Atlantic.Net Blog

Achieving HIPAA Compliance with Mobile Devices

Sam Guiliano
by Atlantic.Net (82 posts) under HIPAA Compliant Hosting

Last year, Google Fit and Apple Health brought health applications into the mainstream. Developers unfamiliar with this space must learn how to maintain HIPAA compliance.

  • Study: Health IT will Change Rapidly
  • Possible PHI Issues
  • Example: Mobile HIPAA Provider Selection Story
  • A Simple and Predictable Plotline

Study: Health IT will Change Rapidly

Two major trends, a boost in cloud adoption among healthcare providers and a drop in the expenses to deploy systems will make a major impact on the American HIT market through 2018, per a whitepaper released last year.

The report, created by the consultancy RNCOS, forecast that health IT  will expand at a CAGR of almost 10%.  The creation of increasingly better technologies and public-sector promotion for this type of application (e-health applications) will contribute to the strong growth rate of this sector. How good is 10%? As an example, How over the same period, the Economist Intelligence Unit and International Monetary Fund agree that the US GDP growth rate will be around 3%.

Remember, though, that this isn’t just a time of growth but a time of change. In order for health IT to be delivered as effectively as possible, resulting in both better care and better ROI, a complex network of stakeholders (doctors, insurance companies, pharmaceutical firms, medical device manufacturers, drugstores, and patients) must work collaboratively.

“The full value of health IT is realized when all parties come to the table to ensure data liquidity and ultimately, information and support flowing to people and patients,” advised health management consultant Sarasohn-Kahn. “More value can be derived when technologies don’t add costs, but conserve costs and resources.”

Possible PHI Issues

If you are creating a mobile app (whether for wearables or standard smart devices), you want to know the parameters of HIPAA compliance. Using technology that is in compliance with the federal law can be critically important to protect your business from fines from the US Office for Civil Rights. Compliance is necessary specifically for systems that have two characteristics:

  1. Use health data that is personally identifiable (PII in some form).
  2. Exchange the data with healthcare providers (PHI, much of it patient-generated health data).

If your application meets those two criteria, you must be intimately familiar with the law – especially the privacy, security, and breach notification rules. Consider the issues you can run into with protected health information in the mobile arena:

  1. Mobile devices are often stolen. If PHI is unencrypted, you could end up with a fine.
  2. The device typically provides access to email and social media. Accidental posting could occur.
  3. Push notifications and other features could represent violations.
  4. You could have instances of purposeful or accidental sharing of protected health information between users.
  5. If a user turns off the password protection that locks the phone’s screen, anyone present could access immediately visible data.
  6. Since mobile devices are often smaller, many users shorten their passwords (thereby making them less secure) so it’s easy to get online.

Developers can’t control against all those scenarios, but they can make sure that they maintain compliance on behalf of both their customers and themselves (as of 2013).

Example: Mobile HIPAA Provider Selection Story

Below is a snippet from a developer selecting a solution for a HIPAA-Compliant Hosted mobile application, anonymized and edited for privacy. The intention here is to look at questions and concerns rather than the specs of particular plans.

Note that we’re looking at an excerpt from the middle of their back-and-forth, right after the Hosting Consultant has explained the 12-month agreement.

Healthcare Client:

  1. So what would be the penalty if we break the agreement or would like to move to a different establishment?
  2. Do you have any referral incentives, since this will be for a client of ours?
  3. The business associate agreement will be between the business owner and you folks?

Hosting Consultant:

Here are the answers to your questions.

  1. You would be responsible for the balance of the term of the agreement. So if you
    cancelled after 6 months, you would owe us another 6 months.
  2. Will the HIPAA Hosting agreement be under the name of your company or under the name of your client (which means that they would be paying the monthly bill)?
  3. It will be if your client is signing the HIPAA hosting agreement and paying the bill.

Healthcare Client:

Since we are managing the application, we typically manage the hosting as well. However, the owner of the application is our client. So is it possible that we will manage the application and hosting issues, but the business (application owner) signs the agreement and pays through us?

Hosting Consultant:

I have permission to provide you with pricing based on a 6-month agreement. I have attached the updated pricing.

A Simple and Predictable Plotline

Do you need HIPAA compliance for an e-health application? Make sure there aren’t any surprises in your success story. Work with the mobile HIT industry leader.

“[Atlantic.Net’s] financial strength and proven track record are something we view with great confidence,” commented Complete Healthcare Solutions VP Joseph Nompleggi.

Choose Atlantic.Net, and you can mobilize healthcare with confidence.

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award Med Tech Award

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


HIPAA Partners

Recent Posts

Major SMS Company Hacked
How to Install WordPress with SlickStack on Ubuntu 20.04
Top 10 Linux Distributions
How To Create a New User and Grant Permissions in MySQL8 on CentOS8
Top 10 Remote Management Tools

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom