mHealth App Development HIPAA Requirements

What is mHealth?

mHealth

mHealth is short for mobile health, and refers to the technologies, services and companies who are creating new healthcare related applications for consumers and their mobile devices including mobile phones, smartphones, tablets, and wearable devices such as the Jawbone Up, Nike Fuelband, and others.

mHealth is used broadly by the healthcare industry to identify new technologies that focus primarily on consumer-facing mobile healthcare applications, wearable devices and their uses; but can also be used for any mobile-based health initiative.

What are mHealth Applications?

mHealth applications are the software that runs on smartphones or tablets that manage personal health maintenance and health tracking applications. These can include devices and apps that track physical activity, biometrics such as heart rate, as well as compliance with health and prescription regimens.

Popular mHealth apps include fitness applications such as RunKeeper and Couch to 5K, sleep monitoring apps including SleepCycle, and heart rate monitors like Instant Heart Rate.

Additionally, software that powers wearable devices is also considered mHealth, which includes the software that powers the Jawbone Up, Nike Fuelband, Fitbit, WiiThings devices and more.

HIPAA Compliance and mHealth Applications

mHealth Applications

If you're developing mHealth applications, it's important to understand what types of information and experiences fall under the Health Insurance Portability and Accountability Act (HIPAA) and what is HIPAA compliance. HIPAA sets the standard for protecting sensitive patient data. Developed in 1996, HIPAA was initially created to help the public with insurance portability. In addition, they built a series of privacy tools to protect healthcare data.

For application developers, the first thing you need to determine is if your mHealth app or wearable device is going to collect, store, or transmit protected health information (PHI) which is regulated by HIPAA rules.

Protected health information is any information in a medical record that can be used to identify an individual including: medical records, billing information, health insurance information, and any individually identifiable health information.

Health information that is not considered PHI includes data such as: calories burned, steps taken, or distance covered. Proprietary metrics, such as the points awarded by the Nike Fuelband are also not part of PHI.

mHealth companies that are going to track, transmit, or store PHI need to be HIPAA compliant. If you plan on exchanging or interacting with covered entities (such as a doctor's office), then you need to be HIPAA compliant.

If you are building an application to track, store or manage non-personally identifiable information, or are not going to be sharing the information with a covered entity, then you do not need to be HIPAA compliant.

Developing HIPAA Compliant mHealth Applications

If you plan on building an mHealth application or wearable device that will store, manage, and pass protected health information to a covered entity then you'll need to be HIPAA compliant. Using a service like TrueVault will ensure that you meet the technical and physical safeguards required by the HIPAA Security Rule. Learn more about TrueVault.

mHealth providers choosing a HIPAA hosting company for HIPAA file storage is not enough to make you compliant, as most hosting solutions only address the physical safeguard requirements of the rule. Learn more about HIPAA hosting.

TrueValut's HIPAA compliant healthcare API can solve that. Make your application or wearable HIPAA compliant with TrueVault. Try it now for free, no credit card required, and no charges until you activate your account.

Latest Posts

Mailing List

Subscribe to our mailing list