查看文章

Protecting personal health records is becoming increasingly important as more people use Mobile Health applications (mHealth apps) to improve their health outcomes enabling consumers. With the increase of mHealth apps accessibility and usability, it is crucial to create, receive, maintain or transmit protected health information (PHI) on behalf of a covered entity or another business associate. The Health Insurance Portability and Accountability Act (HIPAA) provides guidelines to the app developers so that the apps must be compliant with required and addressable Technical Safeguard rules. However, most mobile app developers, including mHealth apps are not aware of HIPAA security and privacy regulations. We have investigated more than 200 top popular Medical and Health & Fitness category Android apps collected from Google Play Store. We identified from the comparative analysis of the HIPAA rules assessment report that authorization to access sensitive resources, data encryption-decryption, and data transmission security is the most vulnerable features of the investigated apps. We recommend to app developers the most common mistake done at the time of app development and how to avoid these mistakes to implement secure and HIPAA-compliant applications. The proposed framework enables us to develop an IDE plugin for mHealth app developers and a web-based interface for mHealth app consumers.