Oleksiy Mark - Fotolia
When it comes to HIPAA compliance, patients and providers are not the only ones who should have a vested interest. Now that mobile has become increasingly popular -- and helpful -- in the traditional healthcare setting, application developers working in the healthcare space need to think not only about whether they are bound by HIPAA, but also about a robust HIPAA compliance plan.
Jason Wang, founder and CEO of Truevault, a HIPAA-compliant API and cloud data store for healthcare software applications based in San Jose, Calif., and David Reis, vice president of information services and CISO at Lahey Hospital and Medical Center in Burlington, Mass., offered their advice for application developers navigating HIPAA.
How should app developers approach creating a robust HIPAA compliance plan?
For app developers trying to navigate the complexities of HIPAA -- or trying to figure out if they need to stick to a strict HIPAA compliance plan -- Reis and Wang suggested perusing resources HHS has provided in addition to the guidance for app developers HHS recently released.
Wang also advised that app developers get an official opinion and consult lawyers who are experts in this area.
Don't rush it, he said. Do it right.
"The last thing you want is to do something and build something wonderful and have a lot people find out you're in violation of HIPAA, and you have to start all over again," Wang said. "That's soul crushing."
Even so, having a HIPAA compliance plan may not be enough, Wang warned. Being HIPAA compliant is one thing, but data security is another, and it's "extremely important," he said.
Reis suggested app developers lead with security best practices, and then HIPAA compliance will naturally follow as a byproduct.
"If we build information security into the app that's being developed, then whether HIPAA applies directly or doesn't apply directly becomes more of a secondary concern because all the things that are required to be HIPAA compliant would have been done," Reis said.
He added that other helpful resources for app developers are hosting services like Amazon Web Services (AWS). He explained that underpinning many applications are hosting services, and AWS has published a white paper on how to use AWS to be HIPAA compliant.
Ultimately, however, Reis said, "as long as the app developers are following [industry standards and security frameworks], then demonstrating or developing compliance becomes a much easier thing to do."
Hospital's secure texting fosters HIPAA compliance
Use effective privacy, security controls for HIPAA compliance
2016 will be the year of the OCR HIPAA audits
Dig Deeper on HIPAA (Health Insurance Portability and Accountability Act)
Related Q&A from Kristen Lee
Two experts agree: AI will become essential to healthcare. AI can help providers step away from the EHR and enable precision medicine. Continue Reading
Vendors demonstrate that interoperability is possible when it comes to patient medication information. This makes CIOs hopeful for the future. Continue Reading
Healthcare should be getting ready for the cloud. At least, that's what one health IT expert thinks. Read his thoughts on cloud computing healthcare ... Continue Reading