92 Annals of Health Law Vol. 25
“organizations would likely need to include in their reviews a certification process to ensure that apps do not pose potential harm to their users or have significant security and privacy vulnerabilities.”219 In the mobile health space, one company, Happtique, did attempt a certification process for app privacy and security.220 However, it quickly suspended the program after a third party cast doubts on the security of two of the products it certified.221 Although courts have a relatively broad sense of who can be a defendant in a product liability action, they have not extended liability to healthcare providers.222 The general rule is that:
The hospital is not in the business of selling or even leasing, bailing or licensing equipment to the physician. It is in the business of providing medical services to its patients and of providing the environment in which physicians may provide their own medical treatment to the patients. Rather than being a supplier or an entity that places a product in “the stream of commerce,” the hospital, as well as the physician, is an ultimate consumer of hospital equipment which is used in the treatment of the patient.223
This rule should shield most physicians and hospitals from strict liability when they provide a third-party app to a patient.224 The answer might be different if the institution is the app developer or commissioner, an issue likely to be tested as major medical centers produce branded apps for their patients.225 In any case, and as discussed above, the provider may still face liability in negligence for recommending apps, but is unlikely to under strict products liability.226
(2014). On certification models in health care, see generally Frank A. Pasquale, Private Certifiers and Deputies in American Health Care, 92 N.C. L. REV. 1661 (2014). 219. Powell et al., supra note 218, at 1851. 220. Stephanie Baum, Happtique Suspends mHealth App Certification Program After Software Developer Exposes Security Shortcomings, MED. CITY NEWS, Dec. 12, 2013, 4: 10 PM, http://medcitynews.com/2013/12/happtique-suspends-mhealth-certification-program- software-developer-exposes-security-flaws/. 221. Id. 222. See RESTATEMENT (THIRD) OF TORTS, PRODUCTS LIABILITY § 20(a) (AM. LAW INST. 1998) (“One sells a product when, in a commercial context, one transfers ownership thereto either for use or consumption or for resale leading to ultimate use or consumption. Commercial product sellers include, but are not limited to, manufacturers, wholesalers, and retailers.”). 223. San Diego Hosp. Ass’n. v. Superior Court, 35 Cal. Rptr. 2d 489, 493 (Cal. Ct. App. 1994); see generally Laura Pleicones, Note, Passing The Essence Test: Health Care Providers Escape Strict Liability For Medical Devices, 50 S.C. L. REV. 463, 464 (1999). 224. See generally Pleicones, supra note 223. 225. See generally id. 226. See Patricia M. Danzon, Liability for Medical Malpractice, 5 J. ECON. PERSP. 51, 51 (1991).