5 Pitfalls Mobile App Developers Face with HIPAA Compliance

The Health Insurance Portability and Accountability Act was signed into law by Bill Clinton on August 21st, 1996. To put this in its technological context, HIPAA predates the first iPhone by 10 years, the first iPad by nearly 14 years, and came into effect just 1 year after commercial ISPs started providing broader access to the consumer Internet.

At this point in time, anything close to mobile apps was still beyond the imaginations of even the most outlandish sci fi writers. It’s safe to assume that there will be myriad challenges trying to apply a nearly 20-year old law to new and rapidly changing technology.

Consumers use of Internet are in constant flux. Some commentators believe that mobile apps (not just phones, but the apps themselves) will eventually eclipse the internet as we know it. A 2012 comScore study corroborates this view, reporting that more mobile subscribers used apps than browsed the web on their devices: 51.1% vs. 49.8% respectively.

In theory the healthcare industry and mobile apps are a perfect match. Mobile apps can help doctors work more efficiently and bring down the cost of health care. Moreover, mobile apps can help improve patient satisfaction and enable them to better understand their care.

Hopefully, this will encourage patients to assert control and take greater daily responsibility for their health. It’s no wonder then that there already more than 40,000 mobile health (or mHealth) apps currently available in various mobile AppStores, with new ones being launched every day.

mobile apps

However, there are some obvious dangers surrounding the protection of personal information in this brave new world of mobile applications that need to be considered: the smartphones that run them can be (and frequently are) lost and are popular targets for theft. Also, due to the very nature of mobile phones and apps, it very easy to improperly publicize private information.

In that context, it’s important that mobile app developers understand some of the critical pitfalls that they need to avoid, particularly as they apply to whether an application needs to be HIPAA compliant or not:

1. Not Considering How the App Will Be Used

It’s important to consider whether or not your app will be used to store or transmit protected health information, regardless of how you’ve designed it or anticipate it being used. Even if you’ve designed your app to collect or use anonymous data that doesn’t fall under HIPAA by itself, if a user chooses to use your app to store or transmit PHI then you are subject to HIPAA compliance requirements. Edge case or not, as soon as PHI is on the device your app falls under HIPAA.

READ

What To Expect At A Cannabis Vape Lounge

If your application has the chance to be used to store and transmit PHI it’s a safer bet to be HIPAA compliant to protect yourself from inadvertently violating HIPAA guidelines.

2. Allowing Protected Health Information in the App

Protected health information, or PHI, is information that could be used to identify an individual and that relates to their physical or mental health, any healthcare services they have received and any information regarding the payment for such services.

The fact that an individual has received services from a covered entity is itself PHI. Likewise, the name or address of an individual, although publicly available, is also PHI when it’s on a covered entity’s computer simply because its presence suggests that the individual is or was a patient.

PHI can also include what would otherwise be anonymous information. This includes a date of service i.e. anything more specific than a year.

If you store, collect, manage, or transmit any protected health information then your app needs to be HIPAA compliant.

3. Not Protecting Data at All Times

The very premise of the HIPAA is to protect sensitive information, so it is paramount that you consider how you will communicate with subscribers once they are using your app.

Consider email. Emails are usually not compliant with HIPAA as they often lack the ability to encrypt their contents. Therefore sending information that may contain PHI via email is a HIPAA violation. Because many applications use email as a communication source with users, it’s important to understand what can and can’t be included in those communications.

If you are sending email communications that include or might include protected health information from your mobile app you should send those emails via a HIPAA compliant email service provider.

In order to secure data on an iPhone, users must use a passcode to lock the handset when not in use. As a mobile app developer you can’t control whether a user enables this functionality; but you can recommend that users who install your app enable the feature. An easy way to do this is suggest that the user turns on the passcode lock setting in your welcome email to new account holders.

In order to be compliant with HIPAA, apps have to encrypt their database, which means if your app is not compliant you will not be able to search and interact with their database. This greatly limits the functionality of your application.

You can use a service like TrueVault to provide the HIPAA compliant and secure “digital handshake” between data stored in a covered entity’s database and your app’s database. If the covered entity doesn’t provide access to their data, you can ask them to consider implementing TrueVault to make that a possibility.

READ

What to Expect from a hair transplant procedure – steps, recovery and more

4. Misusing Mobile Push Notifications

As we have said before, mobile phones are particularly insecure devices and the native push notifications that are used by many applications to notify users of updates and changes run the risk of violating the privacy regulations outlined in HIPAA.

If you’re using notifications in your mobile app, it’s critical that you do not include any PHI in any push notifications from your app as they can appear and be publicly visible even when a phone is locked.

This goes beyond just mobile push notifications. Any time you’re making an automated, outbound push message (whether it be mobile, email, or automated calling) the same rules apply. Make sure you evaluate all communication touch points for potential PHI/HIPAA issues.

5. Not Checking if the App is Actually Classified as a Medical Device

It is possible, based on the features and functionality that you include in your application that it may actually be classified as a medical device. It’s important to look up FDA regulations and check whether your app will be considered to be a medical device. If it does fall under those definitions it may require FDA approval which brings with it a whole host of further regulations.

Don’t launch your app until you’ve determined whether or not you are safely outside the FDA’s medical device classification.

Depending on how they are used and advertised, mobile apps that handle PHI are liable to fall under the jurisdiction of several federal regulations, not just HIPAA. While we’ve outlined some of the biggest pitfalls, mobile app developers should be aware that that these are only a small portion of the issues that should be taken into consideration when developing a mobile app for the healthcare industry.

In many instances application developers can avoid some of the biggest pitfalls by working with companies that provide HIPAA compliant services that power the application. For instance, HIPAA compliant hosting providers like Amazon AWS can handle the physical safeguard requirements of HIPAA. TrueVault manages the technical and physical safeguards associated with the transmission and storage of protected health information. By using services such as these mobile application developers can avoid the red tape and headaches associated with building compliant apps from scratch.

Developers should take time to examine the potential compliance issues from sites like Health and Human Services and the FDA to understand the laws and regulations that apply to apps. In addition to this, it’s probably a good idea to consult an attorney before launching a new venture or app, due to the above regulatory complexity which can be exacerbated by the unique nature of the functionality of your application.

HIPAA-compliant mobile apps / shutterstock

What Would Medicare For All Mean For Healthcare Entrepreneurs?

Here Are the Best Ways to Promote Your Business at the Next Health and Wellness Expo

How to Find the Best Hosting Provider for Your Medical Website

Will The Surge In Celebrity Surrogacy Change The Business Of Fertility?

What Would Medicare For All Mean For Healthcare Entrepreneurs?

Entrepreneurs Must Integrate Mission-Driven Strategic Investors

6 Healthcare Financial KPIs You Need for 2017

Determining the ROI on Aquatic Therapy in Your PT Practice

What Would Medicare For All Mean For Healthcare Entrepreneurs?

4 Strategic Approaches To Reducing Hospital Errors

Think Patients Are Bad At Communicating? Rethink Your Systems

8 Of The Most Bizarre Medical Malpractice Cases Out There

Healthcare Blockchain Technology: The Good, Bad, And Terrible

How Doctors Can Use Mobile eHealth Apps To Monitor Their Patients

Here’s The Real Truth About Online Medical Services

Infographic: How To Use Blockchain To Benefit Healthcare

How Cryptocurrency Benefits Medical Billing Services

Why Blockchain In Healthcare Could Be A Game Changer For EHRs

Here’s Why The Lab Automation Market Is Growing

8 Of The Most Bizarre Medical Malpractice Cases Out There

How Doctors Can Use Mobile eHealth Apps To Monitor Their Patients

6 Ways Mobile Applications Bring Value to Patients and Doctors

The Role Of The Internet Of Medical Things In Healthcare

All The Ingredients You Need For A Successful Health Insurance App

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

EHR For Rural Hospitals: Criteria And Access

How Big Data Can Be Used To Prevent Fatal Heart Attack

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

How to Handle Negative Physician Reviews and Feedback

Healthcare Blockchain Technology: The Good, Bad, And Terrible

5 Trends That Are Impacting The Healthcare Industry

How Doctors Can Use Mobile eHealth Apps To Monitor Their Patients

Here’s The Real Truth About Online Medical Services

5 Reasons Why Medical Device Machining Should Be Done By Professionals

Big Data: How Smart Medical Devices Can Change the Future of Healthcare

People Suffering From Hearing Loss Can Be Helped By Technology

Revolutionary Therapeutics For Neuroendocrine Carcinoma Are Underway

9 Medical Technologies Revolutionizing Healthcare

The Rise Of eHealth: Staying Relevant In The Digital Healthcare Paradigm

Here’s How Millennials Impact Clinical Research And The Health Sector

The Revolutionary Advent Of Precision Medicine In Cancer Treatment

Why The Psoriatic Arthritis Treatment Market Is Set To Grow

What To Expect At A Cannabis Vape Lounge

How Self-Determination Theory Can Improve Medical Students’ Motivation

How Medical Advancements Could Change Hepatitis B Diagnoses In 2019

Here’s Why The Lab Automation Market Is Growing

Take These Important Steps To Fight Periodontal Disease

Health Risks Associated With Substance Abuse To Know About

What Are the Health Risks of Low-Quality Memory Foam Mattresses?

Try These 6 Great Marketing Tips For Your Dental Practice

Is It Time to See a Cardiologist?

Can Artificial Intelligence Diagnose Illnesses Better Than Other Methods?

The Complicated Rise of Interventional Cardiologists

How Big Data Can Be Used To Prevent Fatal Heart Attack

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

How a Meal Delivery Subscription Service Can Help You Reach Your Weight Loss Goals

7 Important Health-Related Reasons To Burn Excess Fat

The Weight Conscious Doctor: Why Sensitivity Matters

Top 5 Reasons Why you’re Not Losing Weight on Your Diet

4 Terrible Injuries That Can Happen Because of a Motorcycle Accident

Baby Boomer’s Guide to Dealing with Knee Problems

The Woes Of Modern Posture Struggles And Poor Furniture Support

What Is Scoliosis? 4 Ways To Treat It

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice

Take These Important Steps To Fight Periodontal Disease

Health Risks Associated With Substance Abuse To Know About

What Are the Health Risks of Low-Quality Memory Foam Mattresses?

Important Key Benefits Of Turmeric To Know About

Important Key Benefits Of Turmeric To Know About

Here’s How To Trick Yourself Into Exercising More And Staying Motivated

Therapy Saves Lives: Why Mental Health Treatment Is Important