Search Weight Loss Topics:

Home » Lose Weight Safely » Health Apps Abound, But Are They Secure? – Renal and Urology News

The US Department of Health and Human Services (HHS) recentlyreleased guidance on what providers should know about HIPAA compliance and apps.According to a reportby Iqvia Institute for Human Data Science, more than 318,000 health apps are availableworldwide and about 350 consumer wearables on the market. The report also foundabout 26% of providers have adopted the use of an app for patient wellness and13% for condition management.

But what liability do apps potentially pose for practices? Ifan app is developed on behalf of a doctors office and given to patients orused in-house, the practice can be liable for breached information. There wouldbe no liability for a practice, say, if a patient with diabetes asks a doctorfor ideas on how to lose weight and the doctor recommends a step tracker and caloriecounter app that can be downloaded to the patients phone. But liability couldresult if a doctor recommends an app created for the practice that winds upexposing PHI.

Its like hiring someone as a business associate to dosomething with data, Brian Reed, Chief Marketing Officer of theChicago-based app security testing firm NowSecure. If you are sharingdata with someone else you have hired and paid for services, that makes them abusiness associate.

With any apps used within a practice or given to patients,business associate agreements should be put in place with the supplying vendor,he said.

From the courts

In January, HHS offered guidancebased on a Washington DC court case that dealt in part with the question ofwhether a HIPAA-covered entity must give PHI to a third-party app upon apatients request. The answer was yes. Generally, if a patient requests that a providersend information to an app even if the doctor does not know if the app issecure the practice is required to send it. A practice also has to send theinformation even if the patient requests it in an unsecured method, like personalemail. Although this may cause trepidation among providers, HHS does give somereassurance. If the request is made by the patient, it is no longer subject toHIPAA regulations once it leaves the practice, the department said.

Even if a physician is not liable, it is good practice tocaution patients on the risks of sending PHI to unsecured apps, according toHHS and some experts. Robert Grant, chief compliance officer and co-founder ofthe Compliancy Group in Greenlawn, New York, advises providers not to encouragepatients to use apps that may not be secure. The physician has enough to worryabout with protections inside their own house, he said. They dont need to worryabout what someone else is doing with their technology.

Professional liability

But doctors use of in-office apps can result in liabilityif that use results in a breach of PHI. Many apps that providers use within apractice to obtain information or access health records are secure, Reed said. Theseapps seldom become infected with malware so breaches are unlikely, but hecautions physicians never to transmit PHI on public apps such as Evernote orGoogle Docs.

When you look at the 4 million-plus apps in app stores,about 70% leak personal information, Reed said. That may be a user ID orpassword or other unique information, or it could be a patient account numberor credit card number.

Some of this data leakage could violate HIPAA. If providerswant to use an app like Slack or WeChat that is not designed for a medicalsetting, they need to have documentation from vendors that the app is safe touse in a practice.

Ensuring compliance

As with any Web software a practice puts in place, providersneed to verify as best they can that apps they are using or offering patients areHIPAA compliant. The absence of a central registry that can tell providers ifan app is HIPAA compliant remains a challenge, Reed said. The first thing toknow is, dont assume apps are safe and certified unless they are labeled thatway, Reed said.

Healthcare delivery apps should be certified by a vendor, but if doubts remain about the ability an app to keep PHI safe, a security and privacy audit by a third party should be performed to ensure the app is not leaking data, Reed said.

Read the rest here:
Health Apps Abound, But Are They Secure? - Renal and Urology News

Your Full Name
Your Email
Your Phone Number
Select your age (30+ only)	30313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
Select Your US State	Select Your StateAlabamaAlaskaArizonaArkansasCaliforniaColoradoConnecticutDelawareFloridaGeorgiaHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNew HampshireNew JerseyNew MexicoNew YorkNorth CarolinaNorth DakotaOhioOklahomaOregonPennsylvaniaRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahVermontVirginiaWashingtonWashington,DCWest VirginiaWisconsinWyoming
Program Choice	Select Your ProgramInjectable HGHInjectable TestoteroneInjectable SermorelinInjectable Weight LossInjectable HCG DietInjectable Vitamins
Confirm over 30 years old	Yes
Confirm that you resident in USA	Yes
This is a Serious Inquiry	Yes
Message:

Home » Lose Weight Safely » Health Apps Abound, But Are They Secure? – Renal and Urology News