As a developer, staying up-to-date with the latest app regulations and standards is essential. We’d like to make this easier for you so that your apps can provide the best customer experience, whilst also meeting the standards required for safe, ethical and high-quality apps.
Important standards and regulations for app developers to be aware of include:
- National Institute for Health and Care Excellence’s (NICE) Evidence Standards Framework for Digital Health Technologies – These standards show the value of digital health technologies in the UK health and care system by requiring apps to provide evidence of their effectiveness. Due to the rapid development of digital health technologies, these standards require apps to demonstrate a high level of clinical effectiveness. According to Public Health England, this includes providing evidence that an app improves outcomes for patients and users, provides value for money, meets user needs, as well as that it is stable and simple to use, and that people actually use it.
- Medicines and Healthcare Products Regulatory Agency (MHRA) – If your app meets the definition of a medical device then it must be registered with and regulated by the MHRA to ensure the app’s quality and safety. The MHRA will enforce the following safety regulations under the Consumer Protection Act 1987: the Medical Devices Regulations 2002 (SI 2002 No 618, as amended) and the General Product Safety Regulations 2005 (SI 2005 No 1803) – the MHRA can investigate apps’ compliance with these regulations in accordance with the Consumer Rights Act 2015.
- Care Quality Commission (CQC) – Your app is required to register with the CQC if it provides a health or social care service, as defined by the CQC’s ‘regulated activities’. As the independent regulator of health and social care in England, the CQC ensure that health apps are high-quality, safe and effective for consumers, patients and healthcare professionals.
- General Data Protection Regulation (GDPR) – As set out by the Information Commissioner’s Office (ICO), all businesses and organisations operating within the EU must comply with GDPR. If your app controls and/or processes personal information, you are accountable for the handling of this personal data and sensitive personal data. As such, GDPR requirements include: the need to be transparent about how personal data is processed; data must be adequate, relevant, accurate and kept up-to-date; data must not be kept for longer than is necessary, and must be processed such that there is appropriate security of the personal data.
There are many other standards and regulations that form part of ORCHA’s accreditation regime, several of which we will expand on in future newsletters. If you would like more information about how we accredit apps for our App Library and NHS Digital, please contact firstname.lastname@example.org