mHealth apps revolutionised the healthcare industry with their benefits to patients and doctors, allowing access to healthcare facilities outside of hospitals. The development and use of mHealth apps has doubled in the past two years, and developers are striving to provide apps that follow best practices to completely cater to the industry needs. With increased competition in the app market, organisations now have to choose options that are best-suited to their needs. As outlined by the Federal Trade Commission, healthcare stakeholders should look for the following features when choosing mHealth apps:
- It should collect only required data. According to the recommendations of the FTC, mHealth apps should collect only that data that is vital for delivering a product or service. Also, any app that is well developed should be able to secure, store, send, receive and delete the data.
- It should only allow limited access. Rather than direct API access, a well-designed app will use a trusted interface to avoid unnecessary app permissions and to limit access. App permissions should only be used when required, to minimise the collection of unnecessary data.
- It should provide secure authentication. Healthcare records are not only important for patients and doctors, they are also significant to hackers for extracting useful information. Apps that provide secure authentication are trusted more by all stakeholders and secure authentication should be a primary concern of developers. App authentication should be designed, implemented and tested for security from the very beginning. In case of higher risks, two-factor or multi-factor authentication needs to be considered.
- It should be compatible for all platforms. Mobile platforms differ in app permissions, security features and API. A good app will work to ensure the protection of user data regardless of the platform.
- It should have room for security improvement. Software libraries, cross-platform toolkits, software development kits (SDKs), etc. are available for improving application-level security. These can be used to check password strength, improve encryption, test interfaces, direct pre and post launch testing and reverse engineer program code.
- It should clearly communicate with the users. Before any information is required from the patient, a well-designed app must clearly communicate all terms and acquire consent before and after installation. A much better approach would be to include a privacy policy that can be easily read and understood by the users.
- It must comply with the regulations. Though it will be a challenging task for the developers, yet an app should comply with all healthcare regulations such as HIPAA, FTC Act, FTC Health Breach Notification Rule, etc.
The year 2017 will provide exciting opportunities for development of mobile health technology and mHealth apps and wise developers need to review best practices closely in order to develop the most compliant and trusted apps.
Codified Security is here to help make your mHealth apps secure and keep you compliant with HIPAA. For mobile app security testing in under a minute try out Codified Security.