Does An App Need To Be HIPAA Compliant?

What are your favorite apps? Chances are you have several you use every day.

Apps are designed to make our lives a little easier. Instead of searching for information, it’s all right there at the touch of a button.

But apps can also leave you vulnerable. Few would argue with that. Imagine losing your phone and having someone tap and touch where you’ve been. What would they discover?

There’s a fine line between people’s perceptions of what HIPAA laws require, and the protection it really offers. What do apps need to have in place to ensure they have HIPAA compliance?

In general, determining if an app needs HIPAA compliance depends on the purpose of the app, how people access the data, and how data flows through it.

If an app is held for personal use only, it doesn’t have to be HIPAA compliant. This means data stays with the owner, and the app developer does not receive, manage, or share information in any way.

It also depends on data flow. If a patient monitors their own conditions, yet has the ability to share data when they desire by sending reports to healthcare providers, this can still be grounds for not needing HIPAA compliance. The key is in the connection. If the patient or individual controls who gets what data, HIPAA regulations don’t apply. But the moment an app shares the data with anyone but the owner, HIPAA rules apply.

If at any time an app establishes a relationship between the owner of the mobile device and the manager of the app, HIPAA compliance is needed. In this case, protected health information (PHI) such as names, demographics, appointments, and financial information, as well as physical or mental patient information, are shared between the two devices.

Pay particular attention to the Security Rule. The HIPAA Security Rule applies to all electronic PHI and applies to all data it creates, receives, maintains, or transmits. It ensures data is safeguarded at all levels, including:

Administrative - this ensures only employees who need access have access

Physical - this protects the physical systems, including what happens to buildings and equipment in the event of a disaster

Technical - this ensures everything from backup to access, and the encryption process in between

Vulnerabilities always exist. If you are ready to move into the future and utilize modern technology in your practice, ensuring you understand how to protect yourself should be your top concern.

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.