top of page

Forum Posts

Jan 13, 2022
In General Discussions
Health and wellness apps are making it easier for consumers to access medical information using their mobile apps. From tracking and monitoring general health information to keeping important medical records, mobile apps are playing a critical role in the healthcare industry. From a provider perspective, efficient use of mobile apps provides real-time care that helps both patients and doctors make faster decisions. However, keeping consumer information secure and in compliance with the Health Insurance Portability and Accountability Act (HIPAA) can be daunting. In this post, we give an overview of HIPAA rules as they apply to mobile app publishers and the measures you can take to be compliant. HIPAA has several facets, and it’s important to identify the list of applicable rules for your business. CleverTap recommends app publishers familiarize themselves with HIPAA laws and build their applications in a manner that remains compliant. What is HIPAA? And What’s Considered Private Health Information (PHI)? Health Insurance Portability and Accountability Act (HIPAA) is a U.S. national standard for electronic health care transactions and lays down rules for collecting, storing, and processing unique health identifiers. It protects private health information (PHI) and affects how it is accessed, stored, and shared to give patients rights to their health information. PHI Colombia Phone Numbers List is any information that can be used to identify an individual seeking health care. It includes identity information, medical records, conversations with doctors and other healthcare professionals, and billing information with patient identifiable information on it. Examples of PHI include patient name, address, dates (birth, admittance, discharge) medical record numbers, account numbers, and email addresses. Who Needs to be HIPAA Compliant? Covered Entities: Any organization that falls under the definition of covered entity under HIPAA has to comply. Covered entities include health care providers, health plans, and health care clearinghouses that electronically store and transmit any health information. If these entities create their own mobile applications that collect, store, or use PHI, then these mobile apps must be HIPAA compliant. Business Associates: A business associate is anyone who collects, stores, maintains, or transmits any PHI on behalf of a covered entity. Most businesses that provide services that manage or use PHI for covered entities are included in this category. These are contractors, subcontractors, and other companies that are not employed by a covered entity but still need to access health information when offering their services to a covered entity. You can find more information on this on the official US Department of Health & Human Services website. Within the purview of the HIPAA privacy rule, CleverTap is neither a covered entity nor a business associate. How Does HIPAA Apply to Mobile App Publishers? If a mobile app is created by a covered entity, or if a mobile app developer offers an app that handles PHI for a covered entity, then that makes the app publisher a business associate. For example, a health app where information is automatically entered into the healthcare provider’s electronic health record (EHR) needs to be HIPAA compliant. On the other hand, a mobile app that requires users to input their own health information may not be required to be HIPAA compliant. For example, an app used by patients to voluntarily input and monitor their diabetes information without any involvement of a healthcare provider is likely not required to be HIPAA compliant. If you are a covered entity that entrusts PHI to a third party vendor or service provider, then you are required to have a Business Associate Agreement (BAA) in place. The BAA is a contract that ensures that the business associates will take the necessary measures to safeguard PHI, and regulates the use of PHI by the business associate. How CleverTap Customers Address HIPAA Compliance Within their Marketing Organizations Several healthcare companies leverage user behavior data in their marketing campaigns to acquire and engage users via email, push notifications, and social media. When users sign up for a healthcare service, they expect personalized communications, such as appointment confirmations and service notifications. While companies use certain data to make their marketing campaigns more effective, the use of private patient data is not allowed. HIPAA mandates that healthcare companies restrict the use of private patient information to promote their products or services without written permission from the patient and that this permission may be revoked by the user at their discretion. Performing due diligence while developing your app can help ensure that your app stays HIPAA compliant. Avoid sending or storing PHI: CleverTap has seen customers build HIPAA compliant use cases by ensuring that there is no sensitive information, specifically


More actions
bottom of page