Mobile Health Apps: Taking a Closer Look at Compliance
The emergence of mobile technology has launched the healthcare industry to the next level. Even though this industry frequently deals with complex and sensitive data, clinicians and patients are taking advantage of, and benefiting from, the ever-growing mobile app trend. This has sparked an important discussion about the compliance of health apps.
Consumers are continuing to go digital and are now doing so with the intention to address their health care needs. As this innovative technology-enabled type of health care grows, health organisations, hospitals and other relevant stakeholders have begun engaging in mobile app development to offer patients new, more convenient ways to collect and share health-related information.
More and more patients are using mHealth (mobile health) to manage conditions, connect with providers, and make critical health care decisions than ever before. There’s no doubt that health apps facilitate easier information sharing and a better patient experience, however, they often collect and manage sensitive data. As such, it is important that health apps are developed to comply with security and privacy requirements defined by data protection laws, such as the GDPR in the EU and HIPAA in the US.
The Health App Market
In 2017, there were over 318,000 health apps available on the top app stores worldwide – with more than 200 apps being added each day (IQVIA). The two major factors fuelling the growth of the mHealth market is the increased adoption of smartphones as well as continued heavy investment in digital health. According to Global Market Insights, the mHealth market is set to exceed USD 289.4 billion by 2025.
This market continues to grow and attract new entrants, with more than 84,000 mHealth app publishers releasing mobile apps for the medical and health and fitness market in 2017 (Research2Guidance).
A 2018 Rock Health study found that the adoption of digital health tools was at its highest rate ever – with 89% of respondents using at least one digital health tool. Respondents were most willing to share their personal health data with physicians, health insurance companies, pharmacies, and research institutions – reporting the most trust in data security of these entities.
With the health app market and adoption poised for growth, it is important to develop meaningful solutions that support compliance through robust data privacy and security.
A Closer Look at Compliance
Health apps facilitate the circulation and exchange of sensitive information. As such, it is important to be aware of the compliance requirements and to strictly follow regulations in order to safeguard health information effectively.
At the beginning, mobile app technology was being developed and deployed much faster than compliance standards could meet. Now regulations have caught up and there are various laws to adhere to, depending on the region/s the app is being used in. A few examples, based on region, are outlined below.
The United States
A health app for the US market that stores or transmits protected health information of a patient must be in full compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA helps protect sensitive patient data and regulates how health information is transmitted, limiting access to individually identifiable information to unauthorised entities.
In the United States, it is mandatory for health apps to be HIPPA compliant. All organisations who deal with protected health information must have a physical network and top-notch security to ensure compliance. This framework has been adopted by other medical institutions around the world as the “go to” security guidelines to follow.
The European Union
In Europe, a health app must be compliant with EU laws like the The General Data Protection Regulation (GDPR) and The Data Protection Law Enforcement Directive. These directives aim to protect the rights and freedoms of persons with regard to the processing of personal data and on the free movement of such data.
The United Kingdom
The Data Protection Act is the UK’s implementation of the GDPR, which controls how personal information is used by organisations, businesses or the government.
In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs how private-sector organisations collect, use and disclose personal information in the course of commercial business. It sets out the ground rules for how businesses must handle personal information in the course of commercial activity.
Countries in the Asia-Pacific have seen a number of significant regulatory developments in recent years, resulting in the implementation of new, comprehensive, “GDPR style” privacy laws.
In Australia, for example, The Privacy Act regulates the way in which individuals’ personal information is handled.
Building a Compliant Health App
Due to the sensitive nature of the health industry, compliance regulations should be used as a guide for successful health app development. It is recommended to check related regulatory requirements and best practice principles for the region/s your app will be available to.
To help ensure your health app is developed following compliance guidelines, consider the following tips:
- Implement administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
- Any health information that is created, transmitted, or stored electronically must be handled securely. Make sure there are appropriate safeguards to protect the privacy of personal information and set conditions on the uses and disclosures that may be made of such information without patient authorisation.
- If using a service provider, such as a hosting network or data storage vendor, ensure that the vendor understands and agrees to the same compliance guidelines.
- Information that you choose to collect in your app should have a clear purpose, try not to collect any information you don’t need.
- Permanently and securely dispose of data when it is no longer needed.
- If your app uses push notifications, ensure the notifications do not include sensitive health information.
- Consider the differences between the intended and unintended use of your app. Even if you believe the app will be used in a way that does not require compliance, this assumption could be wrong.
When developing an app, maintaining security standards and ensuring the protection of sensitive personal data should be a top priority. It is important to ensure that all standards are followed to keep patient and healthcare provider information private and secure.
At Liquid State we see the social and economic value in improving healthcare efficiency and the patient experience through patient-facing apps and integrated communications. Our solutions help drive quality care, patient engagement and improved clinical outcomes.
Contact us today to turn your health app idea into a reality.