Security Recommendations for Mobile Health Apps
Friday, September 14, 2018
Suggestions made for app developers to secure apps and avoid hipaa violations
Print Mail Download i

Expanded use of Electronic Health Records (EHRs) is an integral component of the ongoing modernization of the U.S. health care system through digitalization.  Among the anticipated advantages of using EHRs are improvements in patient care (e.g., through faster access to relevant information and consequently improved care coordination), increased patient engagement, as well as reduction of medical errors and cost savings. On the other hand, implementing EHRs in a sustainable and legally compliant way requires upfront investment in hardware, software, training, workflow restructuring, as well as management of risks unique to electronic records, such as vulnerability to malicious interference.  When EHRs are combined with mobile platforms, the cybersecurity risks multiply.  Addressing this latest challenge can be daunting, both for medical practices and EHR product providers.

To help defuse these concerns, the U.S. National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology (NIST) recently published a comprehensive guide entitled “Securing Electronic Health Records on Mobile Devices.”    One of the goals in preparing this document was to demonstrate, using detailed examples and already-available standards and technologies, the ways to ensure cybersecurity of  patients’ health records in accordance with the HIPAA Security Rule.   The guide is intended to facilitate the adoption of best cybersecurity practices but it is not legally binding, and its use is voluntary.  Nevertheless, the guide encourages organizations to consider the presented worked-out designs, which rely both on commercial products and open-source solutions.

The guide adopts, and stresses throughout, a risk-based approach to security.  A structured, methodical risk assessment should ideally be established before health care providers start using mobile devices in a given health care practice, and it should be continuous in nature, with periodic review and reassessment of the risks.  This change in attitude might be one of the more important barriers for health care organizations to overcome, since cybersecurity has often been an afterthought, which has resulted in an increasing number of data breaches and subsequent legal and financial repercussions.

NCCoE and NIST are inviting businesses to provide feedback to their practice guide, especially on its implementation in the real world.

© 2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.

Current Legal Analysis

More from Faegre Drinker

SCOTUS Denies Certiorari in Cases Concerning FCA Liability Requirement, Objective Falsity Circuit Split Remains Intact
by: Commercial Litigation Practice Group
Groundbreaking Fourth Circuit Decision Upholds Private Plaintiff’s Successful Effort to Unwind a Consummated Merger
by: Kathy L. Osborn , Emily E. Chow
Travel Bans and Quarantine Hotels: Traveling to the U.K. During COVID-19
by: Hodon Anastasi
TCPA Plaintiff Argues he wasn’t Injured in Attempt to Dodge Federal Jurisdiction
by: Marsha J. Indych , Renée M. Dudek
Silver Lining: COVID-19 Engagements Allow More Time for Premarital Financial Planning
by: Jaime A. Quick
Biden EPA Makes First Moves to Address PFAS in Drinking Water
by: Bonnie Allyn Barnett , Brandon W. Kirkham
Predicting the Enforcement Priorities of the Biden DOJ
by: Thomas J. Kelly , Daniel E. Pulliam
New York City Council Imposes Stricter Discipline Requirements on Fast Food Employers
by: Gerald T. Hathaway
Disclosure of Binding Arbitration Not Required In Consumer Warranties, Says Florida Supreme Court
by: Traci T. McKee , Lexi C. Fuson
FCC Order Causes Confusion Regarding Consent Required for Informational Calls to Residential Landlines
by: Matthew M. Morrissey

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins