This survey will cover a specific environment offering services to mobile applications in health which includes fitness, wellness, clinical tools, and medicine (e.g., the Apple HealthKit, Smart on FHIR, etc.). Its goal is to collect knowledge in three categories:
- Identifying information so we know what products and services (offerings) are covered in this survey,
- Pertinent capabilities, such as standard API’s, made available by the covered offerings
- Organization or vendor requirements for qualification as a permitted member in their ecosystem.
While the health application is at the center of the ecosystem from a user standpoint, the organization/vendor and other third parties/vendors may provide the following offerings that in sum support the needs of the users of its health applications. Those offerings can include the platform, which may be the operating system (e.g., iOS or Android), the solution center (e.g., the Apple App Store or Google Play), andhealth related devices (e.g., Apple Watch, Fitbit, portable glucometer, etc.).
As the person who will be immersed in learning the ecosystem, you will be the key person in charge of providing pertinent feedback on something we may have missed in constructing thissurvey. So please feel free to add notes in Section IV if you find something significant in the ecosystem (e.g. something that improves the user’s health, something that assists app developers, or other important factors) that was not included. Where it looks like this will be common to other ecosystems in this study, please relay that information immediately to the proctor, Dr. Christopher C. Doss ().
- Identifying information:
- Ecosystem Name:
- Author:
- Period of study:
- Name of Platform and Organization/Vendor
- Name of API and how to get a copy of its description (attach it to this survey if it is available)
- Operating system(s) name, if different from the platform name
- Name of app store(s) and the Organization/Vendor that operates each (if they are focused, also provide the name of the focus)
- Comments:
- Pertinent capabilities
1)What is the ontology in use (i.e. how do they model the problem domain)?
2)What data models are supported?
a)What data format (e.g. JSON, XML, etc….)
b)What health data standards are supported (e.g. IEEE 11073, FHIR, v2, v3, CDA, etc.)?
c)What health data resources, in FHIR terms, are managed by the platform? (See attached legend)
d)What other data resources are managed by the platform (e.g., sleep statistics, diet, etc.)?
3)What configurations of applications and data are supported? Circle the configurations supported. If there are supported configurations not on this list, please add them.
a)Health application running on a mobile device and….
- Accessing data that is only stored on the mobile device
- Accessing data that is onlystored remotely
- Accessing data that is stored both on the mobile device and remotely
b)Two or more applications running on a mobile device at the same time and independently accessing data of the other(s) where….
- The data is onlystored on the mobile device
- The data is only stored remotely
- The data is stored both on the mobile device and remotely
- The apps running on the mobile devicecan synchronize between/among themselves
- Apps running on the mobile device can synchronize with an app running somewhere else
4)If data is stored locally on the mobile device…
a)Is data encrypted while it is stored?
b)What is the name of the encryption technique?
5)Name and describe other security approaches used to protect data stored
a)Locally
b)Remotely (in organization/vendor’s cloud or by the user’s organization)
6)If the platform supports a health app running on the mobile device accessing sensor data from within the device:
a)List the sensor data as well as derived data from the embedded device sensors
b)What is the API used? If possible, please append a documentation of the API
7)If the platform supports receiving sensor/actuator data from external devices:
a)Identify the interface standard (e.g., Bluetooth, USB)
b)Identify the interface to apps running in the mobile device by interface standard
c)If the mobile device relays the sensor data downstream without it being processed by a mobile app:
i)Name the protocol and list its features
ii)Describe its API at the downstream host (attach API documentation if available)
iii)Describe the mechanism in the mobile device platform that throttles the flow to the downstream host
d)What protocols are used to support the downstream transmission and to control the sensor
8)If there are development tools or libraries provided to health app developers that are uniquely oriented to health apps, describe each one attaching documentation where available.
9)What services are in the platform to guard against cyber security breaches that don’t involve data theft or altering (ransomware is included in this category)? Describe them and include documentation if available.
10)What services are in the platform to bridge loss of data stored in the mobile device when it is lost, stolen, or destroyed? Describe them and included documentation if available.
11)What services are in the platform to bridge loss of transmission? Describe them and include documentation if available.
- App qualification services
- What methods, tools, or services does the organization/vendor have to assure that the mobile health app data is secure? Describe them and include documentation if available.
- What methods, tools, or services does the organization/vendor have to assure that the mobile health app is cyber secure? Describe them and include documentation if available.
- App Store Policies
- Are there any policies with the underlying app store that conflict with the capabilities of the framework?
- Does the app store have specific policies or requirements in regard to using health/medical data or devices in their operating environment?
- Other