HIPAA stands for Health Insurance Portability and Accountability Act. In 1996, Congress enacted a law to protect and keep private medical records and personal health information of individuals. The law protects all “individually identifiable health information” or PHI (protected health information). This law ultimately affects the way information is stored and shared over technology, including mobile apps. Therefore, before embarking on a mobile app project that involves storing or sharing health information, you should conduct some research on whether or not your mobile app should be HIPAA compliant.

When it comes to understanding HIPAA compliance and your mobile app, there are a lot of complexities, mostly due to the ambiguity around what exactly is considered PHI (protected health information). It’s also not so cut and dry in terms of what apps need to be compliant or not. As a general rule, it really falls down to what information is being collected. Consumer apps that are collecting information, such as calorie count and weight loss information, typically don’t need to be compliant. For example, the Google Fit and Apple Health apps are not collecting any PHI, so HIPAA compliancy is not necessary in these cases. On the other hand, medical apps are usually up for deeper scrutiny. If an app will be used by medical personnel, then there’s a good chance that the app will fall into the category of needing to be compliant.

There are a few questions that often come up when thinking about building a mobile app that will be collecting and storing health information:

What exactly is HIPAA?

Does my app need to follow HIPAA compliance?

Should I avoid collecting of PHI altogether?

What are the penalties if my app does not fall within HIPAA compliance?


We asked a few experts for their input in the area of security, privacy and HIPAA. We spoke to experts about the areas of specific classifications and grey areas when it comes to HIPAA, as well as legal ramifications and secure technology options to think about when building out an app.

….Read the full post here.


“… the key thing to know is that any mobile app using personal data should always be designed with security and privacy in mind.”

Bobby Gill gives us a deeper insight into what you should think about before coming to a mobile app development team…

What should anyone looking to create an app that collects personal data think about before beginning work with a mobile app developer?

There are complexities when it comes to HIPAA and mobile app development, but it’s all about making sure it’s done in the right way. HIPAA is a very specific law that affects anyone dealing with users’ personal health information. We, as mobile app developers, are just as liable as the Covered Entity or (CE), so it’s crucial for us to understand what’s the purpose of the app, who will be using it, and what information will be stored, collected and shared. It can get especially complicated when you factor in authorization and who is entering the personal health information. We will want to know who is entering the data. Will it be entered by the user? Or will doctors and medical personnel be entering the information? We will also ask questions such as where will connections be established? In office or at-home? For example, will a user first register and login in front of a medical administrator or at home? This can be tricky because if done at home, how can you verify that person’s actual identity? There are a number of nuances when it comes to HIPAA, the key thing to know is that any mobile app using personal data should always be designed with security and privacy in mind.

….Read the full post here.


For additional references on HIPAA compliant apps, there are a number of sources available that you can refer to across the web. We’ve compiled a list of a few helpful resources below:

Health & Information Privacy on HHS.org

Your Mobile Device and Health Information Privacy on healthit.gov

Mobile Data Security and HIPAA Compliance on hipaajournal.com

Security and DevOps tools for engineers on aptible.com

HIPAA Compliance Checklist on truevault.com

Electronic Code of Federal Regulations on ecfr.gov

Blue Label Labs is a full service mobile app development agency located in NYC. To learn more about our work, contact us. This blog should not be used as counsel or in any legal capacity whatsoever. No guarantee is given regarding the accuracy of any statements or opinions made on the blog by Blue Label Labs or any of it’s contributors. This blog post is for information purposes only and shouldn’t be seen as privacy and security, or legal advice in anyway. As always, everyone’s app is unique, it’s best to reach out to us directly for any specific inquiries regarding your app.

….Read the full post here.

A version of this post was also published on Blue Label Labs’ blog Idea to Appster, you can find this post and other topics written by us here or at www.bluelabellabs.com

Want to stay up to date with Idea to Appster? Click here to signup for monthly updates!