Oct 8, 2014
As many mobile medical application developers are aware, Apple has amended its App Store Review Guidelines to forbid apps available through the firm’s HealthKit framework from storing users’ health data on the iCloud virtual server.
Specifically, any app that relies on iCloud for storing user data will be rejected from inclusion in Apple’s App Store. Given recent security breaches involving rather personal photos of celebrities stored on iCloud, Apple’s move may preemptively address concerns from US regulators including the Food and Drug Administration and Federal Communications Commission that cloud storage security inadequately protects patient and user data related to telehealth and mobile medical devices.
The HealthKit guidelines also require app developers to establish and provide privacy policies to users and patients in order to be sold in the App Store, and may not use any data from users or patients for advertising or commercial purposes.
Whether or not these requirements represent a tacit acknowledgement that iCloud security needs to be improved, they do indicate that Apple has become more sensitive to data storage and privacy issues as the company moves more deeply into the mobile medical technology arena.
The US Food and Drug Administration has published final guidance on cybersecurity controls manufactures should build into their medical devices in order to ensure proper safety and functionality—and to meet premarket review scrutiny.
The new guidance applies to all major US premarket submissions including 510(k) premarket notifications, premarket approval (PMA) applications, de novo and product development protocol (PDP) submissions, and Humanitarian Device Exemption (HDE) submissions.