by being consistent with principle 6 of this policy. Physician’s access to his or her own information: Physicians have a right to view and ensure, in a timely manner, the accuracy of the information collected about them. This principle does not apply if there is reason to believe that the disclosure to the physician will cause substantial adverse effect to others. The onus is on the custodian to justify a denial of access. 6. Information quality and interpretation: Custodians must take reasonable steps to ensure that the information they collect, use, gain access to or disclose is accurate, complete and correct. Custodians must use valid and reliable collection methods and, as appropriate, involve physicians to interpret the information; these physicians must have practice characteristics and credentials similar to those of the physician whose information is being interpreted. 7. Security: Physical and human safeguards must exist to ensure the integrity and reliability of physician information and to protect against unauthorized collection, use, access or disclosure of physician information. 8. Retention and destruction: Physician information should be retained only for the length of time necessary to fulfill the specified purpose(s), after which time it should be destroyed. 9. Inquiries and complaints: Custodians must have in place a process whereby inquiries and complaints can be received, processed and adjudicated in a fair and timely way. The complaint process, including how to initiate a complaint, must be made known to physicians. 10. Openness and transparency: Custodians must have transparent and explicit record-keeping or database management policies, practices and systems that are open to public scrutiny, including the purpose(s) for the collection, use, access and disclosure of physician information. The existence of any physician information record-keeping systems or database systems must be made known and available upon request to physicians. 11. Accountability: Custodians of physician information must ensure that they have proper authority and mandate to collect, use, gain access to or disclose physician information. Custodians must have policies and procedures in place that give effect to the principles in this document. Custodians must have a designated person who is responsible for monitoring practices and ensuring compliance with the policies and procedures. (1) Canadian Medical Association. Health Information Privacy Code. CMAJ 1998;159(8):997-1016.
Documents
Less detail