Wearable, app & co.: opportunities and risks for therapy

At specialist symposia, it is said that mHealth (Mobile Health), the location-independent recording, evaluation, diagnosis or alerting via portable devices, is on the advance. eHealth (Electronic Health) is the trend. Experts estimate that around 91,000 iOS apps on the subject of medicine and health were offered for sale in 2017. The trend is rising. The supply situation is difficult to keep track of.

More and more specialized apps and offers are circulating. Worth mentioning for therapies are offers in self-medication, in the treatment of chronic diseases, whereby adherence to therapy is to be promoted. Compared to previous medical offerings, mHealth offers fundamental advantages:

Advantages are given "above all by the enormous penetration of the smartphone, by the frequency of use as well as low acquisition costs", a study underlines the relevance of eHealth (*Shrum, 2014).

In addition to preventive measures, hospital managers see more opportunities to increase the quality of their services and care through mobile health programs. The unrestricted exchange of data with doctors and the resulting traceability of therapy are viewed positively across the board by experts. But not everything that reads in patient data is a blessing. Experts warn time and again that users are using the devices in a relatively uninformed manner and are not aware of the potential dangers that can arise from their use - especially in highly sensitive areas.

"Five percent of hospital admissions are due to adverse drug events."

Informational "self-determination
In the field of eHealth, as in other sectors, there is a risk of overburdening individual actors or entire groups, for example through new services and technologies (through the speed of development, complexity, etc.). The digital transformation therefore affects not only app developers, but also parts of the ageing society in need of care.

Precisely because of the massive flood of data collection applications, the Swiss healthcare system should be able to provide guidelines to educate data collectors, patients and data processors as best as possible about concepts such as "informational self-determination" and "digital sovereignty".

Various stakeholders are currently working on the efficient and secure use of patient data under the leadership of the Federal Offices of Public Health (FOPH) and Justice (FOJ). Up to now, self-determination has applied: citizens and patients can submit written consent to the collection of personal data and demand or prevent the secondary use of their data. However, it is difficult to enforce one's "right to copy" in the case of apps that have been developed over several stages.

In addition, the costs for CE certification of an app, i.e. the evaluation of the technical documentation of a med-app, are also not without. Currently, the company size is a benchmark, TÜV SÜD is quoted regarding the quality management of eHealth apps. The certification of a modest app development company alone can amount to 10000 euros (source: aerzteblatt.de).

Gaps in medical device inventions
An inhibition in even the most well-tested systems: Hackers take advantage of exceptional situations, preferentially skimming off sensitive data via phishing e-mails or borrowed (medical) devices. In extreme cases, they even manipulate medical devices (e.g. via calibration software). At the Security in Health Conference 2017 in Rotkreuz, two insiders from the Chaos Computer Club Zurich gave a presentation on this side of the circulating vulnerabilities and spyware in medical devices.

They reported about targeted wrong programming of vital devices (e.g. a wireless defibrillator), which could be executed via an iPhone. Currently, there are still isolated cases, but syringe pumps, anaesthesia devices and, not least, private tablets with sensitive data are switched on around the clock.

In order to obtain medical (meta)data, criminals prefer to focus on mobile devices. "It's not just a question of identity theft, medical data brings in a lot of money on the market - new technologies such as anonymised crypto transfers do the rest," says Peter Fischer, organiser of the Security in Health Conference and Professor of Computer Science at the Lucerne University of Applied Sciences, commenting on critical issues that are now affecting the Swiss healthcare system (see box "Cyberattacks on hospitals").

Claudio Luck of the Chaos Computer Club: "Online data, which also originate from measuring devices or devices, are now easier for analysts to market than handwritten letters." In this way, globally organized groups usually engage in unpunished black market trading with medical data and internal reports.

"The Natural Cycles contraceptive app is in Class II(b)."

Which apps are medical devices
With the entry into force of the EU Medical Devices Regulation, the definition of medical devices is expanding. From 2020, it is quite possible that some apps and associated software will be assigned to the same risk category as artificial heart valves.

"Many apps that today still belong to the lowest risk class I will be classified higher from 2020," explains Dr. Andreas Purde from TÜV SÜD, referring to the new Rule 11 in the Medical Device Regulation MDR. It states that software that helps to make a decision in diagnosis or therapy belongs at least to class II a."

Nevertheless, many app offers are still far behind this regulation. - Whether apps can really help acute cases better or in a more targeted way and whether in the near future it will even be possible to introduce watertight health analyses - for example via genetic material - remains to be seen in practice.

The Federal Institute for Drugs and Medical Devices (BfArM) emphasizes: "Depending on the possible health consequences of incorrect information, applications are to be classified in the future even up to risk class III. As an example, the BfArM cites damage caused by incorrect dosages in cancer therapy. Artificial heart valves or hip endoprostheses are otherwise classified in this risk class.

Even a pain diary as an app, which calculates the so-called pain score, on which the doctor bases his therapy, thus belongs at least to class II a, says Purde from TÜV SÜD.

Purpose still largely open
Purde has already tested a number of medical apps. According to his assessment, certification most often fails due to three points:

• The app is not a medical product, for example because its purpose is not medical.
• Standards (including IEC 62304, IEC 62366-1, ISO 14971) were not met and risks were not sufficiently mitigated - this includes risks related to cybersecurity.
• The clinical data are insufficient. They can usually be compiled from a literature search. "If this is not possible, a clinical trial is needed," Purde says. Source: www.aerzteblatt.de

Note: Benefit evaluation is also not covered by CE marking.

Before using an app on a patient, physicians must satisfy themselves that it is suitable for the intended purpose and recognizably safe, in order to invalidate any accusation of fault in the event of damage. Currently, only a few apps are labelled as medical devices.

App risk classification
"Of almost 9000 health apps with a German app description, less than 40 refer to a CE marking", explains PD Dr. med. Urs-Vito Albrecht from the Hannover Medical School the results of an analysis. About half of them can be researched at the German Institute for Medical Documentation and Information DIMDI.

"In the future, microdata points can be collected from ORs."

According to MDD regulation, the apps Tinnitracks for neuroacoustic tinnitus therapy, Cankado for cancer therapy and Kaia for back pain therapy still belong to Class I. The contraception app Natural Cycles belongs to class II b, CardioSecure Pro promises an ECG in clinical quality (class II a).

Finally, when classifying new applications, it must be taken into account that studies on patient safety show that at least five percent of hospital admissions are due to misdiagnoses or undesirable "drug events". However, there are efforts to have patients cure themselves via reputable apps.

eHealth in Switzerland
Experts agree: Apps can support doctors and therapists in prevention, diagnosis and therapy.

However, they should be subject to qualitative regulations or international certification. Patients can currently only rely on recommendations from specialists, for example to record their vaccination status electronically and to scan in personal data. Unfortunately, the topic of "mHealth" (see info-box), the mobile management of patient data, is still too strongly provider- and consumer-driven.

Adrian Schmid, Head of eHealth Suisse, emphasized: "A good three million health apps are used in Switzerland. However, these apps do not meet the definition of medical devices." According to his estimates, at most three percent of those programs meet the conditions of the Federal Therapeutic Products Act, which also define modern medical products per se.

A coordinated approach has been lacking in Switzerland so far. Schmid and a number of experts are in favour of mobile support, provided that concrete measurements are taken and that such big data values are securely stored. Schmid: "In any case, the source of information should be free of advertising and politically independent.

Insurance companies are already working with different app designs. They advertise health checks, self-participation, with support measures and incentives for their use. Electronic data management, on the other hand, is not new to the healthcare sector. Data from various sources (electronic patient dossier, service providers, types of therapy, etc.) intersect and flow into areas such as purchasing, mobility, building technology and geolocation.

It is said that in the near future, a patient's state of health could also be described with the help of microdata points on surgical materials, even on patient dressings and preparations to be ingested. In addition to relieving doctors of administrative work through automated documentation, this approach offers many other possibilities and possibly paves the way to intelligent technologies.

Common sense given?
However, only if the population is able and willing to use the achievements of "eHealth", "Personalized Medicine", "TeleMedCare" or "Ambient Assisted Living" and to have confidence in them will it be possible to achieve benefits and added value for the players and the healthcare system as a whole. This also applies to a large extent to the social acceptance of the necessary foundations, means, instructions or procedures.

In Switzerland, for example, the IG eMediplan, an organisation, is committed to the introduction of the eMediplan. The eMediplan not only helps to avoid medication errors, "it alerts about preparations in real time". In Germany, there is the not insignificant comparison portal HealthOn. It helps to identify the worldwide, confusing market of health and medicine apps. Providers and patients alike should be able to benefit from this, finding the truly "relevant offers".

In any case, developers of medical apps must be prepared for significantly higher requirements. Until now, an app or software was considered a medical device if it pursued a diagnostic or therapeutic approach. As mentioned above, even a pain diary on an app will soon belong to Class II a of the EU Medical Devices Regulation, according to TÜV SÜD.

The secure and responsible handling of sensitive data and the protection of patients are of utmost importance in the healthcare sector. Overall, however, there are too few opportunities to promote media competence in the context of the education and training of the relevant professionals - after all, the most important skills in matters of eHealth converge in the necessary basic attitude (awareness) of all those involved.