With cyberattacks from all sources on the rise, and mHealth apps being used by providers in care coordination, telehealth, patient engagement and PHRs, Practice Unite, which has some experience in this area through designing customized app platforms for healthcare organizations’ patient and clinician communications, in its blog notes seven points for developers to keep in mind:
1. Access control– unique IDs assigned to each user, remote wiping of the mHealth app from any user’s device.
2. Audit controls
4. Integrity controls, such as compartmentalization, to ensure that electronically transmitted PHI is not prematurely altered or corrupted
5. Transmission security: data encryption at rest, in transit, and on independently secured servers protects PHI at each stage of transmission
6. Third party app integration–must fully comply with HIPAA safeguards
7. Proprietary data encryption
But all seven points need backing from the top on down in a healthcare organization. (More in the article above)