How HIPAA and Data Security Applies to Medical App Design

Gretchen Kalthoff

Gretchen Kalthoff

Posted on February 10, 2016

HIPAA securityIf you are considering a medical app for your organization, understanding data security and how HIPAA applies to healthcare web development is critical. In most cases, a medical app will exchange data with a central server or other third party. If your application is going to share protected health information with a doctor, hospital, or other entity, it must be HIPAA compliant.
Any information that directly identifies an individual and can be transmitted needs to be compliant. That includes things such as scheduled appointments, medical records, test results, and images.
When transmitting data, first and foremost, it must be properly secured. In order to secure data, emails must be encrypted. If sending information via the Internet (i.e. to a cloud service), it must be done through HTPPS, the protocol over which data is transmitted between your browser and a website. HTTPS pages typically use SSL (Secure Sockets Layer) to encrypt communications, thus, if someone managed to break into the connection between your browser and the website, they wouldn’t be able to decrypt any of the data.
Security experts also recommend staying away from accessing any sort of private health information using a public WIFI connection. It’s the most dangerous location due to the relative ease in which the connection can be intercepted. It’s harder to control your user base using public WIFI, so it is worthwhile to try and educate them on the risks of sending and accessing protected health information (PHI) here.
[related_content]
A VPN (Virtual Private Network) is another way to add a further layer of security. A VPN basically encrypts all your interactions through another server, which means you can work remotely while still securely connected to your workplace’s network.
Something else that you must consider is the way in which you request data. While the mobile app screen may be secure for users, the app’s request to the database server may not be. That means that PHI can potentially be visible while it is transmitted to a server. The safest way to protect information is by using what is known as a POST request, which basically hides the information from the transmitting servers. This is much safer than another type of request, GET requests, which can easily breach HIPAA rules.
A stolen mobile device reinforces how essential it is to protect patient’s health information. Implementing safeguards when accessing, receiving, transmitting and storing data are important considerations in order to safely comply with HIPAA guidelines.  Thus, if you’re thinking of custom medical app development for doctors, be sure to acknowledge the relevant HIPAA security rules.
Are you considering a new medical app for your healthcare organization? We develop custom medical applications, and have HIPAA Certified Professionals on staff to ensure that it stays compliant. Contact us here to learn more.


Gretchen Kalthoff

Gretchen Kalthoff

Gretchen Kalthoff is a writer and marketing specialist for MWE. She is an expert in healthcare marketing and health IT with a special interest in increasing patient engagement through social media and healthcare technologies.

Related Posts

Graphic of a large laptop with a shield and padlock in front of it. Smaller images of people on the left and right side of the labtop interact with various mobile devices.

Posted on February 16, 2022 by Pablo Bullian

Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure. Mitigating…Read more


Illustration of a boy sittin on top of a computer with security shields floating.

Posted on January 07, 2022 by Pablo Bullian

A Look at 2021’s Most Dangerous Vulnerabilities Found in Windows Patching is a complex task that most companies struggle with or overlook, but keeping systems, and therefore patches, updated is…Read more