Written by Satyendra | January 27, 2015
$50,000! You can end up paying as much as $50,000 towards penalty if your app is not HIPAA compliant!
Health apps have the ability to revolutionize health care making patient care more economical and efficient. With health care becoming a hot favourite with a number of app developers, and with the launch of Apple Health and Google Fit, a lot of developers now know that their apps fall under the preview of HIPPA and any app that does not comply with the HIPPA rules is liable to heavy penalty.
Now we are sure you'll certainly not want that to happen. And this is why we've compiled this post - to inform you about HIPPA compliance and its importance in mobile application development.
What is HIPPA Compliance all about?
First of all it is important to understand what HIPPA is and why should it affect mobile app developers. To begin with, HIPPA stands for Health Insurance Portability and Accountability Act of 1996. It is an act passed by the congress to protect the protected health information or PHA of the patients. It ensures that the PHA of a patient is kept safe by health care providers, hospitals, their business partners and in this case the app developers. Therefore, if you are planning on developing a mobile app that in any way is going to share protected health information of a patient with anyone, you do fall under HIPPA.
Is My App Liable to be HIPPA Compliant?
Almost all health apps fall under the preview of HIPPA. Here are certain pointers on the possible apps that must comply with HIPPA regulations. These include:
Apps that will be sharing data with covered entities including doctors, health care providers, health insurance guys, and health care clearing houses.
Even if you have not designed your app to store and transmit protected health information there are chances that it can be used for the same. Make sure that your app can not be used to store and transmit PHA. If it is possible them you do fall under HIPPA.
PHA or protected health information includes any information that is related to the mental or physical status of an individual, payment they may have made for such treatment, any treatment they may have received and any information that could expose the identity of the individual including their name, address etc. thus in case your app is storing or sharing such information you fall under HIPPA .
If you are planning to share any relevant PHA via mobile phones or emails it is very important to comply with HIPPA regulation. The app developer must notify the app user to keep the mobile in a locked state and also use HIPPA compliant email services to avoid legal hassles.
A lot of app use push notifications to update the user on possible changes or news . With health care apps this is a bad idea as it is in HIPPA violation a good idea is to use such a notification in your app.
It is also important to make sure that your app is outside the preview of the FDI medical device notification. All apps that do fall under such a notification also fall under HIPPA.
So if you are an app developer who is thinking of developing a health care app, then beware! Any violation is liable to get you penalized with a minimum penalty of $100 per violation, with an annual maximum of $25,000 for repeat violations and a maximum penalty of $50,000 per violation, with an annual maximum of $1.5 million.