“Gartner Listed - mobile application security guide”

January 16, 2017

mHealth app security in 2016

2016 focus new attention on data security in healthcare industry with mHealth apps, used for access to personal and confidential data coming under scrutiny.

Business associates and covered entities look for technologies that result in productive and manageable workflow while keeping Protected Health Information (PHI) secure. As mobile usage increases and mobile apps prove beneficial for healthcare, the security concerns for mHealth apps needs to be considered as hacking becomes more widespread.

2015 showed how overlooking the security of mHealth apps leads to financial penalties and OCR HIPAA settlements. 2016, however, witnessed many healthcare providers bring data security and compliance to their mHealth apps.

In 2016 stakeholders were advised on how to use mobile technology and ensure PHI security.

  • In early 2016, Congress called the Department of Health and Human Services (HHS) to make efforts to clarify HIPAA security regulations in regards to mHealth apps development and usage. According to their explanation, mHealth apps can bring a great deal of advancement in healthcare, but the ambiguous security laws attached to them make providers hesitant in incorporating them.
  • Office of the National Coordinator (ONC) laid stress that application developers need to be aware of and be able to incorporate mobile application security when developing mobile health apps. The ONC, in collaboration with Federal Trade Commission (FTC), HHS Office for Civil Rights (OCR) and the Food and Drug Administration (FDA) created an online informative tool for this purpose. ONC also stressed that mobile app developers need to be knowledgeable of HIPAA regulations.
  • The Joint Commission on Accreditation of Healthcare (JCAHO) had been in a debate on whether it to allow secure texting on the orders of physicians. In a newsletter published in May 2016, it declared that it had uplifted its ban on secure texting options in healthcare. However, in December 2016, it reversed this decision.

In 2017 challenges lies ahead for companies wanting to benefit from mHealth apps, keeping their mHealth apps secure and their tech stack compliant will make it easier to reap the rewards without feeling the pain.

Codified Security is here to help make your mHealth apps secure and keep you compliant with HIPAA. For mobile app security testing try out Codified Security.