2.4 Exemplary Use Cases

As noted in the Introduction, consumer mobile heath apps take many forms, and as such, conformance statements in section 3 of this standard must allow for variation based on multiple factors, including data sensitivity, the nature of conditions addressed by the app (e.g., wellness, chronic illness), and whether/how app data connect to other data sources.

In this section, three archetypal use cases are introduced. While most consumer mobile health apps will not precisely fit any of these models, the models are meant to demonstrate a continuum of issues which may be applied to any app. Use Case A covers the least sensitive example of a health app that collects user information, while Use Case B builds off of Case A with the inclusion of an external system through which personal data is synchronized with the device. Use Case C is the most sophisticated and generates the most requirements. Its description includes examples of the risk factors that should be considered by developers and users.

Section 3 (Conformance Criteria) includes discussion of considerations as to how subsets of conformance criteria can be addressed in different manners, referencing the use cases in this section as a way to provide directional, rather than pinpoint, guidance.

HL7 CMHAFF Standard Overview and Use Cases

2.4.3 Use Case C

2.4.3 Use Case C

EHR-Integrated Disease Management App

2.4.3 Use Case C

An EHR-integrated1 diabetes management app allows a consumer to collect blood sugar readings through a Bluetooth-enabled glucometer. A healthcare provider offers the app to enable the patient's2 blood sugar to be captured through devices, rather than relying on manual entry by the patient, and to electronically transmit the readings to the patient’s physician, rather than using paper or FAX. Activity data are collected through an activity tracker, and a consumer can open the app to record meals and snacks to enable estimates of caloric consumption.



 EHR Integrated

 Medical Device App Categorization


 Data Device Categorization

 Regulated Device

 PHI Data Storage


 Data transmission by App


 Importance of Data Integrity


 (USA) HIPAA covered?



1. “EHR-Integrated” in this example means that the app is designed and developed as part of the EHR application and offered by a provider, i.e., it is not standalone or independent of an EHR. “EHR+” includes provider software, e.g., administrative systems, beyond the scope of an EHR. Note that even if the consumer sends data to an EHR, and the EHR accepts the data, that does not in itself make the app developer a business associate of the covered entity (source: Office of Civil Right Health App Use Scenarios and HIPAA).

2. The “consumer” and the “patient” are the same person in this example. From the EHR’s perspective, the record is a patient record.


6830 Rate this article:
No rating
0Upvote 0Downvote

Leave a comment

This form collects your name, email, IP address and content so that we can keep track of the comments placed on the website. For more info check our Privacy Policy and Terms Of Use where you will get more info on where, how and why we store your data.
Add comment
Terms Of UsePrivacy StatementCopyright 2022 by HL7 International
Back To Top