Guest Column | March 6, 2019

Guidelines For Mobile Health Applications – Examining The Xcertia Guidelines' Initial Release

By Natalie Abts, MedStar Health

abts logo

Xcertia — an mHealth app collaborative founded by the American Medical Association (AMA), American Heart Association (AHA), DHX Group, and Healthcare Information and Management Systems Society (HIMSS) — released on Feb. 13, 2019, its initial draft of a new set of guidelines promoting more thoughtful development of mobile health applications (mHealth apps).

Though the guidelines have been in some form of development since 2012, and a release of limited scope occurred in October 2018, the February release marks the first full set of guidelines that cover all five key topics areas critical to app development: Privacy, Security, Content, Operability, and Usability

The guideline sections were developed by five separate working groups composed of industry experts across a variety of disciplines. Workgroup members represent academia, app developers, subject matter experts in the section topics, healthcare providers, and other industry stakeholders. An iterative development process was utilized to build upon existing guidelines drafts and to generate new content.

Importantly, these guidelines are intended for application to a variety of apps, covering everything from home-use data tracking and clinical decision support to apps serving primarily as a resource for medical information, as well as any other type of app operating in a healthcare space. Thus, the guidelines cover apps used by a wide range of clinical and lay (i.e., patient) users, for varied use cases, across a range of use environments.

The Xcertia Guidelines aim to achieve several goals across both the healthcare and mHealth app industries. Developers should utilize this consolidated set of industry standards as a resource to improve products and decrease time to market. The guidelines also function to reduce the burden on healthcare systems looking to procure clinically-based apps; if they know an app meets the Xcertia Guideline’s performance requirements, they can be confident that they are implementing effective, well-designed apps into their care environments. Consumers, whether clinician or patient, also can be confident of the apps’ ease of use, the accuracy of app information, and its confidentiality protection capability.

Each of the five sections includes a subset of individual guidelines that is broken down into a series of performance requirements (e.g., the Operability Guidelines have a “Connectivity” guideline composed of four individual performance requirements). Key topics from each guideline section are summarized below.


The Privacy Guidelines cover protection of user information, including protected health information. Key themes in this section include disclosure to the user regarding data collection and use, access to data that has been collected, and permission obtained from the user before data is shared. This section also discusses compliance with several important laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA), and the European Union General Data Protection Regulation (GDPR).

This topic is likely to be of high importance in addressing concerns of patient users, who may be reluctant to utilize an app that involves storage and transmission of data related to their personal health conditions.


The Security section aims to ensure that apps are protected from threats and data remains uncompromised. Security is particularly critical for mHealth apps used in the clinical space, which may store data for many patients. The section highlights a robust risk evaluation process, as well as a variety of threat identification methods, including scanning and encryption. HIPAA compliance is again discussed here, as well response to and recovery from data breach incidents.


Ensuring that information is current and accurate is particularly important for mHealth apps — most critically, those providing clinical decision support, such as suggestions for medical treatments or interventions. The Content section emphasizes transparency regarding information sources, including providing access to data for evidence-based claims.

Any medical information presented in an app must be up-to-date, and if new data suggests that best practices be updated, any outdated content that could be medically dangerous should be removed. The Content Guidelines also touch on the use of advertising, as well as the importance of clear identification of advertised content, so users are not misled.


The Usability Guidelines emphasize the importance of designing for an app’s specified users and specified use environments to promote efficient, correct operation that results in satisfying user experiences. This section covers high-level usability topics, such as visual design and navigation principles, but also delves into requirements for common user tasks, such as the onboarding process.

Design for the user is emphasized through performance requirements covering the important topic of accessibility. General recommendations for app evaluation through activities such as user research, heuristic evaluation, and user testing also are highlighted.


Operability includes discussion of correct app function through the install, load, and use processes. This differs from the Usability section in that the content is focused on the inclusion of specific functionality, rather than responses to user inputs. For example, onboarding is a topic covered in both the Usability and Operability Guidelines, but the discussion in the Operability section focuses more on technical requirements and correct app behavior.

Connectivity also is covered in several contexts, as are specific performance requirements for apps connecting to or serving as electronic health records (EHRs). Transparency of information, such as change history and medical device status, also are covered.


The Xcertia Guidelines fill an important industry gap by consolidating information from a variety of sources to provide a trustworthy reference for addressing the specific design, development, and evaluation needs of mHealth apps. By utilizing a set of guidelines that can be applied to both regulated and non-regulated products, mHealth stakeholders can benefit from standardized processes that result in improved design and better user experience.

The Xcertia Guidelines are available for a public comment period through May 15, 2019 at Comments will be utilized to generate updates that will be implemented in the final version. 

*The author serves as chair of the Usability Guidelines workgroup.

About The Author

Natalie Abts is the Senior Program Manager for the Usability Services division of the National Center for Human Factors in Healthcare. She manages the technical and quality aspects of usability projects conducted both for the medical device industry and within MedStar Health. Natalie has specialized experience in planning and executing both formative stage usability evaluations and validation studies for medical devices and combination products on the FDA approval pathway. She also leads an initiative to incorporate usability testing into the medical device procurement process in the MedStar Health system, and is active in delivering educational presentations to the medical device industry and other special interest groups. Natalie holds a master’s degree in industrial engineering, with a focus on human factors and ergonomics, from the University of Wisconsin, where she was mentored by Dr. Ben-Tzion Karsh.