5 Pitfalls Mobile App Developers Face with HIPAA Compliance

The Health Insurance Portability and Accountability Act was signed into law by Bill Clinton on August 21st, 1996. To put this in its technological context, HIPAA predates the first iPhone by 10 years, the first iPad by nearly 14 years, and came into effect just 1 year after commercial ISPs started providing broader access to the consumer Internet.

At this point in time, anything close to mobile apps was still beyond the imaginations of even the most outlandish sci fi writers. It’s safe to assume that there will be myriad challenges trying to apply a nearly 20-year old law to new and rapidly changing technology.

Consumers use of Internet are in constant flux. Some commentators believe that mobile apps (not just phones, but the apps themselves) will eventually eclipse the internet as we know it. A 2012 comScore study corroborates this view, reporting that more mobile subscribers used apps than browsed the web on their devices: 51.1% vs. 49.8% respectively.

In theory the healthcare industry and mobile apps are a perfect match. Mobile apps can help doctors work more efficiently and bring down the cost of health care. Moreover, mobile apps can help improve patient satisfaction and enable them to better understand their care.

Hopefully, this will encourage patients to assert control and take greater daily responsibility for their health. It’s no wonder then that there already more than 40,000 mobile health (or mHealth) apps currently available in various mobile AppStores, with new ones being launched every day.

mobile apps

However, there are some obvious dangers surrounding the protection of personal information in this brave new world of mobile applications that need to be considered: the smartphones that run them can be (and frequently are) lost and are popular targets for theft. Also, due to the very nature of mobile phones and apps, it very easy to improperly publicize private information.

In that context, it’s important that mobile app developers understand some of the critical pitfalls that they need to avoid, particularly as they apply to whether an application needs to be HIPAA compliant or not:

1. Not Considering How the App Will Be Used

It’s important to consider whether or not your app will be used to store or transmit protected health information, regardless of how you’ve designed it or anticipate it being used. Even if you’ve designed your app to collect or use anonymous data that doesn’t fall under HIPAA by itself, if a user chooses to use your app to store or transmit PHI then you are subject to HIPAA compliance requirements. Edge case or not, as soon as PHI is on the device your app falls under HIPAA.

READ

How Patient Portals Are Changing The Digital Healthcare Landscape

If your application has the chance to be used to store and transmit PHI it’s a safer bet to be HIPAA compliant to protect yourself from inadvertently violating HIPAA guidelines.

2. Allowing Protected Health Information in the App

Protected health information, or PHI, is information that could be used to identify an individual and that relates to their physical or mental health, any healthcare services they have received and any information regarding the payment for such services.

The fact that an individual has received services from a covered entity is itself PHI. Likewise, the name or address of an individual, although publicly available, is also PHI when it’s on a covered entity’s computer simply because its presence suggests that the individual is or was a patient.

PHI can also include what would otherwise be anonymous information. This includes a date of service i.e. anything more specific than a year.

If you store, collect, manage, or transmit any protected health information then your app needs to be HIPAA compliant.

3. Not Protecting Data at All Times

The very premise of the HIPAA is to protect sensitive information, so it is paramount that you consider how you will communicate with subscribers once they are using your app.

Consider email. Emails are usually not compliant with HIPAA as they often lack the ability to encrypt their contents. Therefore sending information that may contain PHI via email is a HIPAA violation. Because many applications use email as a communication source with users, it’s important to understand what can and can’t be included in those communications.

If you are sending email communications that include or might include protected health information from your mobile app you should send those emails via a HIPAA compliant email service provider.

In order to secure data on an iPhone, users must use a passcode to lock the handset when not in use. As a mobile app developer you can’t control whether a user enables this functionality; but you can recommend that users who install your app enable the feature. An easy way to do this is suggest that the user turns on the passcode lock setting in your welcome email to new account holders.

In order to be compliant with HIPAA, apps have to encrypt their database, which means if your app is not compliant you will not be able to search and interact with their database. This greatly limits the functionality of your application.

You can use a service like TrueVault to provide the HIPAA compliant and secure “digital handshake” between data stored in a covered entity’s database and your app’s database. If the covered entity doesn’t provide access to their data, you can ask them to consider implementing TrueVault to make that a possibility.

READ

Should Universal Healthcare Systems Cover Cosmetic Dentistry?

4. Misusing Mobile Push Notifications

As we have said before, mobile phones are particularly insecure devices and the native push notifications that are used by many applications to notify users of updates and changes run the risk of violating the privacy regulations outlined in HIPAA.

If you’re using notifications in your mobile app, it’s critical that you do not include any PHI in any push notifications from your app as they can appear and be publicly visible even when a phone is locked.

This goes beyond just mobile push notifications. Any time you’re making an automated, outbound push message (whether it be mobile, email, or automated calling) the same rules apply. Make sure you evaluate all communication touch points for potential PHI/HIPAA issues.

5. Not Checking if the App is Actually Classified as a Medical Device

It is possible, based on the features and functionality that you include in your application that it may actually be classified as a medical device. It’s important to look up FDA regulations and check whether your app will be considered to be a medical device. If it does fall under those definitions it may require FDA approval which brings with it a whole host of further regulations.

Don’t launch your app until you’ve determined whether or not you are safely outside the FDA’s medical device classification.

Depending on how they are used and advertised, mobile apps that handle PHI are liable to fall under the jurisdiction of several federal regulations, not just HIPAA. While we’ve outlined some of the biggest pitfalls, mobile app developers should be aware that that these are only a small portion of the issues that should be taken into consideration when developing a mobile app for the healthcare industry.

In many instances application developers can avoid some of the biggest pitfalls by working with companies that provide HIPAA compliant services that power the application. For instance, HIPAA compliant hosting providers like Amazon AWS can handle the physical safeguard requirements of HIPAA. TrueVault manages the technical and physical safeguards associated with the transmission and storage of protected health information. By using services such as these mobile application developers can avoid the red tape and headaches associated with building compliant apps from scratch.

Developers should take time to examine the potential compliance issues from sites like Health and Human Services and the FDA to understand the laws and regulations that apply to apps. In addition to this, it’s probably a good idea to consult an attorney before launching a new venture or app, due to the above regulatory complexity which can be exacerbated by the unique nature of the functionality of your application.

HIPAA-compliant mobile apps / shutterstock

3 Quick Ways To Market Your Medical Practice

Top Tips For A More Eco-Friendly Healthcare Facility

Financial Benefits For People Suffering From Dementia

The Right Questions To Ask On Your Patient Satisfaction Survey

Financial Benefits For People Suffering From Dementia

Cautious Health Care Lending Can Prove Lucrative For The Lenders

What Would Medicare For All Mean For Healthcare Entrepreneurs?

Entrepreneurs Must Integrate Mission-Driven Strategic Investors

Top Tips For A More Eco-Friendly Healthcare Facility

Why Mobile Apps Are Indispensable For Telemedicine

Why It’s Key To Take Care Of Medical Debt To Avoid Health Issues Later

Tips To Follow To Help Avoid Surprise Medical Bills

The Future Of Real Time Location Systems In Healthcare

Here’s How To Use Your Mobile Apps In A Healthy Way

How Much Does It Cost To Be Gluten Free? Here’s What To Know

Big Things Are On The Horizon For Blockchain In Healthcare

7 Reasons You Need Digital Marketing For Your Medical Practice

Why It’s Key To Take Care Of Medical Debt To Avoid Health Issues Later

Tips To Follow To Help Avoid Surprise Medical Bills

The Global Eye Tracking System Market Is Expected To Skyrocket In The US

The Future Of Real Time Location Systems In Healthcare

The Global Eye Tracking System Market Is Expected To Skyrocket In The US

Why HIPAA Matters To mHealth Apps More Than Ever

Critical Features To Include In Your Health And Nutrition App

Why You Need To Know The Risks Of Self-Diagnosis

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

EHR For Rural Hospitals: Criteria And Access

7 Tips To Make Sure Your Medical Practice Is Found Online

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

3 Quick Ways To Market Your Medical Practice

The Future Of Real Time Location Systems In Healthcare

Top Tips For A More Eco-Friendly Healthcare Facility

Here’s How To Use Your Mobile Apps In A Healthy Way

Here’s Why Plastic Surgery Shouldn’t Be Taboo Anymore

How Tech And Medical Equipment Is Changing The Patient Approach

The Value And Criticism Of Robot-Assisted Heart Surgery

Critical Features To Include In Your Health And Nutrition App

Here’s Why Plastic Surgery Shouldn’t Be Taboo Anymore

5 Technologies That Are Revolutionizing Healthcare

The Value And Criticism Of Robot-Assisted Heart Surgery

Spinal Operation Preparation And Recovery Tips To Know

The Status Of Child Health And Wellness In America Today

What Are Home DNA Tests And How Do They Change Our Life?

Why The Psoriatic Arthritis Treatment Market Is Set To Grow

What To Expect At A Cannabis Vape Lounge

How Self-Determination Theory Can Improve Medical Students’ Motivation

6 Simple Steps To Detoxify The Liver Naturally

Can Teeth Whitening Kits Really Improve Your Smile?

Fueling Your Exercise Goals

Should I Get Dental Implants? Here’s How To Decide

The Value And Criticism Of Robot-Assisted Heart Surgery

Here’s What To Know About Sleep And Heart Health

Is It Time to See a Cardiologist?

Can Artificial Intelligence Diagnose Illnesses Better Than Other Methods?

Can Teeth Whitening Kits Really Improve Your Smile?

Should I Get Dental Implants? Here’s How To Decide

Why Cosmetic Dentistry Is Important – And Isn’t Just About Appearances

Dental Care During Pregnancy: What Are The Facts?

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

Fueling Your Exercise Goals

How To Boost Your Metabolism For Effective Weight Loss

Diet And Fitness Advice: What Should You Eat To Be Healthy?

What Happens When You Exercise For The First Time

Your Guide to Foot Gains: The 7 Best Foot Exercises for Stronger and More Flexible Feet

Causes Of Lower Leg Pain And Sore Calves To Know About

How To Take Care Of Your Bone Health In Your Forties

Body Pain: Causes, Prevention, And Treatment Tips To Know

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice

6 Simple Steps To Detoxify The Liver Naturally

Fueling Your Exercise Goals

Here Is What You Must Know About Opioid Treatment