Meeting the Regulatory Challenges of Mobile Health App Development, According to Samsung

Marina Komarovsky, MS, MPH

Marina Komarovsky, MS, MPH

Posted on January 24, 2017

Mobile Health App DevelopmentAmong all the mobile apps out there, mHealth stands out. We often talk about patient-friendly UI/UX, on-the-go features that integrate with patient portals and EMRs, and capabilities for sending messages to medical staff and refilling prescriptions. But another aspect that makes mHealth app development such an interesting challenge is the level of regulation in the healthcare sector.
When you’re working with HIPAA regulations around electronic protected health information (ePHI), developing an app that collects and transmits this data is delicate. In a recent article, Samsung provided an excellent summary of the eight best practices for mHealth application that have been set forth by the Federal Trade Commission. These cover a few key areas:

Data Collection & Handling

While it’s become commonplace for an app to request permission to access other phone features and applications like your contacts, photos, and calendar and applications. In mHealth, however, the best practice is to scrutinize what is really essential. For example, an appointment booking app may need to access your calendar and a telemedicine app where you need to send images to a doctor may need to access your camera — but not the other way around. To comply with the HIPAA Security Rule, the app should ensure secure storage, transmission, and deletion of the data it collects

Authentication & Privacy

Because an mHealth app usually stores ePHI, it’s very important to ensure that only authorized users gain access and be provided with a clear explanation of the app’s privacy policy. Mobile health applications should always have a login, and a multi-step process for initial authentication to ensure that the correct user is accessing the app. Because mobile phones are often used in crowded places and can change hands easily, a short automatic timeout period is advisable. While it may be less convenient for a patient to enter a password every time he or she wants to view test results in a patient portal app, it’s important that someone else who picks up the patient’s phone for any reason doesn’t also have access to that data.

Compliant Development

Mobile health application development needs to be a compliant process from the start, with consideration for information privacy and security built in to every functionality — from the login and automatic logoff elements, to how medical history and real-time biometric data are collected and stored, to how data and messages are transmitted to healthcare providers. Healthcare organizations should work with development teams specialized in HIPAA compliant IT to ensure legal adherence throughout the process.

Marina Komarovsky, MS, MPH

Marina Komarovsky, MS, MPH

Marina is a writer who specializes in healthcare policy, patient engagement, and telemedicine. She has a special interest in creative tech approaches that help provider teams collaborate better, improve patient experience, and reduce health disparities.

Related Posts

Illustration of four people in a healthcare organization discuss ideas and the roadmap for their softare development project.

Posted on December 03, 2021 by Paul Galbraith

When embarking on a software development project, there are often many unknowns: How should legacy software integrate with new solutions? What compliance issues need to be solved? How can technologies…Read more

Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Posted on November 09, 2021 by Pablo Bullian

PHI Leaked Due to Fresno’s Health Network Hack A group of health clinics in the Fresno area that belongs to United Health Centers were hit by a ransomware attack. Not…Read more

Subscribe to Our Newsletter

Get promotions and current business tips. Sign up for our newsletter today.