Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO/TR 29922: Health Informatics — Mobile Health — Framework for Interoperability, Data Privacy, and Quality in mHealth
A Technical Overview of mHealth Standards, Interoperability Architectures, Data Protection Requirements, and Quality Assurance for Mobile Health Applications
Introduction to Mobile Health Standardization
ISO/TR 29922 provides a comprehensive technical framework for the standardization of mobile health (mHealth) technologies. As smartphones and wearable devices have become ubiquitous, mHealth applications are transforming healthcare delivery by enabling remote patient monitoring, health behavior tracking, telemedicine consultations, and just-in-time health interventions. However, the rapid proliferation of mHealth solutions has outpaced the development of standards governing interoperability, data privacy, clinical validity, and quality assurance. This technical report addresses these gaps by surveying the existing standards landscape, identifying key challenges, and proposing a structured approach for mHealth standardization.
The standard defines mHealth as “medical and public health practice supported by mobile devices, such as mobile phones, patient monitoring devices, personal digital assistants, and other wireless devices.” It distinguishes between several categories: wellness apps (fitness tracking, diet logging), clinical decision support apps, disease management apps (diabetes, hypertension, asthma), remote monitoring systems, and telemedicine platforms. Each category presents different requirements for data accuracy, clinical validation, privacy protection, and regulatory oversight.
The mHealth market is projected to reach over 200 billion USD by 2028, with more than 350,000 health apps available on major app platforms. However, fewer than 5% of these apps have been clinically validated. ISO/TR 29922 emphasizes the critical need for evidence-based evaluation frameworks to separate clinically effective solutions from unsubstantiated health claims.
Interoperability Architecture and Data Standards
A central challenge addressed by ISO/TR 29922 is interoperability — the ability of different mHealth systems, devices, and healthcare information systems to exchange and use health data seamlessly. The standard identifies three levels of interoperability: foundational (data transport), structural (data format and syntax), and semantic (data meaning and context). For each level, the standard surveys relevant standards and proposes a layered architecture for mHealth interoperability based on established health informatics standards.
| Interoperability Level | Relevant Standards | mHealth Application | Implementation Challenge |
|---|---|---|---|
| Foundational (Transport) | IHE, DICOM, HL7 v2/v3, RESTful HTTP | Device-to-app data streaming (BLE, Wi-Fi) | Resource constraints on mobile devices |
| Structural (Syntax) | HL7 FHIR R4, ISO 13606, openEHR | Structured health records from apps to EHR | Mapping proprietary app data to FHIR profiles |
| Semantic (Meaning) | SNOMED CT, LOINC, ICD-11, ISO 13940 | Unambiguous coding of symptoms and observations | Terminology mapping from consumer language |
| Organizational (Process) | ISO 22600, IHE XUA, SAML 2.0 | Cross-organizational data sharing consent | Patient consent management across jurisdictions |
HL7 FHIR (Fast Healthcare Interoperability Resources) is identified as a key enabler for mHealth interoperability. FHIR’s modern RESTful API design, support for JSON/XML serialization, and granular resource model make it well-suited for mobile applications. ISO/TR 29922 provides guidance on implementing FHIR profiles for common mHealth use cases, including patient-generated health data (PGHD), wearable device measurements, and symptom diaries. The standard also addresses the use of the ISO/IEEE 11073 Personal Health Device (PHD) standards for connecting medical sensors and wearables to mobile applications, ensuring that device data formats are harmonized across manufacturers.
A major barrier to mHealth interoperability is the proliferation of proprietary data formats used by device manufacturers and app developers. Without semantic interoperability, a blood glucose reading from one device may be recorded as “BG”, “blood_sugar”, or “glucose_level” in different apps. ISO/TR 29922 strongly recommends the use of LOINC codes for laboratory observations and SNOMED CT for clinical concepts to ensure that health data can be interpreted consistently across systems.
Data Privacy, Security, and Quality Assurance
ISO/TR 29922 dedicates significant attention to data privacy and security. mHealth applications collect highly sensitive personal health information, yet many lack even basic security protections. The standard maps privacy requirements to the ISO 27799 (health information security management) and ISO/TS 17975 (health data provenance) frameworks. Key requirements include data encryption at rest and in transit, user authentication (biometric or two-factor), granular consent management, and data minimization — collecting only the data necessary for the stated purpose.
The standard provides a concrete case study on implementing privacy-by-design in mHealth: an asthma management app that collects location data for pollution exposure tracking. Rather than transmitting raw GPS coordinates to the server, the app uses on-device processing to compute only the local air quality index (AQI) and transmits only the de-identified AQI value. This approach respects the principle of data minimization while still achieving the clinical objective.
Quality assurance for mHealth applications is another major focus. ISO/TR 29922 proposes a multi-dimensional quality framework covering: (1) Clinical validity — does the app deliver measurable health benefits? (2) Usability — can the target population use the app effectively? (3) Technical quality — does the app perform reliably, with acceptable battery consumption and data accuracy? (4) Content quality — is the health information accurate, up-to-date, and evidence-based? The standard references established evaluation frameworks such as the WHO mHealth Assessment Guidelines, the NICE Evidence Standards Framework, and the ISO 9241 usability standards.
A critical safety concern highlighted by ISO/TR 29922 is the risk of mHealth apps providing inaccurate or misleading health recommendations. An app that misinterprets heart rate variability data could provide dangerous exercise recommendations to a cardiac patient. The standard recommends Clinical Decision Support (CDS) certification for apps that provide diagnostic or treatment recommendations, and mandates that all such apps clearly disclose their limitations, data sources, and intended use population.
Engineering Design Insights
For developers and engineers building mHealth solutions, ISO/TR 29922 offers several architectural guidelines. The standard recommends a modular architecture separating data acquisition, data processing, data storage, and data presentation layers. This separation enables independent testing and validation of each layer and facilitates compliance with evolving regulatory requirements. The standard also recommends using platform-agnostic development approaches (e.g., HTML5 with responsive design or cross-platform frameworks like Flutter or React Native) to maximize accessibility across different mobile platforms.
From a data management perspective, the standard recommends adopting an offline-first architecture. mHealth applications must function reliably in environments with intermittent connectivity — including clinical settings with restricted Wi-Fi and rural areas with limited cellular coverage. Local data storage should use encrypted databases (e.g., SQLCipher for SQLite), and synchronization protocols should handle conflicts gracefully using a “last-writer-wins” or “version-vector” approach. The standard also provides guidance on data retention policies, recommending that personal health data be retained locally for a minimum period defined by local regulations (typically 1-10 years depending on jurisdiction).
Q: What is the relationship between ISO/TR 29922 and HL7 FHIR?
A: ISO/TR 29922 identifies HL7 FHIR as the preferred interoperability standard for mHealth data exchange. FHIR’s modern API design, support for JSON, and granular resource model are well-suited for mobile environments. The standard provides specific guidance on mapping common mHealth data types (step counts, blood pressure, blood glucose, medication adherence) to FHIR resources such as Observation, Questionnaire, and CarePlan. It also addresses FHIR’s SMART-on-FHIR framework for secure app authorization and single sign-on in healthcare settings.
Q: How does ISO/TR 29922 address the regulatory classification of mHealth apps?
A: The standard adopts a risk-based classification approach aligned with IMDRF (International Medical Device Regulators Forum) guidelines. mHealth apps are categorized into four groups: (1) Lifestyle and wellness (low risk, non-regulated), (2) Health information reference (low risk, quality guidelines), (3) Clinical measurement and monitoring (moderate risk, may require medical device registration), and (4) Clinical decision support and treatment (high risk, requires regulatory approval as a medical device). The standard provides a decision flowchart for app developers to self-classify their products and determine applicable regulatory pathways.
Q: What are the key privacy requirements for mHealth apps under ISO/TR 29922?
A: The standard specifies eight key privacy requirements: (1) Explicit user consent before data collection; (2) Granular consent controls allowing users to choose what data is collected and shared; (3) Data minimization — collect only the minimum data needed; (4) De-identification or pseudonymization of data used for secondary purposes; (5) Secure data storage with encryption; (6) Secure data transmission (TLS 1.3 or higher); (7) User access to their own data in a portable format; and (8) Clear data retention and deletion policies. These requirements align with GDPR, HIPAA, and other major privacy regulations.
Q: Can ISO/TR 29922 be applied to AI/ML-based mHealth applications?
A: Yes, the standard includes specific considerations for AI/ML-based mHealth apps. It requires that AI models used for clinical decision support be trained on representative, diverse datasets and validated on independent test sets. The standard mandates transparency about algorithm limitations, performance metrics (sensitivity, specificity, AUC-ROC), and potential biases. For continuously learning systems, the standard recommends human-in-the-loop validation of model updates before deployment and ongoing monitoring for concept drift and performance degradation.
📥 Standard Documents Download
No download files available yet