Table of Contents 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195

Sebastiaan van der Storm

MOBILE APPLICATIONS IN COLORECTAL SURGERY Sebastiaan Laurentius van der Storm digitally advancing patient care

Mobile applications in colorectal surgery: digitally advancing patient care Sebastiaan Laurentius van der Storm

Mobile applications in colorectal surgery: digitally advancing patient care PhD Thesis, University of Amsterdam, The Netherlands Author: Sebastiaan van der Storm Cover: Ridderprint | www.ridderprint.nl ISBN: 978-94-6506-011-8 Copyright Sebastiaan van der Storm, Amsterdam, The Netherlands, 2024 All rights reserved. No parts of this thesis may be reproduced, stored or transmitted in any form without prior permission from the author or the publishers of the published articles. Financial support for printing this thesis was provided by: Amsterdam UMC, Stomavereniging, APPelit, Mathot, Marlen, Certification Company, DSSH, Mediq, Eakin, AllweCare & Rianne Tooten

Mobile applications in colorectal surgery: digitally advancing patient care ACADEMISCH PROEFSCHRIFT ter verkrijging van de graad van doctor aan de Universiteit van Amsterdam op gezag van de Rector Magnificus prof. dr. ir. P.P.C.C. Verbeek ten overstaan van een door het College voor Promoties ingestelde commissie, in het openbaar te verdedigen in de Agnietenkapel op donderdag 23 mei 2024, te 13.00 uur door Sebastiaan Laurentius van der Storm geboren te Haarlem

PROMOTIECOMMISSIE Promoteres: prof. dr. M.P. Schijven AMC-UvA prof. dr. W.A. Bemelman AMC-UvA Copromotor: dr. J.B. Tuynman Vrije Universiteit Amsterdam Overige leden: prof. dr. N. van Dijk AMC-UvA dr. H.D. de Boer Martini Ziekenhuis dr. C.J. Buskens AMC-UvA prof. dr. M.H. Blanker Rijksuniversiteit Groningen prof. dr. M.G.H. Besselink AMC-UvA prof. dr. A.J. Bredenoord AMC-UvA Faculteit der Geneeskunde Paranimfen Arda Arduç Esther Barsom

TABLE OF CONTENTS INTRODUCTION General introduction and outline of the thesis 7 PART I: CURRENT PERSPECTIVES 13 CHAPTER 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know 15 CHAPTER 2 Mobile applications in gastrointestinal surgery: a systematic review 33 PART II: PATIENT PERSPECTIVES 63 CHAPTER 3 Patient satisfaction with stoma care and their expectations on mobile apps for supportive care 65 CHAPTER 4 Supporting stoma patients’ self-efficacy with a mobile application - a focus group interview study 87 PART III: CLINICAL TRIALS 109 CHAPTER 5 A personalized app to improve quality of life of patients with a stoma: A protocol for a multicentre randomized controlled trial 111 CHAPTER 6 Better stoma care using the Stoma App – does it help? A first randomised double-blind clinical trial on the effect of mobile healthcare on quality of life in stoma patients. 125 CHAPTER 7 Improving Enhanced Recovery After Surgery (ERAS): The effect of a patient-centred mobile application and an activity tracker on patient engagement in colorectal surgery. 145 SUMMARY AND DISCUSSION 167 Summary of main findings 168 General discussion 170 APPENDICES Nederlandse samenvatting 178 List of contributing authors 180 List of publications 182 PhD Portfolio 184 Dankwoord 186 About the author 190 Sponsors 192

7 INTRODUCTION

8 Introduction GENERAL INTRODUCTION AND OUTLINE OF THE THESIS Smartphones have marked a digital transformative era in our society, fundamentally reshaping the way we live, communicate, work, and entertain ourselves. Notably, one of the most profound transformations was the revolution in communication. These handheld devices have facilitated constant and instantaneous connectivity, making information more accessible, and dismantling geographical barriers on a global scale. Messaging apps and video calls have refined both our personal and professional relationships, while social media provided individuals a platform for self-expression and activism. This has rapidly spread trends influencing culture globally and it has also introduced challenges such as misinformation and algorithm bubbles.1 Furthermore, the rise of mobile applications has transformed various aspects of our lives, from how we shop and bank to how we navigate, and even date. Smartphone users can be productive and engage in learning from virtually anywhere using a variety of productivity apps, educational resources, and collaborative tools. Smartphones enable us to carry our office, entertainment, and social networks in our pockets, blurring the borders between work and leisure in a shift towards a mobile-centric society. This transformation has, in turn, altered societal norms.2 Economically, smartphones have driven explosive growth in e-commerce and significantly influencing consumer behaviour. Digital literacy has emerged as a fundamental skill in the rapidly evolving smartphone era, characterized by the continual advancement of mobile applications. Digital Literacy can be referred to the ability to find information, understand and use software, technical problem solving and safe use of digital devices or software (data privacy).3 It empowers individuals to navigate through mobile applications effectively, critically assess information, and engage responsibly with mobile technology. Digitalizing of healthcare The digital transformation of healthcare is catching up with societal advancement. Regulatory frameworks designed safeguarding patient privacy and the quality of care, inadvertently pose significant challenges to novel technologies.4 While many healthcare providers will advocate for implementations of new technologies, there will also be those who consider it as a disruption to current clinical practices and workflow, or may have a preference for traditional methods.5 However, the landscape of health and medical applications has witnessed rapid growth over the past decade. In times of limited resources, healthcare is actively exploring the strategic utilization of digital solutions such as mobile applications. Fitness and wellness applications promote healthy living, while medical apps are considered to be used for medical or clinical purposes.6 Medical applications may facilitate not only patients but also

9 1 Introduction healthcare professionals or their institutions. These applications can affect several aspects of healthcare such as information provision, communication, clinical decision-making, and monitoring. Although medical applications can be convenient, their use comes with inherent risks concerning data privacy and safety. Wrongful use of applications or use of unvalidated applications may be potentially harmful.7 Colorectal surgery Colorectal surgery may be required for the treatment of diseases affecting the colon and rectum, such as inflammatory bowel disease, diverticulitis, or colorectal cancer. In some cases, a stoma must be created, which is a surgically created opening in the abdominal wall that allows for diversion of defecation. Undergoing colorectal surgery is often a stressful and complex process as patients have to cope with the diagnosis, the surgical procedure itself, or the potential lifestyle adjustments.8 Support systems, both within the healthcare and patient’s social circle, play an important role in guiding patients through this process.9 However, the overload of information in this limited timeframe, covering aspects of the disease, the surgical procedure, potential complications, and postoperative instructions, can be overwhelming.10 In this context, effective communication between healthcare providers and patients is essential for ensuring informed decision-making, improving patient empowerment and ultimately influencing patient outcomes.11 As colorectal surgical care continues to advance, it becomes paramount to adopt comprehensive and patient-centred approaches. Mobile applications have emerged as a promising tool to enhance patient care throughout the colorectal surgery journey.12 These applications have the potential to provide a comprehensive platform for perioperative guidance, continuous monitoring, and valuable resources tailored to the unique needs of patients undergoing colorectal surgery. AIM OF THIS THESIS This thesis aims to provide an overview of the current perspectives on the use and development of medical mobile applications, assess patients’ perspectives on stoma care, and evaluate the clinical effectiveness of patient-centred mobile applications in colorectal surgical care.

10 Introduction OUTLINE OF THIS THESIS Chapter 1 provides an overview of current regulations relevant to mobile applications used in healthcare and medical research, discusses the responsibilities and liability of medical professionals, and discusses the most practical considerations they should know when using or building a mobile application. In Chapter 2, a systematic review identifies mobile applications that have been described in literature for use in gastrointestinal surgical care. The identified apps are evaluated based on their prospects for providing surgical care. Chapter 3 investigates patients’ satisfaction with stoma care, identifies potential shortcomings, and assesses their attitudes towards a supporting app. This chapter also evaluates the association between patient characteristics, satisfaction concerning received stoma care, and willingness to use an app. Chapter 4 provides a deeper understanding of the problems that patients face in stoma care and discusses how an app can improve these problems. In Chapter 5, the protocol of the Stoma APPtimize trial is described, which investigated whether the self-reported quality of life of patients with a stoma can be enhanced by offering personalized and timed guidance, as well as peer contact, in the Stoma App. Chapter 6 describes the results of the Stoma APPtimize trial. Chapter 7 describes the ERAS APPtimize trial which investigates whether patient compliance with the ERAS protocol could be improved by the ERAS App. The mobile application is designed to enhance patient education, participation, and activation within the ERAS colorectal pathway.

11 1 Introduction 1. Suarez-Lledo V, Alvarez-Galvez J. Prevalence of Health Misinformation on Social Media: Systematic Review. J Med Internet Res. 2021 Jan 20;23(1):e17187 2. McAlaney J, Almourad MB, Powell G, Ali R. Perceptions and Misperceptions of Smartphone Use: Applying the Social Norms Approach. Information. 2020; 11(11):513. 3. Oh SS, Kim KA, Kim M, Oh J, Chu SH, Choi J. Measurement of Digital Literacy Among Older Adults: Systematic Review. J Med Internet Res. 2021 Feb 3;23(2):e26145. Erratum in: J Med Internet Res. 2021 Mar 3;23(3):e28211. 4. Maresova P. Impact of Regulatory Changes on Innovations in the Medical Device Industry Comment on "Clinical Decision Support and New Regulatory Frameworks for Medical Devices: Are We Ready for It? - A Viewpoint Paper". Int J Health Policy Manag. 2023;12:7262 5. Ellimoottil C, An L, Moyer M, Sossong S, Hollander JE. Challenges And Opportunities Faced By Large Health Systems Implementing Telehealth. Health Aff (Millwood). 2018 Dec;37(12):1955-1959 6. Laura Maa√ü, Merle Freye, Chen-Chia Pan, Hans-Henrik Dassow, Jasmin Niess, and Tina Jahnel. The Definitions of Health Apps and Medical Apps From the Perspective of Public Health and Law: Qualitative Analysis of an Interdisciplinary Literature Overview. JMIR Mhealth Uhealth. 2022 Oct; 10(10): e37980 7. Charani E, Castro-Sánchez E, Moore LS, Holmes A (2014) Do smartphone applications in healthcare require a governance and legal framework? It depends on the application! BMC Med 12:1–3. 8. van Kooten RT, Schutte BAM, van Staalduinen DJ, Hoeksema JHL, Holman FA, van Dorp C, Peeters KCMJ, Tollenaar RAEM, Wouters MWJM. Patient perspectives on consequences of resection for colorectal cancer: A qualitative study. Colorectal Dis. 2023 Aug;25(8):1578-1587. 9. Haviland J, Sodergren S, Calman L, Corner J, Din A, Fenlon D, Grimmett C, Richardson A, Smith PW, Winter J; members of Study Advisory Committee; Foster C. Social support following diagnosis and treatment for colorectal cancer and associations with health-related quality of life: Results from the UK ColoREctal Wellbeing (CREW) cohort study. Psychooncology. 2017 Dec;26(12):2276-2284 10. Cuijpers ACM, Lubbers T, van Rens HA, Smit-Fun V, Gielen C, Reynders K, Kimman ML, Stassen LPS. The patient perspective on the preoperative colorectal cancer care pathway and preparedness for surgery and postoperative recovery-a qualitative interview study. J Surg Oncol. 2022 Sep;126(3):544-554. 11. Stewart MA. Effective physician-patient communication and health outcomes: a review. CMAJ. 1995 May 1;152(9):1423-33 12. van der Storm, S. L., Bektaş, M., Barsom, E. Z., & Schijven, M. P. (2023), Mobile applications in gastrointestinal surgery: a systematic review. Surgical endoscopy. 37(6):4224-4248. REFERENCES

PART I

13 CURRENT PERSPECTIVES

CHAPTER 1

15 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know van der Storm SL, Jansen M, Meijer HAW, Barsom EZ, Schijven MP. International Journal of Medical Informatics. 2023 Sep

16 Chapter 1 ABSTRACT Background: The use of apps in healthcare and medical research is increasing. Apps in healthcare may be beneficial to patients and healthcare professionals, but their use comes with potential risks. How to use apps in clinical care is not standard part of medical training, resulting in a lack of knowledge. As healthcare professionals and their employers can be held accountable for the wrongful use of medical apps, this situation is undesirable. This article addresses the most important European legislation regarding medical apps from the perspective of healthcare providers. Methods: This review provides an overview of current and changing regulations, focusing on apps used in healthcare and medical research. Three topics are discussed: 1) the relevant European legislation and its enforcement, 2) the responsibilities and liability of the medical professional when using these apps, and 3) an overview of the most practical considerations medical professionals should know when using or building a medical app. Results: When using and developing medical apps, data privacy must be guaranteed according to the GDPR guidelines. Several international standards make it easier to comply with the GDPR, such as ISO/IEC 27001 and 27002. Medical Devices Regulation was implemented on May 26, 2021, and as a result, medical apps will more often qualify as medical devices. The important guidelines for manufacturers to comply with Medical Devices Regulation are ISO 13485, ISO 17021, ISO 14971 and ISO/TS 82304-2. Conclusion: The use of medical apps in healthcare and medical research can be beneficial to patients, medical professionals, and society as a whole. This article provides background information on legislation and a comprehensive checklist for anyone wanting to start using or building medical apps.

17 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know BACKGROUND The use of mobile applications (‘apps’) has gained solid ground in healthcare. Currently there are over 400.000 health apps available on app stores worldwide.1 Health and wellness apps can be defined as apps operating on smartphones that process health-related data or information, as medical apps are considered to be used for medical or clinical purposes.2 Medical apps may thus facilitate not only patients, but also healthcare professionals (HCPs), their institutions, and society as a whole. Medical apps can aid in access to, distribution, exchange, management and maintenance of information and even facilitate clinical decision making.3 An important benefit of using an app on a personal mobile device is the possibility of (inter-)connectivity. The use of apps on mobile devices enables the use of integrated sensors like the gyroscope, accelerometer, camera or microphone.4 Although the use of apps in healthcare and medical research can be convenient and may improve quality of care, there are associated risks. Before using or developing an app, it is important to decide what objective needs to be met and to investigate if the app is truly the best and a reliable solution. Wrongful use of an app, or rightful use in the wrong context, is potentially harmful.5 This is especially applicable to medical apps that fail to provide any evidence of its effectiveness or safety.6 How to critically appraise an app or how to use an app responsibly, is not a standard part of the medical curriculum. As a result, HCPs including medical researchers, often lack knowledge of the safe use of medical apps. This is an unwanted scenario, as HCPs can be held accountable for the wrongful use of nonconfirmative medical apps. Although this problem has existed for longer, the social-cultural discussion has been accelerated by both the covid-19 pandemic as well as the implementation of the Medical Device Regulation (MDR).7 MDR safeguards stringent requirements for technical development, validation, quality surveillance, and manufacturing. This study serves three purposes. First, to provide an overview of current and relevant European legislation applicable to medical apps and the institutes responsible for legal enforcement. Second, this study gives an overview of responsibilities and liabilities relevant to the medical professional who use medical apps. Finally, to provide the reader with a framework to critically appraise existing medical apps including a comprehensive checklist for those building and/or using medical apps. Several studies on the safe use of medical apps have been published, however most of them focus on the framework provided by the FDA.8,9 To our knowledge, this is the first study to focus on the contemporary European regulations.

18 Chapter 1 PART IA: EUROPEAN LEGISLATION General Data Protection Regulation In several apps, personal data is used as input and sometimes even as output. For example: the covid-19 status of someone passing through the street, including the date and time of the encounter. Using or processing personal data has to be done in compliance with the General Data Protection Regulation (GDPR).10 The GDPR was adopted on April 14th 2016 and came into effect on May 25th 2018. The GDPR is a regulation on data protection, based on the principle that the individual is and remains the owner of their data. The GDPR unifies law on European level superseding the Data Protection Directive 95/46/EC.11 Most patient data qualifies as special personal data. Under the GDPR the processing of health data is prohibited, unless one of the exceptions in Article 9 of the GDPR is applicable.10,12 For example; the subject - in this scenario the patient - gives unambiguous consent to use their data and the reasons for processing the data outweigh the risks related to processing the data. It is necessary to have appropriate protection measures when processing data. The GDPR rests upon pillars like the ‘Data protection by default’ and ‘Data protection by design’ principles (Art. 25 of the GDPR).10 Sometimes, data is only used temporarily as input to generate output, such as a risk score, prognostic value, or therapeutic advice. It is important to keep in mind that software manufacturers, or the hosts of the server where the data is processed, can have temporary access when processing data and as a result becoming the data processor.9, As an organization or health institution providing a medical app (defined as the data controller), it is important to have a data processing agreement with the processor in place.10,13 It is also possible that data is stored longer or even permanently. Data storage usually takes place on a server, which is sometimes owned by the health institution itself. However, commercial applications often rely on third parties to facilitate use of apps and the related data storage. The server where data is stored must be compliant with the requirements formulated within the GDPR, see Table 1. Companies offering data storage in compliance with the GDPR can be recognised by certain certifications. These certifications are granted for a standardized period by certifying bodies if companies comply with the standards published by the International Organization for Standardization (ISO) or International Electrotechnical Commission (IEC). ISO/IEC developed and published worldwide standards for the GDPR requirements. Examples of such certifications include ISO/IEC 27001 for information security management. ISO/IEC 27002 provides control mechanisms for creating the information security as described in ISO 27001. Not all software manufacturers have experience building in medical apps and their associated specific guidelines regarding the protection of patient data. Therefore, it

19 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know is advisable to work with a software manufacturer who is experienced in working in the medical app domain or to involve someone to oversee the project and advise on requirements. The Data Protection Officer of an institute can serve as a starting point.10 Table 1: Requirements for data collection, processing and storage according to the GDPR Lawfulness, fairness and transparency Personal data should be processed in a lawful, fair and transparent manner Limited purpose Personal data should only be collected for a specified use Confidentiality and integrity Personal data should be processed according to the appropriate security level and should be protected against unauthorized access, accidental loss, destruction or damage Data minimisation The collection of personal data should be limited, only data relevant to accomplish the specific purpose should be collected Storage limitation Data should not be stored longer than needed to accomplish the specified use Accuracy Personal data should be accurate and kept up to date when applicable Medical Device Regulation The Medical Device Regulation (MDR) came into force on May 26th 2021, after a prolonged transit period of four years in total.7,14, The MDR is effective in all members of the European Economic Community (EEC), including Switzerland, Norway, Iceland, Liechtenstein and excluding Great-Britain. The MDR replaced the Medical Device Directive (MDD) (93/42/ EEC).15 As the MDD was a European directive, its implementation in national laws varied among members of the EEC. Legislation became non-transparent, making it difficult and time-consuming for manufacturers to release new products onto the market, and regulation of medical devices was problematic. The new MDR should improve transparency, decrease time from innovation to market and provide a better overview of available medical devices. As a HCP, the MDR is important to be aware of, as health apps easily meet the definition of a medical device. According to the MDR, ‘medical device’ means: “any instrument, apparatus, appliance, software, implant, reagent, material or other article intended by the manufacturer to be used, alone or in combination, for human beings for one or more of the following specific medical purposes: — diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease, — diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury or disability, — investigation, replacement or modification of the anatomy or of a physiological or pathological process or state, — providing information by means of in vitro examination of specimens derived from the human body, including organ, blood and tissue donations…” (Fragment of the official definition of a medical device as provided in the MDR)15

20 Chapter 1 In the new regulation, software is specifically addressed. Software includes all programs and other operating information used by a hardware device. Software can be standalone, such as a computer program or a medical app, or part of a medical device such as an infusion pump. If an app is defined as a medical device, it must meet corresponding standards to ensure safety, quality and performances. One of the required standards is the application of CE-marking. CE-marking The manufacturer is responsible for determining the risk class of the medical app and for the application of the Conformité Européenne (CE)-marking. The mark guarantees that the medical device is in concordance with the MDR and that the appropriate conformity assessment procedures have been followed in order to determine so. The CE-marking is valid in all members of the EEC. It is important to note that it is a compliance mark, and not a quality mark. Every medical device has an intended purpose, wherefore it was specifically designed by the manufacturer. The conformity assessment procedure is specifically followed for the intended purpose; therefore, the CE-mark is only applicable for the intended purpose. The conformity assessment procedure depends on the risk class to which the medical device belongs. Class I indicates the lowest risk and class III indicates the highest risk. To determine the risk category of a medical device, the manufacturer should follow the “Implementing rules” in chapter II and the “Classification rules” in chapter III of Annex VIII of the MDR. If a medical device belongs to risk class I, the manufacturer itself can assess the new medical device and apply CE-marking when all requirements from the conformity assessment are met. Whenever a medical device belongs to any other risk class, only a relevant Notified Body (NB) can perform the conformity assessment procedure. Notified bodies are designated organisations to assess the conformity of products, and in this specific scenario, medical devices. The member states of the European Union can designate an organisation within their own state. The Nando-database (New approach notified and designated organisations) lists all notified bodies that are designated to perform conformity assessment procedures according to the MDR.16 It is important to realise, that products that were already on the market under the MDD will not be revoked, however they should meet the MDR when the current CE-marking expires.

21 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know PART IB: ENFORCEMENT Enforcement of the GDPR The GDPR provides rules that are directly applicable in all Member States as of May 25th 2018. Under the previous Data Protection Directive (DPD), each EU Member State had to transpose the directive into internal law, resulting in differences in the enforcement of these laws (Art. 4, DPD).9 Enforcement of the GDPR is facilitated by the European Data Protection Board (EDPB). This board consists of 28 Data Protection Authorities (DPA’s) from all Member States and the European Data Protection Supervisor (EDPS). The EDPS is appointed by a joint decision of the European Parliament and the Council for a five-year term. The current term started on December 6th 2019.17 Under the GDPR, it is possible for the national DPA’s to make binding decisions including the option to impose a fine (Art. 83 and 84 GDPR). The national DPA’s handle reports of data breaches, they can mediate in disputes between data processors and controllers, but they can also undertake their own research.10 Enforcement of the MDR The NB’s and Competent Authorities (CA’s) as indicated by the European Commission are entrusted with the enforcement of the MDR. One of the topics of MDR is the increased post-market surveillance. This implies that the manufacturer should continue to meet requirements during the entire lifecycle of the product. NB’s and CA’s can perform an unannounced audit to enforce the MDR (Chapter 7, Art. 80, 90). In many cases annual performance and safety reporting will be mandatory.15 It is important to note, that only manufacturers of medical devices with risk II and higher are audited by NB’s. NB’s can implement their own audit processes; however, they are required to follow the ISO 17021 standard for the MDR. Most NB’s will create a quality management system (QMS) following the ISO 17021, ISO 14971 and ISO 13485 standard (see Table 2).18,19 The aforementioned standards are not legally valid on their own, however they provide guidelines for the practical implementation of the MDR. To keep track of all available medical devices and to improve coordination between EU member states, every medical device should have an Unique Device Identifier (UDI) and be registered within the European database on medical devices (EUDAMED).20 Wrongly applying or not applying CE-marking, or uncomplying to the standards for post market surveillance, is ground for penalization. The most common reasons for failing an audit are: providing an incomplete search strategy, providing an incomplete audit trail, using ad hoc processes, questionable data integrity and providing non-transparent documentation. The NB usually gives the manufacturer an opportunity to revise documentation and visit again, sometimes even several times. When standards are not met after the re-audit, a manufacturer can be fined and ultimately, the NB can decide

22 Chapter 1 that CE-marking should be revoked. Consequently, the medical device should then be withdrawn from the market. Table 2: Overview of relevant International Standards when implementing the updated GDPR and MDR ISO 27001 Provides requirements for an information security management system (ISMS) ISO 27002 Is an information security standard that provides best practice recommendations on information security controls for use by those responsible for initiating, implementing or maintaining an ISMS. ISO 14971 Specifies terminology, principles and a process for risk management of medical devices, including software as a medical device. The standard helps manufacturers to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls. ISO 13485 Provides the requirements for a comprehensive quality management system for the design and manufacture of medical devices. ISO 17021 Contains principles and requirements for the competence, consistency and impartiality of bodies providing audit and certification of all types of management systems.

23 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know PART II: RESPONSIBILITY AND LIABILITY OF THE END-USER The manufacturer is the legal person responsible for compliance with the GDPR and the MDR of an app. However; any person, organization or company that puts a name or trademark on a medical device is stated as the manufacturer. In healthcare it is imaginable that a HCP has an idea for an app and then starts looking for a manufacturer. In large healthcare organisations, this may be facilitated in-house, but in smaller organisations this may be an external party. In the first scenario, the healthcare organisation is also the manufacturer. In the second scenario, where the app was built by an external party, the issue of who is deemed the manufacturer is more complex. For example, when the healthcare organization publishes an externally built app in the app stores, it is the healthcare organisation who legally becomes the manufacturer. When a healthcare organization uses a pre-existing app, but rebrands the app to match the corporate identity, the healthcare organization might become the manufacturer as well. In those scenario’s it is important to be aware of the responsibilities attached to being the manufacturer, or legally transfer them to the organization or party that actually built the app.21 When considering using a pre-existing app it is important to realise that the HCP using or advising the medical app can be held responsible when any harm occurs to the end user. Imagine a HCP considering a diagnostic test for a specific patient. The HCP uses a medical app to aid his/her decision and decides not to perform a diagnostic test based on the outcome advice of the app. What if the HCP misses an important finding or diagnosis? When the HCP uses an app that has been thoroughly tested and complies with all applicable legislation, the HCP cannot be held responsible as an individual healthcare provider, but the manufacturer can be. A manufacturer can also be held responsible for an app on which a CE-marking is wrongly applied or does not comply with the standards for post market surveillance. When HCPs decide to use an app which is not CE-marked it is their miscalculation to choose this app and therefore both the HCP and the organization they are working in, can be held responsible. Every medical device has a clearly stated intended use; the medical device is tested and certified for this use. When the HCP uses the app for purposes other than the intended use, the manufacturer cannot be held responsible. Manufacturers will therefore be very specific in formulating the intended use of a medical device. In this regard, it is essential that apps to be used are assessed on their quality and safety conformity and intended use, which may be done by several frameworks as discussed in the next section.

24 Chapter 1 PART III: WHERE TO START AND WHAT TO DO WHEN USING OR DEVELOPING AN APP AS A MEDICAL DEVICE In this part of this article, theoretical knowledge from the previous sections is translated into a practical checklist for using or developing an app as a medical device. Critical appraisal of medical apps Within the overwhelming amount of apps, it is challenging to find the apps with peer reviewed content and in compliance with the GDPR and MDR. Medical apps should be assessed on several aspects. A frequently used framework to assess medical apps are the Health on the Net (HON)-criteria.22 The HON foundation was founded in May 1996 and promoted the effective and reliable use of the new technologies for telemedicine in healthcare worldwide. Unfortunately, this non-profit organisation was not able to maintain their foundation and has discontinued their services as of December 15, 2022. The mHealthHUB, supported by the European Union’s Horizon 2020 research and innovation programme, has published a knowledge tool reviewing available frameworks in 2021.23 In August 2021 a new standard was published regarding the quality requirements for health and wellness apps, the ISO/TS 82304-2. The standard covers the entire life cycle of a medical app (post market surveillance and quality control). Apps are scored on four different domains, as shown in Figure 1. An overall quality score is also provided.24 Building custom medical apps When there is a healthcare scenario that cannot be addressed using an existing medical app meeting the necessary requirements, one can decide to build a new app. In order to do so the right way, the following aspects must be considered (see also Figure 2). Conditions Any medical app must meet specific healthcare-oriented privacy, design, and functionality criteria. To ensure that the app meets these conditions, content experts are needed, next to functional and graphical design specialists. If an app is designed to be used by patients, it is recommended that they be involved early in the development process. “Human factor engineering” or “patient included innovation” will improve the community support amongst intended users and decreases the risk of (wrong) usage of medical devices. An appropriate and well-functioning “User Interface” (UI) and “User Experience” (UX) of the app, designed together with the intended users, will help in presenting information effectively. Usability tests within the intended user group are important because only 30 to 60% of people can be considered health literate.25 To validate the quality and safety of the app, user trials or tests must also be incorporated in the development process, which is also specifically stated in the MDR.

25 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know Intellectual property If an app is developed by a contracted external developer, a good contract must be in place. It must be clearly defined who is the data processor of the app and who is the manufacturer, and thus who is responsible for compliance to the GPDR and the MDR. Furthermore, it is advisable to record specifically in writing who will have the intellectual property (IP). The party funding the app development will not automatically be the owner of the source code of the app or the IP. If the initiator of the app fails to record the IP, the manufacturer will automatically become the owner of the app.26 This situation can be problematic, when considering the transfer of the app to another external developer, especially if the current developer fails to comply with the agreements or legislations. Privacy and safety Medical apps have to comply to the GDPR and the MDR. When employed in a healthcare facility, you can rely on the expertise of Data Protection Officer (DPO) who is familiar with current rules and regulations regarding data protection. A DPO can help to make sure the app complies with the required legislation. Otherwise, external expertise must be sought to comply to the GDPR. An external app designer/developer that regularly works in the healthcare setting, will be familiar with the processing of personal data and is therefore obliged to have employed a DPO. Additionally, healthcare facilities often employ a MDR expert who can provide support. The ISO 27001, ISO 27002, EN ISO 13485, EN ISO 14971 and ISO/TS 82304-2 standards provide more practical guidelines for building apps that are compliant with the MDR and GDPR. Other agreements It is also advisable to decide on arrangements for situations that one would rather not consider. These situations include bankruptcy of an external manufacturer or a dissatisfying cooperation. In case of bankruptcy, the development and maintenance of mobile applications will stop. The source code will be transferred to a curator or another party (in the case of a takeover of the company). To ensure app development can continue at another chosen manufacturer, the source code must be transferred to the buyer/client/ initiator. Predetermined arrangements, such as a vendor lock, or an escrow agreement must be drawn up.

26 Chapter 1 CONCLUSION The discussion on the use of medical apps in healthcare and research is more vivid than ever. Apps have considerable potential for various purposes in healthcare, however it is crucial that apps are developed and used in a responsible manner and comply with relevant legislation. It is imperative for both app manufacturers and healthcare providers to be wellinformed about diligent guidelines pertaining to privacy and medical device regulations. Healthcare providers should be aware of their responsibilities and liabilities when developing or using a medical app in healthcare or research. Through a comprehensive understanding of the legislations, responsibilities and liabilities, both manufacturers and healthcare providers can contribute to the responsible and ethical use of medical apps, thereby maximizing their benefits while minimizing potential risks.

27 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know Figure 1: Quality label of health and wellness apps as published in the ISO/TS 82304-2

28 Chapter 1 Figure 2: Checklist of the most important considerations when using or developing a medical app

29 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know 1. WHO/ITU/Andalusian Regional Ministry of Health Initiative. mHealthHUB [Internet]. 20202 [cited 2022 Dec 27]. Available from: https://mhealth-hub.org/health-appsrepositories-in-europe 2. Laura Maa√ü, BA, MA, Merle Freye, ChenChia Pan, BSc, MA, Hans-Henrik Dassow, BSc, MA, Jasmin Niess, MSc, PhD, and Tina Jahnel, BA, MA, PhD. The Definitions of Health Apps and Medical Apps From the Perspective of Public Health and Law: Qualitative Analysis of an Interdisciplinary Literature Overview. JMIR Mhealth Uhealth. 2022 Oct; 10(10): e37980. 3. C.L. Ventola. Mobile devices and apps for health care professionals: uses and benefits. P T., 39 (5) (2014 May), pp. 356364 4. C. Baxter, J.A. Carroll, B. Keogh, C. Vandelanotte. Assessment of Mobile Health Apps Using Built-In Smartphone Sensors for Diagnosis and Treatment: Systematic Survey of Apps Listed in International Curated Health App Libraries. JMIR Mhealth Uhealth., 8 (2) (2020), p. e16741 5. S. Akbar, E. Coiera, F. Magrabi. Safety concerns with consumer-facing mobile health applications and their consequences: a scoping review. Journal of the American Medical Informatics Association., 27 (2) (2020 Feb 1), pp. 330-340 6. S.L. van der Storm, M. Bektaş, E.Z. Barsom, M.P. Schijven. Mobile applications in gastrointestinal surgery: a systematic review. Surg Endosc. (2023 Apr 4), 10.1007/ s00464-023-10007-y 7. European Parliament. REGULATION (EU) 2017/745 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL [Internet]. 2017. Available from: https:// eur-lex.europa.eu/legal-content/EN/TXT/ PDF/?uri=CELEX:32017R0745. 8. J. Shuren, B. Patel, S. Gottlieb. FDA Regulation of Mobile Medical Apps. JAMA., 320 (4) (2018 Jul), pp. 337-338 9. P. Henson, G. David, K. Albright, J. Torous. Deriving a practical framework for the evaluation of health apps. Lancet Digit Health., 1 (2) (2019 Jun), pp. e52-e54 10. European Parliament. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL [Internet]. Available from: https:// eur-lex.europa.eu/legal-content/EN/ TXT/?uri=CELEX%3A02016R067920160504&qid=1532348683434. 11. European Commission. Directive 95/46/ EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [Internet]. 1995. Available from: https:// eur-lex.europa.eu/LexUriServ/LexUriServ. do?uri=CELEX:31995L0046:EN:HTML. 12. GDPR.EU. GDPR checklist for data controllers [Internet]. [cited 2022 Dec 30]. Available from: https://gdpr.eu/checklist/. 13. Wolford B. What is a GDPR data processing agreement?. 2020 [cited 2022 Dec 28]; Available from: https://gdpr.eu/what-isdata-processing-agreement/. 14. European Commission. Commission postpones application of the Medical Devices Regulation to prioritise the fight against coronavirus [Internet]. 2020 [cited 2022 Dec 29]. Available from: https:// ec.europa.eu/commission/presscorner/ detail/en/ip_20_589. 15. European Commission. Counci l directive 93/42/EEC of 14 June 1993 concerning medical devices [Internet]. Available from: https://eur-lex. europa.eu/ LexUriServ/LexUriServ. do?uri=CONSLEG:1993L0042:20071011:en:PDF. 16. European Commission. Notified bodies Nando [Internet]. Available from: https:// ec.europa.eu/growth/tools-databases/ nando/index.cfm?fuseaction=directive. notifiedbody&dir_id=34. REFERENCES

30 Chapter 1 17. European Union. European Data Protection Supervisor [Internet]. [cited 2022 Dec 28]. Available from: https://edps.europa.eu/ about-edps_en. 18. International Organization for Standardization. ISO/IEC 17021-2:2016 Conformity assessment - Requirements for bodies providing audit and certification of management systems [Internet]. 2016 [cited 2022 Dec 31]. Available from: https:// www.iso.org/standard/70682.html. 19. International Organization for Standardization. ISO 13485:2016 Medical Devices [Internet]. 2016 [cited 2022 Dec 31]. Available from: https://www.iso.org/ standard/59752.html. 20. European Commission. EUDAMED database [Internet]. [cited 2022 Nov 22]. Available from: https://ec.europa.eu/tools/ eudamed/#/screen/home. 21. Wessing T. Product Liability for Medicines and Medical Devices in the European Union [Internet]. 2016 [cited 2022 Dec 31]. Available from: https://www.taylorwessing. com/synapse/ti-eu-medical-productliability.html. 22. Health On the Net. mHONcode the new certification of Health Mobile Applications [Internet]. 2020 [cited 2022 Dec 30]. Available from: https://myhon.ch/en/ certification/app-certification-en.html. 23. WHO/ITU mHealthHUB in EU. Knowledge Tool 1: Assessment frameworks in mHealth [Internet]. 2021 [cited 2022 Dec 28]. Available from: https://mhealth-hub.org/ documents. 24. International Organization for Standardization. ISO/TS 82304-2:2021 Health software [Internet]. 2021 [cited 2022 Dec 31]. Available from: https://www.iso. org/standard/78182.html. 25. G. Quaglio, K. Sørensen, P. Rübig, L. Bertinato, H. Brand, T. Karapiperis, et al. Accelerating the health literacy agenda in Europe. Health Promot Int., 32 (6) (2016 Apr), pp. 1074-1080 26. M.E. Smith. A legal and practical guide to developing mobile medical applications ('"apps"'): navigating a potential minefield. J Mob Technol Med., 5 (1) (2016 Mar), pp. 52-61

31 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know

CHAPTER 2

33 2 Mobile applications in gastrointestinal surgery: a systematic review Mobile applications in gastrointestinal surgery: a systematic review van der Storm SL, Bektaş M, Barsom EZ, Schijven MP. Surg Endosc. 2023 Jun

34 Chapter 2 ABSTRACT Background: Mobile applications can facilitate or improve gastrointestinal surgical care by benefiting patients, healthcare providers, or both. The extent to which applications are currently in use in gastrointestinal surgical care is largely unknown, as reported in literature. This systematic review was conducted to provide an overview of the available gastrointestinal surgical applications and evaluate their prospects for surgical care provision. Methods: The PubMed, EMBASE and Cochrane databases were searched for articles up to October 6th 2022. Articles were considered eligible if they assessed or described mobile applications used in a gastrointestinal surgery setting for healthcare purposes. Two authors independently evaluated selected studies and extracted data for analysis. Descriptive data analysis was conducted. The revised Cochrane risk of bias (RoB-2) tool and ROBINS-I assessment tool were used to determine the methodological quality of studies. Results: Thirty-eight articles describing twenty-nine applications were included. The applications were classified into seven categories: monitoring, weight loss, postoperative recovery, education, communication, prognosis, and clinical decision-making. Most applications were reported for colorectal surgery, half of which focused on monitoring. Overall, low-quality evidence was found. Most applications have only been evaluated on their usability or feasibility but not on the proposed clinical benefits. Studies with high quality evidence were identified in the areas of colorectal (2), hepatopancreatobiliary (1) and bariatric surgery (1), reporting significantly positive outcomes in terms of postoperative recovery, complications and weight loss. Conclusion: The interest for applications and their use in gastrointestinal surgery is increasing. From our study, it appears that most studies using applications fail to report adequate clinical evaluation, and do not provide evidence on the effectiveness or safety of applications. Clinical evaluation of objective outcomes is much needed to evaluate the efficacy, quality and safety of applications being used as a medical device across user groups and settings.

35 2 Mobile applications in gastrointestinal surgery: a systematic review INTRODUCTION The use of smartphones and mobile application software (apps) is deeply integrated into society and their potential is being increasingly recognized in healthcare. In the past decade, the development of healthcare apps has rapidly increased, with the intention of providing medical solutions to some extent. At present, over 400.000 healthcare apps are available for download in mobile app stores worldwide.1 To date, the number of apps used in gastrointestinal surgical care is limited compared with that in other surgical disciplines.2 This may change rapidly. Apps are believed to offer great possibilities to support or improve gastrointestinal surgical care, and overall healthcare is on the lookout of the smart use of digital solutions in times of limited resources. Apps may facilitate patients, healthcare providers (HCP), or both. Apps have the potential to improve information provision, communication between patients and HCP, clinical decision-making, perioperative guidance and monitoring, and education/training. In addition, apps may be used to register clinically relevant variables as apps can be developed to connect with sensors or other measurement devices such as a camera, an activity tracker, a biosensor, or a blood pressure monitoring device.3,4,5. The use of apps in healthcare is not without controversy or debate.6,7 As apps may influence patient-reported or clinical outcomes, they must be properly developed and validated. Apps or software in general to be used as a medical device must comply with standards as described by the European Medical Device Regulation (MDR) or the American Food and Drug Administration (FDA), safeguarding the quality and safety of the app.8,9 However, the distribution of apps is limitedly regulated by the app stores, with minimum supervision on whether these specific legislations are indeed met. Even if they are met, it is not guaranteed that the use of the app will lead to valid and reliable results across situations and user settings.7,10 For that, scientific research validating apps with welldesigned research protocols is required. To date, a clear overview of properly validated gastrointestinal surgical apps is lacking. Therefore, this systematic review focuses on the following research questions: (1) Which apps that are used in gastrointestinal surgical care have been described in literature? (2) Are these apps clinically evaluated on objective outcomes and able to improve gastrointestinal surgical care?

36 Chapter 2 METHODS This systematic review was conducted in line with the Cochrane Handbook for Systematic Reviews of Interventions version 6.0 and reported according to PRISMA 2020.11 This study was registered in Open Science Framework (number X56RA). Studies were considered eligible if they assessed or described mobile apps used in a gastrointestinal surgery setting and were published in 2010 or later. The search was last updated October 6th 2022. A mobile app is defined as a software program which operates only on a smartphone or tablet (and thus, not web-based software). Keywords related to mobile apps and gastrointestinal surgery were incorporated into the search strategy. The search string is presented in the appendix. The included articles were cross-referenced to identify any additional relevant studies. Studies were excluded if (1) the described mobile app was only used to register study outcomes (e.g., number of complications and operation time), (2) the articles were conference proceedings or study abstracts, as they do not provide adequate insights into the app or its evaluation, (3) reviews, and (4) the results were published in a language other than English. Two reviewers (SvdS and MB) independently assessed all titles and abstracts according to the inclusion and exclusion criteria in the software tool “Rayyan”. Studies were included in the full-text evaluation when both reviewers agreed on inclusion. Disagreements were resolved through appraisal by a third reviewer (EB). The methodological quality of the randomized controlled trials was assessed using the Revised Cochrane risk of bias tool for randomized trials (RoB-2).12 This tool determines the overall risk of bias that is based on the randomization process, deviations from intended interventions, missing outcome data, measurement of outcomes and selection of reported results. The ROBINS-I tool was used to determine the methodological quality of nonrandomized studies, in which the overall risk of bias is based confounding, participant selection, intervention classification, deviations from intended interventions, missing outcome data, measurement of outcomes, and selection of reported results.13 Data were extracted independently by two reviewers (SvdS and MB) in a standardized form that included: year of publication, country, study design, number of participants, characteristics of included participants, type of surgery, name of the app, platform of the app, functionalities of the app, and study outcomes. All study outcomes on usability, satisfaction and clinical outcomes were included because apps may have heterogeneous aims and functionalities. Conflicts among reviewers were resolved by consensus. The results of studies were summarized according to the apps described. The apps were categorized based on their functionalities to provide a structured overview of available apps. The apps were described within these categories and were assessed on their outcome evaluations.

RkJQdWJsaXNoZXIy MTk4NDMw