Skip to main content
. 2020 Feb 28;5(2):e002067. doi: 10.1136/bmjgh-2019-002067

Table 4.

Minimal and optimal target product profile characteristics focused on data characteristics, as defined by expert consensus process

Data
Characteristics Minimal requirements Optimal requirements Comments
Data capture Text, numeric, image, audio, video Same as minimal, and GPS, barcode and biometric
Data validation The system validates data entry to prevent errors that diminish value of the data or the outcome
Data ownership Ownership shall be determined by the healthcare programme The healthcare programme is responsible for compliance with any country law, policy and regulation
Data storage The healthcare programme shall be able to choose the destination of the app’s data Same as minimal
Data recovery Data can be recovered or the system can be re-established to the desired state in the event of interruption or failure
Data flow The flow of data shall be determined by the healthcare programme Same as minimal
Data reporting Data export available from all target devices Prebuilt data reporting, analytics and dashboards are available with the app The level of data manipulation, aggregation and reporting should be sensitive to the device the app is running on, that is, the computer app can be rich in functionality, and the mobile app is optimised for data collection and exchange only
Data provenance Included Same as minimal Provides origin and processes applied to output data. When data are downloaded or shared, the version of the model is tagged so it is always clear how the data were obtained
Data dictionary Available, referencing standards used (eg, ICD, SNOMED) Ensures indicators reported are uniform across different health programmes
Data security and privacy The app operates under secure connectivity which meets data protection and regulations of individual countries to avoid loss and corruption of sensitive data, and mitigate cyberattacks, whether data are at rest or in transmission.
Conforms to national privacy laws. Includes processes such as:

  •  Two-factor authentication

  •  Authorisation/access control

  •  De-identified data

  •  Data encryption

 Encourages GDPR (should no national data security policies exist) to ensure a system that:

  •  Preserves data integrity

  •  Identifies and mitigates risks

  •  Provides relevant parties security processes

GPDR, General Data Protection Regulation; GPS, global positioning system; ICD, International Classification of Diseases; SNOMED, Systematized Nomenclature of Medicine.