With an growing variety of mHealth apps hitting the market, many tech corporations are being compelled to consider how they safe the information that’s transmitted by way of their software program.For those who’re within the technique of constructing a mHealth app, you might have heard the time period HIPAA compliance. What you could not know is whether or not it applies to your app. You see, not each well being app must be HIPAA compliant. There are particular components that decide in case your app shall be held to these requirements.In at present’s publish, we’re going to share all the pieces it’s essential to know to grasp, as soon as and for all, whether or not your app ought to be HIPAA compliant.Let’s get to it.
Table of Contents:
When Does HIPAA Come Into Play?
HIPAA, aka the Well being Insurance coverage Portability Accountability Act, regulates how healthcare professionals and different companies report, handle, retailer and share a US citizen’s protected well being data (PHI) electronically.
That is the important thing.
In case you are constructing a mHealth app, it’s essential to know what is taken into account protected well being data underneath HIPAA.
PHI is well being data—well being information, lab outcomes, medical payments—that’s linked to particular person identifiers. Identifiers embrace affected person names and prescription data in addition to identification numbers (e.g., account numbers) and demographic data (e.g., gender).
To be PHI, this data should even be used or transmitted by a “lined entity” or “enterprise affiliate.” A lined entity is both 1) a healthcare supplier, 2) a well being plan or 3) a healthcare clearinghouse that handles protected well being data. Enterprise associates can embrace attorneys, IT professionals, accountants, billing suppliers, e mail encryption providers, and so forth.—anybody who works on behalf of a CE and due to this fact additionally handles PHI.
Understanding hold non-public and private medical data safe generally is a massive job for cell builders unfamiliar with HIPAA, but it surely’s obligatory if it is a deliberate a part of your app’s actions, so that you need to ensure you’re thorough in your analysis and preparation.
Why Do Some Well being Apps Want To Be HIPAA Compliant And Others Not?
Merely put, in case your medical app information, shops, manages or shares private data (e.g., date of start), it have to be HIPAA compliant. In case your app solely collects data that’s not personally identifiable (e.g., resting heartbeat), it doesn’t should be compliant.
For instance, the app Figure1 has to adjust to HIPAA as a result of it permits healthcare suppliers to view and focus on medical instances with different healthcare professionals. However, Nike Fuelband, which collects data like physique stats and calorie depend however no private identifiers, doesn’t fall underneath HIPAA.
So Does My Cellular App Want To Be HIPAA Compliant?
In case your app shops or transmits PHI on behalf of a lined entity, then that makes you a enterprise affiliate, and your app has to adjust to HIPAA. For instance, insurance coverage supplier Medavie Blue Cross has an app for shoppers that features their protection data and the flexibility to submit claims. For the reason that app offers with PHI on behalf of a well being plan, the developer has to comply with HIPAA.
Apps that depend on customers to provide their very own well being data could not should be HIPAA compliant. Take a health monitoring app, corresponding to DailyYoga, that asks customers to enter weight or different well being data. If the app isn’t getting that data from or sending it to a lined entity, then the app developer doesn’t must adjust to HIPAA.
What If Our Firm Decides We Gained’t Accumulate PHI?
Some recommendation: Don’t keep away from PHI solely to bypass HIPAA compliance procedures. Altering your complete marketing strategy might price you extra than simply sucking it up and going by means of the method to turn out to be compliant.
It’s extra necessary to grasp the worth you’ll get from gathering PHI. Revisit your corporation objectives and gauge whether or not gathering PHI will provide help to accomplish what you’re getting down to obtain, and make your determination primarily based on that too.