A Blockchain-Based Regulatory Framework for mHealth

: Mobile health (mHealth) is playing a key role in facilitating health services for patients. Such services may include remote diagnostics and monitoring, chronic conditions management, preventive medicine


Introduction
Mobile health, also known as mHealth, have received substantial interest in healthcare practice and research in recent years.mHealth is a term used to define any healthcare practice supported by wireless technology or mobile devices [1].For example, an mHealth app can assist healthcare providers in monitoring patients' clinical conditions, educating them on self-monitoring, and reinforcing treatment adherence [1][2][3][4].mHealth applications can also support various medical functions, including drug dose calculation [5], clinical reference [6,7], medical records access [8], and clinical decision-making support [9].Additionally, mHealth apps can help in reducing the frequency of unnecessary hospital visits by patients, therefore decreasing the mobility of patients who are immunosuppressed to highrisk areas [2].mHealth apps also support workflow management, sharing health records, and storing, enabling more efficient and effective medical practice [10].During the COVID-19 outbreak, the adoption of mHealth applications turned out to be an essential component to control and manage the pandemic outbreak because of their ubiquity [11,12].These digital solutions have proved to be readily designed to address prevention, early detection, screening, education, information sharing, and treatment of infected individuals [2].
Even with the great potential for enhancing healthcare, mHealth apps, if inaccurate, misused, or misapprehended, can present the wrong diagnosis and expose users' safety to risk [10].Further, these medical apps fall short of providing necessary operational transparency, patient safety management, and incidents and operational failures reporting [13][14][15].Vos and Parker [16] stated that if mHealth apps are misused, they have the potential to present a serious hazard.Hence, regulating mHealth apps is both timely and necessary to protect potential risks to users [17].It should be noted that mHealth apps may fail to allow users/patients to report operational failures or adverse events resulting from the app use.Therefore, a comprehensive regulatory and reporting framework is urgently needed [16].Creating a regulatory system using a centralized repository would prove cumbersome and requires coordination across all stakeholders and participating parties.It would necessitate expensive, complex, and complicated technical infrastructure to store, access, and provision centralized data for users.As an alternative, blockchain technology offers a potential approach to provide secure, traceable, tamper-resistant, and safe access with improved security.
Blockchain is a shared, distributed ledger and facilitates immutable recording of transactions in a network [18].This technology has gained attention as an instrument for transferring information between stakeholders based on a distributed ledger that provides complete transparency and immutability of data [19].A blockchain involves an expanding list of transactions ordered in blocks on a peer-to-peer network.The verified transactions are stored after being digitally signed and timestamped by the sender.This provides a cryptographically undisputable proof of origin and existence of a transaction at any moment in time [20].This technology is also tolerant against data tampering, manipulation, and network failure [21].Blockchain technology can reinforce regulatory compliance and oversight since it provides credibility of transactions in a shared and transparent ledger [22].Blockchain can assist regulators in ensuring compliance with detailed steps required to adhere to complex regulations.The potential benefits of this technology are, therefore, significant and can be summarized in introducing lower costs, improving compliance and governance, decreasing lead times, guaranteeing continuity of processes, and creating an environment that enables secure and easy communication among regulators and those they regulate [23].
The contributions of this paper are presented as follows: -We discuss the potential benefits of blockchain technology for mHealth apps that enable oversight, pre-certification of app developers, post-market surveillance, and operational failures reporting.
We present a regulatory framework using blockchain technology to govern the promotion and use of mHealth apps.This framework provides an effective, autonomous, streamlined, and efficient regulatory oversight that ensures the safety and effectiveness of mHealth apps.
We present an application to highlight the practicality of blockchain for mHealth in managing, assessing, and reporting operational failures and adverse events.-We present and discuss several open research challenges that prevent mHealth apps from fully exploiting the features of blockchain technology.
The rest of the paper is structured as follows.Section 2 introduces the mHealth applications and potential benefits of blockchain technology in healthcare.Section 3 briefly introduces the study design, while Section 4 outlines the proposed regulatory framework for mHealth.Section 5 presents a case study for a possible application of the framework in Diabetes mHealth applications, while Section 6 discusses compliance, governance, and open challenges.Finally, Section 7 presents the conclusions, limitations of the study, and opportunities for future research.

Related Work
This section provides the necessary background for developing a trusted regulatory framework for mHealth apps using blockchain technology.
Data 2022, 7, 177 3 of 22 2.1.mHealth Applications mHealth apps have become popular among mobile users [24].These apps are software programs on mobile devices, including smartphones and tablets [25].mHealth apps proved to be very valuable, not only to their direct users, but also to medical professionals who benefit from their usability for monitoring patients' progress [26].Medical apps are used in diagnosis and treatment, electronic prescribing, coding and billing, patient monitoring, and e-learning [27].These apps can greatly empower providers and enhance clinical decision-making and analysis [24].
While medical apps offer many benefits, they may also pose several risks, especially those used in clinical diagnosis [13,15].Recent investigations have provided evidence that third-party developers do not cite or offer references for the material provided in the app [28,29].In a study that investigated the source of information supplied in cancerrelated apps (i.e., chemotherapy dose and regimen calculators, cancer staging apps, and radiological imaging apps), the authors discovered that only 55.8% of the apps provided scientifically validated data [30].In another study, the authors looked at the reliability of opioid conversion apps.They found that just half of them were reliable, while the other half did not reference their dose conversion guides [31].These studies indicate that mHealth apps can be helpful as a medical reference, however, their content quality might jeopardize patient care.
In addition to the apps' information quality, another concern is the potential safety risks to users.The app developers are expected to demonstrate clinical validation and consultation with healthcare providers and trained staff to deliver accurate and safe information.Despite this, earlier studies showed limited collaboration between app developers and healthcare providers during the app development process [14].
Furthermore, some mHealth apps do not go through a formal evaluation before being launched to the public [14].While there are various app stores available (e.g., Apple Store and Google Play [32]), mHealth developers might be only required to submit app details for evaluation by such stores While an assessment is executed to guarantee that the apps have no major technical issues and function as intended, the quality of the apps' medical content may not be comprehensively reviewed [17,33].As a result, several apps of poor quality can slip through the assessment procedure.In addition to the alarming lack of a robust app assessment process, there is also the general absence of regulatory oversight.In fact, due to the complexity and diversity of the software products, their regulatory oversight has proven to be challenging [14].
The FDA did not explicitly address the regulation of mHealth apps until 2011, with the issuance of draft guidance on the subject [34].The FDA, for example, does not regulate apps that give contextually relevant access to clinical material used in medical practice (for example, apps that check for drug-drug or drug-allergy interactions) [3].Likewise, the FDA does not evaluate apps that offer clinical practice guidelines to providers or other treatment recommendations for a specific medical condition [35].Since many of these apps are used to support critical treatment decisions (for instance, determining drug choice or drug dose), it is imperative to hold app developers responsible for the accuracy and quality of the content provided [14].Additionally, given the sheer volume of mHealth apps and their quick adoption by users, it is imperative to review apps' current regulatory oversight process to verify if the existing frameworks fit their intended purpose [33].

Blockchain Technology
Blockchain technology is a shared and distributed ledger used for tracking and storing transaction records.This technology offers a shared and permanent record of peer-topeer transactions constructed from connected blocks of transactions and kept in a digital ledger [36].Blockchain relies on proven cryptographic techniques without pre-existing trust between the stakeholders [37].There is no central authority in a blockchain that controls the network; transaction records are stored and distributed among all system members.All participants are aware of interactions with the blockchain and require network verification before the information is added, allowing trust-less communication between network participants while recording an immutable audit trail of all interactions [38].Blockchain technology can facilitate data fraud detection and operational efficiencies in addition to enforcing regulatory compliance and governance.These blockchain features offer unique benefits that traditional centralized systems cannot achieve [39].
One of most imperative concepts linked with blockchain technology is smart contracts [40].As a computer program or a transaction protocol, smart contracts provide substantial benefits in traceability and immutability after their deployment [41].Most blockchain applications are programmed using smart contracts [42]; therefore, their successful development is vital in successful blockchain implementation.Decentralization is another crucial aspect of blockchain technology since it removes intermediaries from the network, lowering transaction fees and improving data security.Furthermore, blockchain technology has intrinsic characteristics, such as cryptographic methods and time-stamped records, traceability, data integrity, immutability, and transparency [43].
Blockchain technology is well suited to tackling some of the particular issues associated with regulating mHealth apps.Blockchain architectures enable near-real-time decentralized information exchange across stakeholders when trust is limited (i.e., between the regulated and the regulator).Further, they give means for trusting the validity of compliance data and provide an immutable audit trail for transactions [44].Hence, blockchains can make transaction reporting easier without jeopardizing regulated parties and regulators' general roles and obligations, improving risk transparency [22].

Study Design
In order to understand the potential implications of the blockchain technology in mHealth, the following steps are taken in this study design to lead to a blockchain-based regulatory framework.First, data and information on mHealth regulation is methodically collected to help identify requirements of the proposed framework.At this stage, the literature review and examples from the healthcare industry are primarily used to help understand the current mHealth regulation practice.This stage also helps identify the key stakeholders, challenges, and potential blockchain features that can be beneficial in providing safer regulatory framework for mHealth apps.
Further, a case study on diabetes mHealth application is demonstrated to present two important safety functions, namely risk assessment and incident reporting, where blockchain may have unique contributions in an mHealth context.Lastly, we discuss compliance, governance, and various open challenges regarding the use of blockchain in mHealth environment.

Blockchain-Based mHealth Applications
This section describes our system and its stakeholders and presents our proposed solution.

Blockchain for the Regulation of mHealth Applications
Blockchain technology can provide substantial benefits to the regulation of mHealth apps.For instance, data integrity, security, reliability, accessibility, and immutability of all transactions are fundamental characteristics that can improve mHealth [45].Additionally, the ability to add verifiability and authentication of stakeholders' identity, primarily mHealth providers, are characteristics that can increase the trust in and safety of these services.Blockchain also can alleviate several issues such as the centralization of data, poor data quality and documentation, lack of trust, and the absence of better governance.With blockchain, regulators would not have to gather, store, reconcile, or aggregate data because blockchain data is decentralized by design.All transactions are immutably recorded on the distributed ledger, resulting in a complete, secure, irrevocable, and permanent record [39].
With the decentralized nature of blockchain, regulators and other stakeholders would maintain the same copy of the ledger, saving the entire chain a significant amount of money.Further, having a secure regulatory framework provides safety assurances.It would also create credibility and trust among users and app providers and can be designed to comply with other international standards, facilitating market entry.Table 1 summarizes the challenges that the current mHealth system faces.Further, it presents opportunities through blockchain features to benefit in a regulation oversight framework.Moreover, it presents the stakeholders that will play a role in the process and potentially benefit from these opportunities.
Table 1.Requirements and potential benefits of blockchain in the regulation and post-market surveillance of mHealth applications.

Current Problems Challenge Description Blockchain Features Remarks Stakeholders
Data Quality and Documentation Centralized system [46] Centralized data storage and processing platforms often result in data inconsistency [46], increase the cost of completing transactions, and encourage data beautification and falsification.They are hard to maintain and expensive [47].

Current Problems Challenge Description Blockchain Features Remarks Stakeholders
Low data security [54] The current regulatory framework operates on a centralized database which poses many data security risks, including a single point of failure [28].By creating an immutable and encrypted system end-to-end, preventing fraudulent and unauthorized activities becomes an easy task.It would also prevent the duplication of the app software in abundant duplicates and can spread outside the developer's control [57].

Governance and Accountability
No pre-certification of app developers [17] The app developers (individuals and companies) do not undergo a pre-assessment to check if they meet excellence standards and demonstrate a previous history in developing safe and effective apps [17,33].
Register approved developers [57] Blockchain would lend its distinct decentralization advantages of DLT to enable streamlined oversight and communication [58].
App Developer I Agency Reviewer (i.e., FDA, MHRA) The inconsistent app appraisal process [33] Currently, app developers struggle with the uneven distribution of information, resulting in an inconsistent appraisal process [17].As a result, developers do not know what to expect when appraised and do not fully understand the criteria.

I Consensus algorithm: apply consistent rules and obligations to developers [48] I
Validation and verification before trigging a transaction I Unified network protocols and standards [48] Blockchain would play the role of proof-of-process so that all the required steps are easily traceable and verifiable.Blockchain can also maintain rules and standards to allow developers to understand the appraisal process [39,48].mHealth apps collect data through interactive questionnaires, separate accessories linked to the mobile device, or features in the mobile device such as the camera, microphone, or motion sensor [34].Apps may leverage medical algorithms or calculators to process these data and generate personalized diagnosis and therapy recommendations.mHealth apps can make the collection of granular patient data easy and possible [65].These data are susceptible, and storing them in centralized databases may risk leakage or exposure.However, with the help of blockchain, we can enhance the efficacy of mobile-based healthcare applications for sharing and collaborating data [62].Using a user-centric system of data sharing, we can design a system that connects patients, healthcare providers, insurance providers, and, lastly, the blockchain network.In mHealth, this technology can also be very beneficial in the following ways: Improve remote prescription adherence.Smart contract-powered mHealth apps can assist in automating prescriptions and refill notifications.This technology can also guarantee compliance to medication while minimizing hospital re-admissions and poor medical performance.It can also help care providers facilitate the process to build morale and patient involvement.
Improve contact with providers.mHealth technology based on the blockchain can increase the ability to unify the health system.It can also enable healthcare providers, patients, and hospital staff to connect using encrypted texting and messaging, video calls, and access to mobile health records.Besides, it can guarantee seamless system interoperability, therefore lowering the expenses and delays related to fragmented collaboration.
Activate remote monitoring of patients.Healthcare providers can remotely control patients' medical conditions with blockchain-based mHealth apps.Patient remote monitoring can be achieved by analyzing the immutable data collected by IoT-enabled wearable devices, such as wristbands, fitness trackers, and watches.Hence, patients can be confident that their condition is being controlled while there are no privacy breaches or data misuse due to blockchain-powered attributes.
Improve diagnostic quality.By giving healthcare providers access to patient medical data with minimal errors, blockchain mHealth apps would reduce their burden.Physicians can also diagnose patients effectively with access to their records and handle more patients daily.Moreover, patients will determine which data they want to share with which diagnostic provider.Figure 1 illustrates an example of a potential use case of blockchain in mHealth, a blockchain-based data-sharing framework for mHealth.This proposed framework illustrates how data are collected from mobile devices and aggregated in the blockchain network.The figure illustrates the case of a diabetic patient who uses a diabetes wearable device and requires remote monitoring.As illustrated, the data collected from the wearable device are uploaded into the decentralized storage system.These data are then analyzed by the healthcare provider to monitor and control the patient's condition remotely.

System Stakeholders
Creating a blockchain-enabled system for regulating and monitoring mHealth apps involves several stakeholders.It is important to note that the successful information exchange among stakeholders is vital in designing an information technology system [66,67].Potential stakeholders are patients, healthcare providers, apps developers, regulatory entities, and researchers.Table 2, below, summarizes their key roles and responsibilities.

Entity Role Responsibilities ser
Use the mHealth app and report any issues that might arise.
-Grant access to desired parties -Deny and revoke data access from any other parties re Providers Access the mHealth app and report any issues that might arise.
-Report and update health data -Warn authorities about the device compliance ers and Aca-Develop mHealth apps and devices and explore improvements and potential contributions.
-Research new methods to improve processes -Use the data to obtain more insight and identify trends in healthcare elopers Build mHealth apps with the intent of helping users manage their medical conditions while assuring compliance with the applicable regulations.
-Lower the complexity of the app and provide good functionality -Follow safety regulations when building an app -Update the app in case of failures -Perform a post-market surveillance -Monitor and act upon any adverse events or complaints

System Stakeholders
Creating a blockchain-enabled system for regulating and monitoring mHealth apps involves several stakeholders.It is important to note that the successful information exchange among stakeholders is vital in designing an information technology system [66,67].Potential stakeholders are patients, healthcare providers, apps developers, regulatory entities, and researchers.Table 2, below, summarizes their key roles and responsibilities.

Entity Role Responsibilities
Patient/User Use the mHealth app and report any issues that might arise.
-Grant access to desired parties -Deny and revoke data access from any other parties

Healthcare Providers
Access the mHealth app and report any issues that might arise.
-Report and update health data -Warn authorities about the device compliance

Researchers and Academics
Develop mHealth apps and devices and explore improvements and potential contributions.
-Research new methods to improve processes -Use the data to obtain more insight and identify trends in healthcare

System Overview
As illustrated in Figure 2, our proposed system will support the development of a regulatory model that can offer an efficient and streamlined oversight of medical apps.This framework assures limiting the market to developers who have a robust safety culture, continuous improvement, quality, and who are devoted to monitoring their products once launched to the public.Review the app code and provide access to app content on the platform.
-Attest and certify the app code

System Overview
As illustrated in Figure 2, our proposed system will support the development of a regulatory model that can offer an efficient and streamlined oversight of medical apps.This framework assures limiting the market to developers who have a robust safety culture, continuous improvement, quality, and who are devoted to monitoring their products once launched to the public.This proposed solution intends to investigate and inspect the app developer first, rather than the product.As a result, this regulatory framework will ensure responsiveness, safety, and effectiveness when problems arise to help ensure app users continue to have access to safe and effective apps.We should also note that the justification for the use of blockchain features (e.g., consensus algorithm, smart contracts, and distributed ar- This proposed solution intends to investigate and inspect the app developer first, rather than the product.As a result, this regulatory framework will ensure responsiveness, safety, and effectiveness when problems arise to help ensure app users continue to have access to safe and effective apps.We should also note that the justification for the use of blockchain features (e.g., consensus algorithm, smart contracts, and distributed architecture, etc.) that mHealth regulatory framework can benefit is comprehensively addressed in Table 1.
Figure 3 illustrates the system overview of our proposed regulatory framework that includes various smart contracts, as follows: Data 2022, 7, 177 12 of 21 Reputation Smart Contract.This smart contract involves assigning a reputation score to developers derived from assessing their performance and trustworthiness.Therefore, the reputation is positively affected by reputable and qualified developers and negatively affected by fraud.
Post-market Surveillance Smart Contract.This smart contract is responsible for verifying the continuity of safety, effectiveness, and performance of medical apps once in the market.
The present solution also integrates off-chain storage systems, such as cloud storage, or a decentralized storage system, such as Filecoin, Interplanetary File System (IPFS), or StorJ.Off-chain storage is used for storing, accessing, and keeping track of large-size digital content such as pre-market applications, app code, and documentation.

Case Study: Diabetes mHealth Applications
Diabetes (diabetes mellitus) is a chronic condition involving several stakeholders besides the patient, for example, the healthcare provider, endocrinologist, and multi-specialty team, including eye specialists, nephrologists, and cardiologists [68].As a result, patients with diabetes frequently create vast amounts of data, including physical activity, self-measurement of blood glucose, continuous glucose monitoring (CGM), and blood pressure [69].Therefore, mHealth apps can effectively provide a platform to track health condition and health-related data [70].
People with chronic illnesses, particularly diabetes (type 1 and 2), have found mobile health technologies quite beneficial.Patients who have diabetes must keep track of much information about their condition, including blood sugar levels, meals, exercise, and pre- Registration Smart Contract.This smart contract is responsible for registering app developers (companies or individuals), app code, and other relevant stakeholders.
Pre-market Approval Smart Contract.This smart contract is concerned with the appraisal process to evaluate the safety and effectiveness of apps.
Reputation Smart Contract.This smart contract involves assigning a reputation score to developers derived from assessing their performance and trustworthiness.Therefore, the reputation is positively affected by reputable and qualified developers and negatively affected by fraud.
Post-market Surveillance Smart Contract.This smart contract is responsible for verifying the continuity of safety, effectiveness, and performance of medical apps once in the market.
The present solution also integrates off-chain storage systems, such as cloud storage, or a decentralized storage system, such as Filecoin, Interplanetary File System (IPFS), or StorJ.Off-chain storage is used for storing, accessing, and keeping track of large-size digital content such as pre-market applications, app code, and documentation.

Case Study: Diabetes mHealth Applications
Diabetes (diabetes mellitus) is a chronic condition involving several stakeholders besides the patient, for example, the healthcare provider, endocrinologist, and multispecialty team, including eye specialists, nephrologists, and cardiologists [68].As a result, patients with diabetes frequently create vast amounts of data, including physical activity, self-measurement of blood glucose, continuous glucose monitoring (CGM), and blood pressure [69].Therefore, mHealth apps can effectively provide a platform to track health condition and health-related data [70].
People with chronic illnesses, particularly diabetes (type 1 and 2), have found mobile health technologies quite beneficial.Patients who have diabetes must keep track of much information about their condition, including blood sugar levels, meals, exercise, and prescriptions, all of which mHealth apps can support [69,71].The mHealth apps can be generally categorized into three classes: apps that serve as stand-alone clinical devices, apps used for wellness tracking, and apps that exhibit, download, or make use of data from medical devices that diagnose, monitor, prevent, or treat an illness (i.e., CGM, insulin pump) [72].Apps that are designed to assist in diabetes management are the most commonly used among nearly half a million apps in the market [73].Given that more than 2.7 billion people have access to smartphones and over half a billion people use mHealth applications for physical exercise, diet, and chronic disease management, diabetes apps have the most considerable potential for impact [72,74].

Risk Assessment
mHealth apps such as those used for diabetes might pose a significant risk to users and affect confidence among healthcare providers and patients if poorly designed.For example, apps used for diabetes diagnosis and therapy, such as the calculators used for drug dosage recommendations, may directly affect the user's safety [29].A recent study investigated the accuracy and clinical suitability of apps calculating insulin dose and identified that only 1 out of 46 apps was issue-free [75].The poor quality of apps, their incompleteness regarding information and functions, and poor ease of use were the most frequently mentioned disadvantages of use [5].Hence, risk categorization of the medical apps is vital to define their level of security, quality, and corresponding regulation model.The FDA leverages the risk category framework established by the International Medical Device Regulators Forum (IMDRF) to advise the risk category of medical apps.For example, an app that provides essential information about the treatment/diagnosis of a critical health situation is regulated and controlled as a Class IV device.Table 3 explains how to define the risk category of apps based on the condition or status of the user and the significance of the information it provides.Apps in Class I will necessitate only an inspection to be conducted locally, those in Class II will need an additional formal risk assessment, and those in Class III and IV will need to comply with formal regulations and criteria set by regulating authorities such as the FDA, due to their high potential of resulting in harm [13].Table 4 further explains the differences between the four classes.It might be impossible to detect all app-related issues [29] because some problems become apparent only after thorough testing.Therefore, it is critical to comprehend and quantify the risks that medical apps pose to inform safe clinical use of mHealth apps and potential regulation and guidance [29].The first step in this process is to determine that harm the mHealth app can cause and allow for its easy reporting.

Incident Reporting
One key area of the current medical diabetes apps is insulin calculation [68].The insulin calculator helps calculate the right amount of insulin or carbs for correction or meals.Patients may find it difficult to spot errors when using a calculator.Patients with low numeracy may be unable to "sense check" odd outcomes due to a lack of intuitive basis [29].Users may also pay less attention to calculating and evaluating the app's outcome during social events where a calculator should be used, such as mealtimes.App disclaimers frequently invited patients to examine the calculated dose in-app disclaimers.However, more than two-thirds of them failed to disclose details about the underlying formula that would allow this, and only a small number of apps flagged odd input or output [13].
Our literature review shows that app users are faced with many critical issues, such as poor information quality, gaps in features, and improper response to their needs [28,29,54].mHealth apps with therapeutic and diagnostic attributes, such as calculators that recom-mend a dose of medication, can easily affect health outcomes [75].Hence, structured incident reporting is crucial as it allows the identification of deficiencies that make calculators inaccurate and unsafe [75].This suggests that users' involvement in incident reporting will facilitate problems identification and resolution.Reporting issues with the app will also allow users to provide significant insights about app functionality and reliability, support determining if the app is appropriate for users to perform required tasks, and might lower the costs of fixing problems that may be identified later.Users can also give their feedback to app developers and regulatory authorities such as the FDA [29].
Figure 4 illustrates the risk management of an app that recommends an insulin dosage.As can be seen, in the event of a failure (e.g., calculator gives an erroneous dose recommendation that may result harm the users), the users can report the incident to providers and log the incident to the network.The regulatory body then reviews the incident and the developer's certification and takes suitable action accordingly.

Discussion
The application of mobile technologies in healthcare is promising as it enables convenient and quick data access.It offers various benefits, including tailored recommendations and the ability for individuals to receive health services at any time and from any location.For instance, blockchain technology can easily enable the building of an mHealth infrastructure that allows remote patient monitoring (RPM) [76].This technology can also enable tailored health management and monitoring and contributes to a health system that is more decentralized [25].However, the widespread use of medical data has long been a complex and sensitive topic, with privacy and security being significant concerns.This section overviews the main challenges in leveraging blockchain for mHealth.Moreover, it presents the existing methods to address them.

Discussion
The application of mobile technologies in healthcare is promising as it enables convenient and quick data access.It offers various benefits, including tailored recommendations and the ability for individuals to receive health services at any time and from any location.For instance, blockchain technology can easily enable the building of an mHealth infrastructure that allows remote patient monitoring (RPM) [76].This technology can also enable tailored health management and monitoring and contributes to a health system that is more decentralized [25].However, the widespread use of medical data has long been a complex and sensitive topic, with privacy and security being significant concerns.This section overviews the main challenges in leveraging blockchain for mHealth.Moreover, it presents the existing methods to address them.

Compliance and Governance Assessment
Due to the blockchain's decentralized nature, regulatory agencies in certain parts of the world have imposed data protection regulations to secure medical records from various threats and attacks.The most prevalent data protection regulations are the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA) [77].Blockchain implementations must, therefore, comply with the existing regulatory standards to ensure their usability and practicality within the healthcare industry.In blockchain-enabled solutions, the role of HIPAA and GDPR becomes more relevant and complex as it becomes hard to define the legal boundaries and ecosystem for blockchain technology [78].
Although blockchain offers several opportunities in achieving better interoperability and health data sharing, this technology can break some regulatory frameworks (i.e., GDPR and HIPAA).The HIPAA and GDPR are responsible for regulating the collection, processing, and securing of personal data, including protected health information (PHI).Therefore, streamlining blockchain's applicable agreements and interoperability is essential to preserve its legal framework.For instance, blockchain can break jurisdictional boundaries, since nodes can be found anywhere in the world on a ledger [79].In addition, because of the immutable nature of blockchain, data stored on-chain cannot be deleted, violating patients' privacy.Blockchain can also oppose the data minimization principle of GDPR, which states collecting only the essential data to achieve a specific purpose [80].Our proposed solution in this study partially mitigates these limitations by storing the medical records on a decentralized storage system, and hence the records can be deleted.
Furthermore, it is essential to identify the different blockchain actors' roles with respect to the processing.Defining who can act as the controller is crucial since people whose personal data are stored on the ledger must be informed about which party they can contact to exercise their rights effectively.In our proposed solution, the data controller is the health regulatory authority (e.g., FDA).The controller is also responsible for adding new actors, removing others, and assigning reputation scores to the mHealth app developers based on their performance.In addition, controllers/processors should consider their responsibilities to assign a data protection officer, implement data protection, and oversee data protection impact assessments [80].

Open Challenges
Scalability.Currently, blockchain technology faces a limitation that, sometimes, hinders its adoption.This limitation is the inability to process several transactions at a reasonable rate.While this technology lowers the risk of fraudulent and malicious conduct, it also lengthens the time it takes for transactions to settle.For instance, the bitcoin blockchain can only handle seven transactions per second (tps), compared to other transaction processing systems that can handle tens of thousands [81].Visa Inc., for example, can process 4000 tps, while the Universal Trade Capture (UTC) can process 47,000 tps [82].Sharding techniques, lightning the network, and proof-of-stake (POS) are some of the several solutions that can be implemented to solve this issue [83].
Storage.The regulation processes such as developer pre-certification, app appraisal, post-market surveillance, and incident reporting produce a large amount of data [13,53].These generated data can be in several shapes, including files or images, that assure that the designed apps are compliant with safety principles.In the case of our proposed solution, each node would be storing a copy of data which might result in a shortage of the blockchain's storage capacity [84].The decentralized storage solutions such as IPFS and Filecoin can be a great way to overcome storage limitations in blockchain [85].For instance, a decentralized storage system such as the IPFS can generate permanent hashes of the stored data.These hashes are immutably stored on the blockchain network to ensure that stored data are not altered [81].
Privacy and Identity.Ensuring requirements such as the privacy of users and data and anonymity by the underlying blockchain-based solution is crucial to the participants regulating medical apps.All participating parties may see transactions on a public blockchain.However, the public address of each participating party can be used to identify it.Although the public address is pseudonymous, suspicious actors with some prior information can manipulate the links between the transaction user's real-world identity and public addresses [81].In particular, the public blockchain platforms are more susceptible to enduring several attacks since the pseudonymous addresses, transactions, and other user data are publicly available.On the other hand, private blockchains such as Hyperledger Fabric and Besu run in a more controlled environment, making them more secure than public blockchain platforms [86].
Expenditures on Infrastructure.The adoption of emerging technologies, such as IoT and blockchain, may help lower operational costs, improve productivity, and achieve advanced operational efficiency.However, because of the level of innovation required by these solutions, health organizations need to devote a substantial amount of capital to implementing, managing, and maintaining these technologies.As a result, these practices and availability of various platforms [87][88][89] would necessitate balancing the cost-benefit analysis.Furthermore, the blockchain's perceived risks associated with being immature, its high fees of initial employment, and the likelihood of disrupting existing practices may pose other substantial issues to the day-to-day processes and businesses [90].

Conclusions
In this study, we have reviewed the state of the art on mHealth apps and blockchain technology.We presented the potential benefits of integrating blockchain technology with mHealth monitoring and governance.Further, we discussed the regulatory oversight framework for apps' governance and an incident reporting system to manage risks through a use case.
The number of mHealth apps is constantly increasing, as they prove to be beneficial, quick, and easy access to information.They aid in monitoring chronic patients, improving medication administration, and networking people in similar conditions.The recent evolution of mHealth services and applications has resulted in significant advances and innovative mobile technologies into conventional health systems, shifting the focus from healthcare providers to patients.To achieve further advances in mHealth, regulating the current system and enforcing strict oversight on apps developers is paramount, due to concerns about patient safety and well-being.
The mHealth apps market is challenging to regulate since it is a fast-paced market with several new market entrants every year.However, blockchain technology can be a great solution to address this challenge.A blockchain-based regulatory framework may result in transparent and effective processes addressing potential safety, quality, and privacy concerns.Further, such regulations would recognize and leverage the exclusive aspects of mHealth application use in the future.As mHealth apps become ubiquitous, regulatory monitoring also becomes more imperative.As an emerging technology, blockchain technology can also help protect public health and maintain user confidence in mHealth apps and services.However, more research is needed to conduct a feasibility analysis considering tradeoffs between cost and security.
Our study has limitations that can be addressed in future studies.First, it should be noted that this paper provides a conceptual framework for blockchain-based mHealth regulation with no empirical evidence.Although we conceptually introduced smart contract and additional technologies (e.g., IPFS for mHealth data storage) in the framework, we did not evaluate their implementation with relevant security and cost analysis.Therefore, future studies can benefit from exploring the feasibility of smart contracts, as they play a pivotal role in blockchain technology [40,41].Such studies may provide substantial and

Figure 3 .
Figure 3. Overview of the blockchain-based regulatory framework.

Figure 3 .
Figure 3. Overview of the blockchain-based regulatory framework.
[33,51] transparency[50]Most apps do not contain information about content/app creator or their background.It is vital to prove that the developer has the medical expertise and knowledge to provide high-level information quality[33,51].

Table 2 .
Roles and responsibilities of stakeholders in mHealth.

Table 2 .
Roles and responsibilities of stakeholders in mHealth.

Table 4 .
Risk Assessment of mHealth apps.