While the tech media was intrigued by wearable technology and the growth of fitness and health apps, many savvy IT minds had serious doubts about how these devices would secure the massive amount of medical data they generate. As it turns out, Apple shares these concerns.
According to The Washington Post, Apple is demanding higher security measures for fitness apps for its iPhone 6 and iWatch devices. This means app developers…
- May be subject to FTC regulation.
- May be subject to HIPAA and HITECH rules – two strict laws that regulate how personal health data can be stored and transmitted.
- Cannot use health data for targeted advertising or share data with third-party companies that would use it for advertising.
Many app developers don't have experience with healthcare IT and might not even be aware that health-related data breaches are punished severely – often with million-dollar fines. Let's examine what you need to know about health data liabilities and Apple's new standards for app makers.
iPhone 6 and iOS 8: Higher Standards for App Developers
In order for application developers to take advantage of Apple's new wellness platform HealthKit, they'll need to follow higher data security standards. To understand why Apple is increasing its standards, we'll look at how the iPhone 6's new health apps work.
HealthKit doesn't track user health information. Instead it provides a place for users to centralize all their health data from other apps and devices. For example, if a user has a pedometer, they can set it to share information with HealthKit. Data from scales, dieting apps, and sleep trackers can all be synced to appear in HealthKit.
But all this data brings significant risk for mobile developers. In many cases, the law requires health data to be encrypted whenever it is stored or transferred. In addition, businesses have faced major scrutiny for sharing health data with advertisers. With its new guidelines, Apple is trying to nip these problems in the bud and make sure developers follow best practices.
What does this all mean for IT professionals? Frankly, it means that you're suddenly exposed to more data risk. Any data exposure, problems with encryption, or other mistakes could lead to a massive lawsuit filed against your business.
Understanding Health Data Liabilities: Why Apple Says No to Cloud Storage
It's a general rule that wherever there is more data, there will be more liability and risk of lawsuit. Perhaps this is why Apple specifically told developers they shouldn't use iCloud to store user health data. If it seems strange that Apple is warning developers not to use one of its major products, think again. Apple, as much as is possible, is trying to limit its own risk exposure by shifting data security liability onto developers. Data breaches involving health records can lead to major fines (see: "$1.2 Million Fine Highlights Risk for IT Contractors Working with Healthcare Clients").
Mobile developers need to make sure that they…
- Follow all established developer guidelines.
- Take necessary measures to secure user data, including encryption and clear privacy policies.
- Acquire adequate insurance coverage to cover data breach risks.
As the tech world increases its expectations for security, courts will likely follow suit and hold developers liable in data breach lawsuits. Now is a good time to make sure your business is protected from these lawsuits with an Errors and Omissions Insurance policy.
To learn more about mobile development liability, read about IT insurance policies for app developers.