Globally, health systems are struggling with reliably appraising the safety and efficacy of rapidly changing digital health interventions whilst allowing useful innovations to be rapidly adopted. Assessment and regulation of the large number of health apps should be proportional to their clinical risk, but there is large uncertainty about suitable criteria to assess risk (1). We aimed to identify criteria for assessing clinical risks associated with different types of health apps.

Our work builds on previous studies that identified some of the risks that health apps can pose and contextual factors that can moderate these risks (2,3). This work is grounded in a review of existing literature; wide consultation of stakeholders; participation in multi-agency policy discussion; and sense-checking successive versions of the framework that evolved over time. We combined different risk domains for apps (technical safety, usability, intervention quality, and engagement) with their functions (learning, behaviour and cognition change, communication, record keeping, and clinical decision support).

We developed a comprehensive generic risk framework that app users, developers, commissioners, regulators and other stakeholders worldwide can use to guide assessment of the likely risks posed by a specified health app in a specific context. We also propose questions that should help determine whether these risks have been addressed.

Apps are very promising in health care but are very numerous, complex, rapidly evolving and with overlapping functions. A rigorous risk framework should help stakeholders to deal with the large quantity of health apps, classify and manage clinical risks, and improve patient safety by applying generic risk assessment criteria. Further work is needed to test and develop the criteria we propose, especially as apps that integrate different functions are emerging, which will make risk assessment more complex.