In relation to medical software applications, the term HIPAA compliant means that the application meets the technical and physical safeguards of the HIPAA Security Rule. If you are hosting an application in a HIPAA-compliant environment then it does not make the application HIPAA-compliant.
If you build an eHealth or mHealth app that collects personal data about the person using it for the exclusive use of the person using it, the app is not subject to HIPAA compliance for medical software applications. If, however, the personal data collected will be shared with a medical professional or other HIPAA Covered Entity (a healthcare insurance company for example), then the data is considered to be Protected Health Information and the app needs to be HIPAA compliant.
The U.S. Department of Health and Human Services´ Office for Civil Rights can impose fines for breaches of PHI, and – in theory – you could be subject to a penalty for the app not being HIPAA-compliant, even if no breach of PHI occurs. This article has been prepared with relevance to HIPAA and medical software. For information about FDA regulations, please visit the FDA´s “Device Advice” web page.
eHealth and mHealth apps are subject to HIPAA and medical software regulations issued by the FDA. E Com Security Solutions help you to identify whether the eHealth or mHealth app you are developing is subject to HIPAA compliance for medical software applications.
E Com Security Solutions Application Penetration testing services help you to identify the potential vulnerabilities and exploits that affect HIPAA Compliance of your application. Our application advisory and remediation services in relation to medical software applications, ensure that the app meets the technical and physical safeguards of the HIPAA Security Rule.