10 steps to creating a safe, secure healthcare app

From the mHealthNews archive
By Andrew Underhill
10:51 am

With as many as 142 million mobile healthcare apps expected to be downloaded by 2016, healthcare providers are facing an onslaught of mobile software solutions that may or may not comply with safety and security standards. And whether they're designing their own apps or looking to developers, they need to be on top of the game. The risk of a data breach is too great to ignore.

Taking a concerted approach to app development can mitigate the risk of compliance shortfalls. Here are 10 steps to follow to ensure a new healthcare app meets regulatory and data security standards.

1. Understand the target market
Not all healthcare apps are governed by the same set of rules. For example, an app used by physicians for viewing radiology images will have a different set of compliance considerations and regulations than an app designed to help patients remember to take their medications. Before creating an app, take a look at the legislative drivers governing the aspect of healthcare you hope to target and make sure you understand what is required from a compliance standpoint.

2. Check in with HIPAA

Probably the biggest regulation to review is the Health Insurance Portability and Accountability Act (HIPAA), which governs how to legitimately share data while preserving patient privacy. Different apps will require different levels of HIPAA compliance, depending on the kind of data they house and share. To fully appreciate how HIPAA applies to your particular app, consult a healthcare attorney who can guide you on things to watch out for and possible roadblocks to address.

3. Look at the footprint
More than anything else, your app’s footprint will dictate the level of difficulty involved in realizing compliance. For instance, if you are planning to store patient data on the app, there will be some pretty hefty privacy and security regulations you will need to follow. Conversely, if you aim to have zero footprint apps - meaning they access data from a secure server but nothing resides in the apps themselves - then they will carry lower risk as the apps and data only reside on devices during use.

4. Consult industry best practices

There are several entities that offer best practices to ensure apps are both useful and compliant. For instance, The Workgroup for Electronic Data Interchange (WEDI) is a well-respected authority on health data exchange. They have developed best practice guidelines and compliance standards that organizations should keep in mind when developing apps.

Similarly, Integrating the Healthcare Enterprise (IHE) is an initiative driven by healthcare professionals that promotes the coordinated use of established standards to help technology systems communicate with one another effectively and securely. The group hosts annual “connectathons” across the world in which developers come and test their solutions for compliant and secure interoperability.

Familiarizing yourself with these entities and the best practices they support is essential in guiding your application to meet industry standards and compliance regulations. 

5. Talk to an expert
Once you have an idea for an app and have checked the target market specifications, HIPAA regulations and best practices, it may be helpful to run your approach by someone who has gone through the process before, as they may provide strategic insights, advice and lessons learned. For instance, industry experts may be able to talk about market saturation, appropriate budget expectations, compliance pitfalls and so on. Seeking their input can be valuable in heading off potential issues that could delay or possibly even derail app development.