Table 4

Minimal and optimal target product profile characteristics focused on data characteristics, as defined by expert consensus process

CharacteristicsMinimal requirementsOptimal requirementsComments
Data captureText, numeric, image, audio, videoSame as minimal, and GPS, barcode and biometric
Data validationThe system validates data entry to prevent errors that diminish value of the data or the outcome
Data ownershipOwnership shall be determined by the healthcare programmeThe healthcare programme is responsible for compliance with any country law, policy and regulation
Data storageThe healthcare programme shall be able to choose the destination of the app’s dataSame as minimal
Data recoveryData can be recovered or the system can be re-established to the desired state in the event of interruption or failure
Data flowThe flow of data shall be determined by the healthcare programmeSame as minimal
Data reportingData export available from all target devicesPrebuilt data reporting, analytics and dashboards are available with the appThe level of data manipulation, aggregation and reporting should be sensitive to the device the app is running on, that is, the computer app can be rich in functionality, and the mobile app is optimised for data collection and exchange only
Data provenanceIncludedSame as minimalProvides origin and processes applied to output data. When data are downloaded or shared, the version of the model is tagged so it is always clear how the data were obtained
Data dictionaryAvailable, referencing standards used (eg, ICD, SNOMED)Ensures indicators reported are uniform across different health programmes
Data security and privacyThe app operates under secure connectivity which meets data protection and regulations of individual countries to avoid loss and corruption of sensitive data, and mitigate cyberattacks, whether data are at rest or in transmission.
Conforms to national privacy laws. Includes processes such as:
  •  Two-factor authentication

  •  Authorisation/access control

  •  De-identified data

  •  Data encryption

Encourages GDPR (should no national data security policies exist) to ensure a system that:
  •  Preserves data integrity

  •  Identifies and mitigates risks

  •  Provides relevant parties security processes

  • GPDR, General Data Protection Regulation; GPS, global positioning system; ICD, International Classification of Diseases; SNOMED, Systematized Nomenclature of Medicine.