Many of us have done it. You’re with a patient and you launch that handy little app which you’ve just downloaded to your smartphone. It might perform a useful calculation, crunch through an algorithm or generate some essential clinical advice. During a busy day’s work, clinical apps can save us time, paper and brainpower. But what you might not know is that your efforts to become more efficient, effective, innovative and possibly safer might actually be exposing your patient to harm and you to litigation.

It would be a crime for a clinician to prescribe an untested medication brewed up in some anonymous apothecary’s cellar. Yet clinicians are willing to base clinical decisions on technology sometimes concocted in not dissimilar conditions. In Europe and other parts of the world, the technology we use to support healthcare is carefully regulated. Manufacturing or implementing technology which is in breach of these regulations is an offence in many cases. This situation has led to organisations such as the Royal College of Physicians to issue formal advice on the use of apps in clinical practice.

But surely any app which has made it into the Apple iStore or Google Play must be fine?

Not so. App stores have little or no obligation to check the regulatory credentials of medical apps nor their effectiveness in a particular clinical context. Anyone with a little technical knowledge can develop a medical app and make it available through the popular distributors.

But all my colleagues use App X every day and no one has come to harm yet.

The number of people using a particular app has no bearing on its regulatory status, more people using an unregulated app might simply expose more users and patients to a fault. Similarly, an individual can fall foul of medical device law just by using an unregulated medical device, a patient doesn’t need to actually come to harm.

At the end of the day I can always apply clinical judgement so surely whether or not to use a particular app is my call?

Clinicians are only able to question the validity of information if they are able to detect that there might be an error. If an app freezes or the device’s battery fails then we notice that something is wrong and take a different tack. But faults are not always apparent and often we rely on clinical data more than we’d like to admit. Ask yourself, if this information was incorrect would I really know? Suppose the data was wrong but utterly believable in a particular clinical context?

So how do I know if an app complies with the regulations?

This is where things become a little complicated. Firstly not all medical apps are subject to regulation; in Europe it all depends on something called the Intended Use. Some apps are explicit about their Intended Use (for example, they may state that they should only be used for ‘lifestyle purposes’, i.e. not to support formal clinical care). For others, the Intended Use is less clear. Even when the Intended Use is known, deciding on whether or not it falls within medical device regulation requires specialist knowledge.

Those apps which have met the requirements of the regulations display a ‘CE Mark’. But there’s complexity here also. Lots of technology has a CE Mark affixed (have a look underneath the device on which you are reading this text) – it doesn’t mean to say that the product is a certified Medical Device. To date, there is no European wide register of certified Medical Devices.

So are all clinical apps evil, developed by 12 year-old hackers in a darkened room trying to make a quick buck?

No, clearly not. Many are developed by highly reputable manufacturers who have invested heavily in producing a high quality product which has been subject to regulatory scrutiny and involved industry experts. Ultimately apps are just like any other piece of software. They are safe to use so long as their provenance, risk and regulatory position is fully understood.

The key message for clinicians is to ensure that a decision on whether a particular app should be used to support care needs be taken at organisational level, involve personnel knowledgeable in medical device regulation and, where appropriate, include the regulator. A decision on whether to trust the data produced by apps shouldn’t be a personal one to be made at the bedside at 4am. Instead the decision needs to be strategic, thought-out and appropriately risk assessed by responsible healthcare organisations and their governing bodies.

Dr Adrian Stavert-Dobson is the Managing Partner of Safehand, independent consultants in clinical risk management, and the author of Health Information System: Managing Clinical Risk.