Of the three main components of HIPAA — the Privacy Rule, the Security Rule, and the Breach Notification Rule — the Security Rule is one that is particularly relevant to health application development in the healthcare sphere. The majority of these applications, from patient portals to mhealth apps, store or transmit electronic Protected Health Information (ePHI). It’s essential to keep this information safe, and the Security Rule has in-depth guidance on the extent to which this needs to be accomplished, but with a fair amount of flexibility as to the strategies for implementation.
Here, we decode the Security Rule as it applies to patient portal and mHealth app development, specifically in regards to user authentication. In Part 2 of this series, we cover auditing, and in Part 3 we discuss issues related to data transfer, such as encryption and notifications.