HIPAA – stands for Health Insurance Portability and Accountability Act. HIPAA laws were enacted in 1996 years before the advent of iOS and Android devices. Smartphones have hitherto brought in a flood of apps in the Healthcare industry.
HIPAA aims at protecting the Health Information of patients’ medical records (PHI – Protected Health Information). Mobile apps will fall under HIPAA if the app deals with PHI, stores PHI or shares the PHI with healthcare providers (Doctors, dentists, pharmacies), Insurance companies, Government Programs, Health information processors.
As a company that deals with Healthcare Domain and mobile app development, we have compiled a quick checklist of items to consider before you start the app development.
- First and foremost, determine when should you go for a compliance check
- If your mobile app collects, stores or shares any kind of medical test results, pharmacy prescriptions, any other treatment information, Health insurance information OR Billing details to HIPAA covered agents, then your app need to be HIPAA compliant.
- If your app allows users to connect with doctors and exchange information via texting, video calling, voice calls, group forums, then it needs to be HIPAA Compliant.
- A fitness tracking app which tracks your steps taken, distance covered, hours of sleeping etc. need not be under the scope of HIPAA
- An app need not be compliant, if it gives users access to medical reference information, defines diseases or illnesses, diet tracking etc.
- If the app is not to be used by medical personnel or staff, and contractors of covered entities, then it need not be HIPAA-compliant.
- Ensuring Data Security
- If the app provides offline storage of any kind of PHI, then it has to be made secure using 256-bit encryption.
- The resident data has to be cleared from the system at regular intervals.
- Ensure that the app cannot be accessed by anybody else. For this provide auto log out feature after some time of inactivity
- The app should not record personal details. In case it records, it should not display the details on the screen.
- Security in data transmission
- The app should communicate with the backend services using https.
- Push notifications should not carry PHI
- Text messages/ SMS should not carry PHI
- If you are using any 3rd party components for data transmission then those components should be HIPAA compliant. For example, if you are sending an email that contains PHI, then the email service provider should be HIPAA complaint.
- Information to the users
Users should be informed of what types of health information are collected and how this information is used by the app. Provide this information in the About /Help /FAQ section
- Check for FDA’s medical device classification
Any software/ hardware collecting data and/ or providing input to the decision-making process of a healthcare provider can be classified as a medical device under FDA. If the app falls under this category, then a whole set of other regulations have to be taken care for FDA approval as well, and not just HIPAA.
- As much as possible try to use HIPAA compliant tools to power your application. For example, choose a hosting service that covers all the physical safeguard requirements of HIPAA. Provide a messaging platform that provides secure messaging and HIPAA compliant. Not all secure messaging platforms are HIPAA compliant.
This article provides only a very broad guideline to HIPAA compliance of mobile apps. There are many other use cases that need to be taken care depending on the type of the mobile app you are developing. To consult with us on HIPAA Compliance, email at email@example.com.
A centralized Identity system a la SSN in the USA has been sorely lacking in India. But with the critical mass Aadhaar scheme has gained and the API ecosystem maturing around it, finally we have a viable option for identity.
We have been leveraging this in many applications to implement disruptive use cases like social lending.
Here, we are going to show how to integrate Aadhaar verification using Aadhaar Bridge in Laravel.
In a monolithic architecture, we deployed a few application servers and statically registered them with load balancers. But in Microservices based architectures, inherently the services are mobile and can come and go because of auto-scaling, self-healing etc.
So the clients need a way for looking up the services they want to talk to. Essentially we need a way for mapping logical service names to one or more network paths.
As a mobile application development company that prides itself in leveraging the latest technology, the latest thing to catch our eye is Android things.
If you are a follower of google, you must have heard about “Brillo” – an operating system of google which has been now redesigned and branded as “Android Things”. It is a platform which uses Android software and helps us to make our most loved gadgets to talk to each other and allows us to utilize the cloud services to control them remotely.
Some insights on Android things,
1. A major highlight is the seamless integration of Android Things into Android Ecosystem.
2. Brillo was using C++ for development whereas Android things also targets java developers.
3. It has inbuilt support for Firebase which helps us to integrate it easily with Android Things.
4. Google has also added support for Weave, a standalone communication platform which allows devices to connect with google services.
5. Android Thing also has support to push updates which allow developers update the app seamlessly.
6. As of now not all google APIs for android are supported.
7. It already supports Intel’s Edison, Raspberry Pi 3 and NXP’s Pico out of the box which will give the developers a quick jump start to try building prototypes.
As a mobile application development company that takes pride in leveraging bleeding edge technologies to give our apps a business edge, Multipeer Connectivity is a technology we are excited about.
Now apps can send text messages, make calls and share files even without the internet! All this is made possible by the exciting new technology of Peer-to-Peer Mesh Network. Connectivity without cellular network is really powerful. This technology helps to create massive peer-to-peer mobile networks which opens up a whole world of possibilities for apps.
FIRECHAT is an iOS app that took the apps world by storm by introducing the concept of “Communicate without the Internet”. This became a lifesaver application for many during #ChennaiRains, #KashmirFloods and many other natural disasters all over the world. SERVALMESH is another example of how disruptive this technology is.
As organizations are going global, onsite-offshore team mix is becoming the norm. The usual plain vanilla agile process does not work when multiple scrum teams are geographically spread with time difference to boot. For instance, given the time/geo difference, members who usually attend a ceremony like daily standup cannot do so.
Over the course of executing multiple such mixed team projects, we have settled on a customized agile process that works well. This defines in fine granularity
- the roles and responsibilities of onshore, offshore team
- day by day milestone of the sprint cycle
- new perspective on the sprint ceremonies and who should attend what
- a git flow with integrated CI/CD to support this
You have deployed a plethora of monitoring and service management solutions. Yet do you have a good handle on
- What are the hot button issue(s) at any given time?
- What you need to prioritize?
- What is the best way to react to a situation?
Better yet, what if you can know outages even before they happen!
The next generation predictive IT Operations Analytics (ITOA) solutions are aiming to do just that.
Gartner predicts that in the coming years, Global 2000 companies will deploy IT Operations Analytics Platforms as a central component of their architecture for monitoring critical applications and IT services.