Introducing the Developers Guide to HIPAA Compliance
- By Morgan Brown
- Published on June 2, 2014
With the news today of Apple’s HealthKit and the Health app, we’re fairly certain that interest in mobile health (mHealth) applications is only going to rise. But building a healthcare-based application has particular challenges that other consumer applications don’t face—mainly the regulation and compliance with HIPAA, the Health Insurance Portability and Accessibility Act. The HIPAA Security Rule lays out the requirements for the privacy of user data, called protected health information (PHI) for both covered entities (like doctors) and business associates (like application developers, hosting providers, etc.)
One of the challenges with HIPAA is that, unlike PCI, there is no 3rd party certification that you can receive to determine if you’re meeting HIPAA requirements. The law is also nearly 20 years old, and full of legalese, which makes it cumbersome to parse back to product requirements. That’s why we’ve built the Developers Guide to HIPAA Compliance. It’s a succinct, plain language guide that outlines the details of HIPAA as it relates to application development. In the guide you’ll find everything from the basics of HIPAA to what developers should consider for web apps, mobile apps, and wearable development.
We’ve also broken down the specifics of how to make you application HIPAA compliant, and the difference between using a HIPAA hosting provider for your app and making your application HIPAA compliant. The guide was designed to hit the high points, without getting bogged down in too much legal detail.
The Developers Guide to HIPAA Compliance is a living document, and we’ve built it as a resource for the developer community, which is why we’ve chosen to publish it on GitHub. You can grab the repo here, and we welcome pull requests to update it and build it out. It’s our hope that it becomes the go-to resource for developers trying to get questions answered about building the next generation of healthcare applications.
HIPAA Hotline Chat
In addition to the guide, we’re holding open office hours today via a public HipChat room about HIPAA compliance for application developers. We’ve teamed up with our friends at Accountable to answer questions that you might have about Apple’s HealthKit, iOS 8 and all things development and HIPAA compliance. Drop by Monday, June 2nd between 10 am and 1 pm PT to get your questions answered.
iOS 8 SDK
As part of our ongoing effort to make it easy for application developers to become HIPAA compliant (without having to build all of the required infrastructure from scratch) we’re getting to work on the TrueVault iOS 8 SDK. It’s our goal to ship this in time for the general release of iOS 8 to the public so that you can have your HealthKit-enabled applications HIPAA compliant and ready to go by the time HealthKit hits the market. If you’d like to be the first to be notified when the SDK is ready, please sign up here and we’ll be sure to let you know when it’s ready to go.