The mobile app and wearables market in health care is booming, most recently evidenced by Apple’s entry into the market with its widely-anticipated “HealthKit,” a purportedly secure platform that allows mHealth apps to share user’s health and fitness data with the new Health app and with each other. But mobile apps, particularly those used by health care organizations, can allow unauthorized access to patients’ Protected Health Information if not evaluated for security and privacy risks. For guidance on how to address these risks, click here to see our post at Privacy & Security Matters on the draft Technical Considerations for Vetting 3rd Party Mobile Applications (the Vetting Report) issued by National Institute of Standards and Technology (NIST) in August 2014.
NIST is seeking comments on the Vetting Report until September 18th, so there is still time for organizations contemplating a third party mobile app vetting process to inform NIST of any gaps that remain to be addressed in the Vetting Report. Regardless, all organizations, especially those in the health care industry, that want to use mobile app technologies in their operations should use the Vetting Report and NIST’s other guidance publications, in conjunction with the advice of experienced health care privacy counsel, to develop their own privacy and security evaluation processes to help weed out the mobile apps that may create risks of security incidents and breaches.