Developers and HIPAA

Must a mobile app PHR be password protected

A covered entity provides test results to patients through a Patient Mobile App or a Website. Patients must request access and data is transmitted securely.


Once the patient has custody of the PHI (as a downloaded report on the website, or as received data on the mobile device, is the Covered Entity responsible if the patient loses their own data? Is it required, for example, that the Mobile App be password protected? What if unrelated malware on the patient's device or computer transmits the PHI?

Tags (If you have a multi-word tag, add a hyphen (-) between the words.)


1 vote
1 up votes
0 down votes
Question No. 95