Atlantic.Net Blog

Achieving HIPAA Compliance with Mobile Devices

Sam Guiliano
by Atlantic.Net (81 posts) under HIPAA Compliant Hosting

Last year, Google Fit and Apple Health brought health applications into the mainstream.  Developers unfamiliar with this space must learn how to maintain HIPAA compliance.

  • Study: Health IT will Change Rapidly
  • Possible PHI Issues
  • Example: Mobile HIPAA Provider Selection Story
  • A Simple and Predictable Plotline

Study: Health IT will Change Rapidly

Two major trends, a boost in cloud adoption among healthcare providers and a drop in the expenses to deploy systems, will significantly impact the American HIT market through 2018, per a whitepaper released last year.

The report, created by the consultancy RNCOS, forecasts that health IT  will expand at a CAGR of almost 10%.  How good is 10%?  The creation of increasingly better technologies and public-sector promotion for this type of application (e-health applications) will contribute to the strong growth rate of this sector.  As an example, the Economist Intelligence Unit and International Monetary Fund agree that the US GDP growth rate will be around 3% over the same period.

Remember, though, that this isn’t just a time of growth but a time of change.  For health, IT to be delivered as effectively as possible, resulting in better care and better ROI, a complex network of stakeholders (doctors, insurance companies, pharmaceutical firms, medical device manufacturers, drugstores, and patients) must work collaboratively.

“The full value of health IT is realized when all parties come to the table to ensure data liquidity and ultimately, information and support flowing to people and patients,” advised health management consultant Sarasohn-Kahn. “More value can be derived when technologies don’t add costs but conserve costs and resources.”

Possible PHI Issues

If yg technology complies with the federal law can be critically important to protect your business from fines from the US Office for Civil Rights.  CompIf you are creating a mobile app (whether for wearables or standard smart devices), you want to know the parameters of HIPAA compliance.  Compliance is necessary specifically for systems that have two characteristics:

  1. Use health data that is personally identifiable (PII in some form).
  2. Exchange the data with healthcare providers (PHI, much of it patient-generated health data).

If your application meets those two criteria, you must be intimately familiar with the law – especially the privacy, security, and breach notification rules.  Consider the issues you can run into with protected health information in the mobile arena:

  1. Mobile devices are often stolen.  If PHI is unencrypted, you could end up with a fine.
  2. The device typically provides access to email and social media.  Accidental posting could occur.
  3. Push notifications and other features could represent violations.
  4. You could have instances of purposeful or accidental sharing of protected health information between users.
  5. If a user turns off the password protection that locks the phone’s screen, anyone present could access immediately visible data.
  6. Since mobile devices are often smaller, many users shorten their passwords (thereby making them less secure), so it’s easy to get online.

Developers can’t control against all those scenarios, but they can make sure that they maintain compliance on behalf of their customers and themselves (as of 2013).

Example: Mobile HIPAA Provider Selection Story

Below is a snippet from a developer selecting a solution for a HIPAA-Compliant Hosting mobile application, anonymized and edited for privacy.  The intention here is to look at questions and concerns rather than the specs of particular plans.

Note that we’re looking at an excerpt from the middle of their back-and-forth, right after the Hosting Consultant has explained the 12-month agreement.

Healthcare Client:

  1. So what would be the penalty if we break the agreement or would like to move to a different establishment?
  2. Do you have any referral incentives since this will be for our client?
  3. The business associate agreement will be between the business owner and you folks?

Hosting Consultant:

Here are the answers to your questions.

  1. You would be responsible for the balance of the term of the agreement.  So if you
    canceled after six months, you would owe us another six months.
  2. Will the HIPAA Hosting agreement be under the name of your company or under the name of your client (which means that they would be paying the monthly bill)?
  3. It will be if your client is signing the HIPAA hosting agreement and paying the bill.

Healthcare Client:

Since we are managing the application, we typically overlook the hosting as well.  However, the owner of the application is our client.  So is it possible that we will manage the application and hosting issues, but the business (application owner) signs the agreement and pays through us?

Hosting Consultant:

I have permission to provide you with pricing based on a 6-month agreement.  I have attached the updated pricing.

A Simple and Predictable Plotline

Do you need HIPAA compliance for an e-health application?  Work with the mobile HIT industry leader.  Make sure there aren’t any surprises in your success story.

“[Atlantic.Net’s] financial strength and proven track record are something we view with great confidence,” commented Complete Healthcare Solutions VP Joseph Nompleggi.

Choose Atlantic.Net, and you can mobilize healthcare with confidence.

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award
Inc 500
Global Infosec 2021
28 Year logo
Ehla Badges 2021 Winner
Made In USA

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


Recent Posts

How to Install Sails.js Framework with Nginx as a Reverse Proxy on Oracle Linux 8
Are Data Breaches In The Cloud Getting Better Or Worse?
How to setup HTTP Strict Transport Security (HSTS) for Apache on Oracle Linux 8
How to Install Kanban Kanboard on Oracle Linux 8
How To Install Kamailio SIP Server on Oracle Linux 8

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2008 Lookout Dr,

Dallas, Texas 75044

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom