Meeting the Regulatory Challenges of Mobile Health App Development, According to Samsung

Mobile Health App DevelopmentAmong all the mobile apps out there, mHealth stands out. We often talk about patient-friendly UI/UX, on-the-go features that integrate with patient portals and EMRs, and capabilities for sending messages to medical staff and refilling prescriptions. But another aspect that makes mHealth app development such an interesting challenge is the level of regulation in the healthcare sector.

When you’re working with HIPAA regulations around electronic protected health information (ePHI), developing an app that collects and transmits this data is delicate. In a recent article, Samsung provided an excellent summary of the eight best practices for mHealth application that have been set forth by the Federal Trade Commission. These cover a few key areas:

Data Collection & Handling

While it’s become commonplace for an app to request permission to access other phone features and applications like your contacts, photos, and calendar and applications. In mHealth, however, the best practice is to scrutinize what is really essential. For example, an appointment booking app may need to access your calendar and a telemedicine app where you need to send images to a doctor may need to access your camera — but not the other way around. To comply with the HIPAA Security Rule, the app should ensure secure storage, transmission, and deletion of the data it collects

Authentication & Privacy

Because an mHealth app usually stores ePHI, it’s very important to ensure that only authorized users gain access and be provided with a clear explanation of the app’s privacy policy. Mobile health applications should always have a login, and a multi-step process for initial authentication to ensure that the correct user is accessing the app. Because mobile phones are often used in crowded places and can change hands easily, a short automatic timeout period is advisable. While it may be less convenient for a patient to enter a password every time he or she wants to view test results in a patient portal app, it’s important that someone else who picks up the patient’s phone for any reason doesn’t also have access to that data.

Compliant Development

Mobile health application development needs to be a compliant process from the start, with consideration for information privacy and security built in to every functionality — from the login and automatic logoff elements, to how medical history and real-time biometric data are collected and stored, to how data and messages are transmitted to healthcare providers. Healthcare organizations should work with development teams specialized in HIPAA compliant IT to ensure legal adherence throughout the process.

Marina is a writer who specializes in healthcare policy, patient engagement, and telemedicine. She has a special interest in creative tech approaches that help provider teams collaborate better, improve patient experience, and reduce health disparities.

Questions? Let our experts help!

Complete the form below or Call 866-932-9944 Monday through Friday from 9am to 5pm EST.

  • Connect With Us

  • Contact Us


  • Newsletter

    Get promotions and current business tips. Sign up for our newsletter today.