Skip to content

3 reasons to prioritize and protect privacy in healthcare apps


With tips and links on how to approach them for full health data security.


With tips and links on how to approach them for full health data security.

You aren’t imagining it: inflation and costs of living in the US are rising faster than medical costs. And in the wake of Covid-19, it’s natural that hospital systems are strategizing ways to provide treatment options for patients in their own homes. It’s a great, cost-and-time-saving measure for both sides. Or isn't it?

Reasons to prioritize privacy in home healthcare:

Look at the statistics

A quick overview of the numbers will give you an idea of how big the scale of digital home healthcare is. A pre-2020-pandemic study from the National Library of Medicine found that 30% of all emergency room visits in the U.S. are considered non-urgent. How many people is that? Hard to specify, but we can easily put that number into dollars - solving these non-urgent cases outside of the medical facility would mean $4.4 billion in annual savings.

So naturally, healthcare is shifting from the clinic to home and leaning into telehealth to improve patient care and access to treatment by increasing medical response systems and decreasing wait room times and cost of care. That’s clear. What is not clear is how these systems treat the data that patients want to share with the doctors. And with the doctors only.

More specifically, there is an urgency to prioritize users’ and patients’ privacy. Despite universal and international laws, recent survey showed that out of 23 apps collecting personal health-related data, only 13 (57%) provided users with information on data security. Proving that some mobile healthcare app development companies have a loose relationship with data security.

We don’t, and here’s why — here are 3 measurable, actionable, and budget-related reasons why privacy in your healthcare app is not just a must-have. It’s a priority.

1. Timing

More companies developing at-home healthcare solutions mean a wider choice for patients, but also a bigger push from governmental and administrative institutions to verify services. So when digital health adoption is rising, making the protection methods of transporting and maintaining virtual medical records and Electronic Health Records (EHR) more important than ever. 

Operating outside of the safe-walled security protocols of the on-site hospital network does not exempt personnel from following the industry-wide privacy standards. Mainly the Health Insurance Portability and Accountability Act (HIPAA). Hospitals update and secure their encrypted data storage systems and devices. But what about telehealth and traveling home healthcare personnel?

The time is now, yet with unclear guidelines, we seek them by obeying the...

2. Law

HIPAA compliance regarding home healthcare poses challenges that don’t exist in a brick-and-mortar hospital. And it puts even more responsibility on both medical institutions and the medical staff.

Home healthcare workers must know how pertinent and protected information should be secured. This means implementing a security policy for data creation, access, storage, and disclosure using electronic devices.

Electronic Protected Health Information (ePHI) is protected by the Technical Safeguards of HIPAA. As such, the devices that transport and store that information should be well-guarded against unauthorized parties. Hospitals providing at-home care should employ tools like HIPAA-compliant text messaging apps that can integrate with EHRs.
Similarly, there are widely accessible safeguards that are simply non-negotiable for practicing proper at-home patient privacy. Such as updated EHR software and hardware, up-to-date administrative practice protocols, staff education and training, EHR access control, and recovery and encryption capabilities.

In a worst-case scenario where protected health information is accessed without permission, HIPAA-covered entities must provide a notification of the breach. And actually, there’s a law for that. More specifically, the Breach Notification Rule requires notification within 60 days with a description of the breach and any steps the affected individual should take to protect themselves from potential harm. This includes a provision for the administration to take reasonable action to mitigate that harm.

The maximum penalty for non-compliance?
$1.5 million, per violation category, per calendar year.

HIPAA's report on data breach - screenshot
HIPAA's website includes a publicly accessible report with all the breach cases under investigation. It's updated daily. The companies' names were taken out of this screenshot.

3. People

Whether it’s patients or medical staff, if you want them to use (and reuse) your mobile app for healthcare, they need to trust it. Which is why we must hold patient trust in the highest regard.

Regulators give clear guidelines, but what do we mean when we say “privacy” in the context of day-to-day life? Ironically enough, the law defines that too. The American Law Register facilitates “privacy” for fundamental values like personal autonomy, respect, individuality, and self-worth.

These values are easy to understand but difficult to implement if you haven’t taken the time to know your healthcare app’s users. Their needs, fears, and common struggles. Which is why, in Untitled Kingdom, during Discovery Workshops (which we conduct for every project we collaborate on), one of the first things we explore is users’ types & needs. It’s the building tissue of the user journey; therefore, it determines the data types your healthcare app should and should not store.

It’s easy to imagine a scenario in which identifiable health information is unjustly disclosed to an employer, insurer, or family members, resulting in stigma, embarrassment, and possibly even discrimination. In fact, it's already happening.
It should be obvious, yet it needs to be stated: without fostering a sense of safety and security, patients will not be willing to disclose their health data to systems, which could cause life-threatening situations without proper diagnosis.

Closing statement: why ethical health research means protecting the privacy

Ethical health research and privacy protections are key drivers of a successful healthcare system and are invaluable to society. The research confirms that and it proves that it works the other way around, too - Health Research & Development is crucial to improving human health and care. But making it ethical means that the main concern is protecting personal privacy to protect the interests of individuals.

Bringing healthcare home and developing mobile healthcare apps are already stepping stones. It means saving more lives by making doctors more accessible. And it means using technology that is often more modern than solutions available in the hospitals. Yet, none of it will happen if every healthcare app development company will not keep patients’ privacy and dignity in mind. If you’re developing digital health solutions, transform fulfilling your users’ needs into your business model. And don't build your business around exploiting them.

By Bartek Hugo Trzciński

Head of Technology by day and software engineer by night. Recently solving more problems in business and mangement than in code - hard to tell which one is more fun. Local dev groups activist. Automotive enthusiast. Boosted Board shredding champ. The best companion to dance and to give you a ride.