Information for healthcare professionals

The NHS Apps Library brings together apps and digital tools that healthcare professionals can use and recommend with confidence. All the apps published on the library have passed through our assessment process designed by expert reviewers to ensure they are safe, secure and work effectively. 

To do this, app providers must satisfy our Digital Assessment Questions, which examine how their product performs in nine key areas. 

Pre-qualification

App providers must answer our pre-qualification questions before they can put their app forward for full assessment and be considered for inclusion on the NHS Apps Library.

Apps must already be available to the public, fit our pricing policy and help to treat or manage one of our priority health themes of social care, cancer, maternity, mental health or long-term conditions such as asthma and diabetes. If an app does not address one of these themes it will not be assessed until the health priority has changed.

This process identifies issues app providers may need to address with their products before beginning the assessment process, and makes sure we are only assessing apps that can successfully meet NHS standards.

Eligibility

Our eligibility questions are used to find out what an app actually does. We ask how it helps users to treat or manage their condition and who might use it as part of their treatment.

All apps must have approval from the correct regulatory body where required, for example the Medicines and Healthcare Products Regulatory Agency, which makes sure that medical devices work and are safe to use.

The questions are a way of reviewing products on the market and filtering out any that are not ready to begin our assessment. They also identify apps that do not effectively contribute to improved healthcare or address an existing need within the healthcare system. 

Evidence of Outcomes

These questions make sure all apps are doing what they are supposed to do. We ask app providers to show us how their product improves health and wellbeing and could benefit the NHS, for example by helping to reduce waiting times or the need for doctor’s appointments.

If an app is designed to help patients with their mental health, app providers must give evidence of how it could – or already has – helped people. We also examine if an app has influenced behavioural changes in users, for example by helping to increase online consultations with GPs rather than face-to-face appointments.

App providers can give details of pilot programmes or research reports that show how effective their product has been in improving healthcare.

Clinical Safety

Our clinical safety questions make sure app providers have taken all appropriate action to keep safe any patients using their product. For example, with an app that reminds patients to take their medication, app providers must give evidence that shows any risk of these reminders being incorrect has been completely removed or reduced as much as possible.

Any app that could put a user at risk must meet the safety standards required by the Health and Social Care Act 2012. This would mean producing Hazard Logs and Safety Case Reports, which would be reviewed by experts at NHS Digital.

Data Protection

The data protection questions are designed to ensure apps provide privacy and security for any personal information they gather. This would include health information recorded by the user, such as diabetes readings or health information available via the product if it uses the internet to connect to an individual’s health record.

The UK Data Protection Act 2018 gives people rights and control over their information and places greater responsibilities on organisations to use people’s information appropriately and securely.

This section requires app providers to give assurances that personal information is collected and used in accordance with the law, and that people are made aware of their rights to control how their information is used.

Security

This section is used to assess the security levels provided by an app. The questions make sure a user’s data is stored securely and that only the information necessary to use the product is requested. Ensuring an app provider has reduced the potential for their product to damage a user’s device or make it more vulnerable to viruses is also assessed.

App providers must give evidence that their product’s security has met the level required by one of our approved security testers. Apps are then assessed against Open Web Application Security Project’s standards to establish the required level of confidence in the security of web applications. 

Usability & Accessibility

The usability and accessibility questions are designed to ensure a person can understand and use an app effectively. Text must be clear and easy to read and action buttons big enough, easy to press and marked with commands that make sense to users. Functions the app carries out must do what the user expects and not perform any extra actions that are not made clear.

All apps are assessed against Web Content Accessibility Guidelines 2.0, the agreed international standards for digital accessibility that all web content must satisfy. This is to ensure they provide access to as many people as possible, including older users, younger users and those with disabilities. This might involve being able to increase text size where needed and work with voice software to help visually impaired people.

The usability of an app must satisfy the International Organization for Standardization’s requirements and recommendations for human-centred design principles and activities throughout its lifecycle.

Interoperability

Our interoperability questions test how well an app exchanges data with other systems. For example, how it connects with a patient’s medical record or collects readings from another device such as a smart watch or blood pressure monitor. This process helps app providers use data within their product to build new functions, benefiting users.

To do this, app providers use Application Programming Interfaces (APIs) – a service that allows third parties to view a product’s data in a more digestible format. Not all apps exchange data, but those that do must adhere to NHS England’s Open API policy. These rules make the sharing process simple while also keeping it safe and secure. 

Technical Stability

The technical stability questions are used to understand how an app has been tested and how testing will continue during its lifecycle. App providers must show how patients can report any problems and how they will work to rectify those problems.

These questions also cover what happens to any patient information an app has collected if the patient stops using it or it is decommissioned by the app provider.

Any major updates made by a developer will require their app to be reassessed to ensure it still meets the required standards following the changes.

Liability statement

Any healthcare professional recommending health apps published on the NHS Apps Library is not liable for any adverse reactions or a deterioration in health experienced by users. The liability resides exclusively with the developers of the product in question and it is their responsibility to maintain compliance with the relevant regulations.

In order to be showcased on the library, all app developers are required to sign a licence agreement during our assessment process, and our external assessment partners are responsible for ensuring they assess all apps using our agreed criteria.