Last update: May 2021

4 mins to read - 2019/10/11

How Can Your Medical App Stay HIPAA Compliant?

With 2020 right around the corner, the mobile health – or mHealth – industry is booming. It makes sense – health and wellness are hot topics in our society. People are more health conscious than ever. The scope of what we understand to be health has broadened, with mental health and emotional wellbeing finally taking their place as priorities. With smart devices everywhere, it makes sense that we’d use mobile apps to manage our health. Mobile health apps are great for helping doctors and patients keep track of their health around the clock. But how many of these apps are covered by HIPAA? Do you know what’s happening to your data?

Download our Data Security Whitepaper to learn more about OpenBack’s innovative approach to data privacy:

healthy heart

What Is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) predates our modern concept of personal data, as the digital footprint left behind by using the internet and smart devices. It was signed into law by President Bill Clinton in 1996.

HIPAA covers patient data and keeps their medical information private and secure. Personal data can mean anything from a patient’s medical history to their prescriptions to their blood type and heart rate. And with the new scope of healthcare apps, this type of data is being moved and collected at unprecedented volumes. Particularly with Personal Health Record (PHR) devices, such as those that track your fitness or medication usage, data is copied and sent to healthcare providers.

HIPAA defines very specific criteria for what qualifies as Protected Health Information (PHI). Basically, it is information that is created or received by a healthcare provider. This could be a doctor or health plan that relates to the health – mental or physical – of a person, or any information that could identify that person.

So what does this mean?

Does HIPAA Apply to Your Health App?

A lot of mobile apps are unsure whether HIPAA applies to them. If users of your app enter their own data using their own equipment, and you – meaning the medical body or professional – don’t receive it, then you may not have to be HIPAA compliant. For example, if a user enters their weight, blood pressure, or BMI information using calculations they have taken with their own equipment.

Moreover, if an app is developed for use by a medical entity, then its developers may have to abide by HIPAA regulations. For example, a running app that directly measures your heart rate, breathing rate, and distance run and sends it to your medical provider would definitely be HIPAA accountable.

mental health

The Rising Popularity of mHealth Apps

It’s not hard to see why more and more doctors are choosing to monitor their patients’ conditions via smart devices. Mobile apps are a low-cost way to check up on your patient around the clock. It saves both patients and doctors time, as it cuts out the need for frequent appointments when the patient can just enter their data into the app. It also does away with the risk of human error. For example, a mobile app algorithm can ping a user whenever they’re scheduled to take their medication. Or it can keep an accurate log of their blood pressure, heart rate, temperature, and so on.

What’s more, having a digital log to keep track of your health progress may be preferable to some patients than having to have a face-to-face talk with their doctor. If they only have to enter the data of how much they exercised, how many grams of salt they consumed in their food, and so on, they may not be tempted to lie when the doctor asks if they’ve been keeping on track with their health or diet regime. With more accurate data, doctors will be better informed in providing the proper treatment for their patient.

What About Mental Health Apps?

Mental health, at least in the area of digital security, is still a grey area. While plenty of doctors are throwing their weight behind mental health and mindfulness apps – for example, WellBrain is a mindfulness app that was actually designed by board-certified pain management doctors – others may be skeptical if an app won’t protect their patients’ data.

In fact, a recent JAMA study found that 29 out of the top 36 ranked medical apps for treating smoking and depression shared their users’ data with third parties. Only 12 of those apps declared their actions in their privacy policy. What’s more, Health IT Security references a study in which, while more than 2/3 of apps observed included a privacy policy, nearly half of apps were guilty of one of the following:

  • Having no privacy policy, yet transmitting data to third parties (9 apps)
  • Having a privacy policy that was vague or didn’t address data sharing, yet transmitting data to third parties (5 apps)
  • Outright stating in their privacy policy that they would not transmit data to third parties, but doing it anyway (3 apps)

Clearly there is still a lack of oversight and accountability when it comes to mental health apps. There is a risk of some bad actors ruining the industry for the apps with good intentions. As a society, we are working towards the destigmatization of mental health issues. Consequently, the treatment of mental health is gaining ground as a legitimate medical field. A mental health app eager to prove its reputability should write a clear, transparent privacy policy for its users.

To stay HIPAA compliant and be able to assure doctors and users that your app is treating personal information ethically, get in touch with one of our experts. At OpenBack, we’re happy to talk with you about our mobile engagement platform and how to provide the data privacy compliance that’s right for your app.

Leave a Reply

Your email address will not be published.

4 × 2 =


Translate »