Introducing the Developers Guide to HIPAA Compliance

By Morgan Brown/ Published on June 2, 2014

With the news today of Apple’s HealthKit and the Health app, we’re fairly certain that interest in mobile health (mHealth) applications is only going to rise. But building a healthcare-based application has particular challenges that other consumer applications don’t face—mainly the regulation and compliance with HIPAA, the Health Insurance Portability and Accessibility Act. The HIPAA Security Rule lays out the requirements for the privacy of user data, called protected health information (PHI) for both covered entities (like doctors) and business associates (like application developers, hosting providers, etc.)

One of the challenges with HIPAA is that, unlike PCI, there is no 3rd party certification that you can receive to determine if you’re meeting HIPAA requirements. The law is also nearly 20 years old, and full of legalese, which makes it cumbersome to parse back to product requirements. That’s why we’ve built the Developers Guide to HIPAA Compliance. It’s a succinct, plain language guide that outlines the details of HIPAA as it relates to application development. In the guide you’ll find everything from the basics of HIPAA to what developers should consider for web apps, mobile apps, and wearable development.

We’ve also broken down the specifics of how to make you application HIPAA compliant, and the difference between using a HIPAA hosting provider for your app and making your application HIPAA compliant. The guide was designed to hit the high points, without getting bogged down in too much legal detail.

The Developers Guide to HIPAA Compliance is a living document, and we’ve built it as a resource for the developer community, which is why we’ve chosen to publish it on GitHub. You can grab the repo here, and we welcome pull requests to update it and build it out. It’s our hope that it becomes the go-to resource for developers trying to get questions answered about building the next generation of healthcare applications.

HIPAA Hotline Chat

In addition to the guide, we’re holding open office hours today via a public HipChat room about HIPAA compliance for application developers. We’ve teamed up with our friends at Accountable to answer questions that you might have about Apple’s HealthKit, iOS 8 and all things development and HIPAA compliance. Drop by Monday, June 2nd between 10 am and 1 pm PT to get your questions answered.

Learn more about HIPAA by visiting our Resources section and downloading our HIPAA compliance checklist. 

Get The HIPAA Compliant Checklist

Latest Posts

What are the penalties associated with GDPR?

How does GDPR define Personal Data?

What is a data subject access request?

Mailing List