HIPAA Regulations Threaten To Hold Back Apple’s HealthKit

Eric Zeman
Jun. 04 2014, 11:41AM EDT

Apple revealed its intent to enter the healthcare market by adding two new components to iOS: Health, a separate companion app, and HealthKit, a hub for third-party apps related to health and well-being. Health is Apple's own application meant to help iPhone and iPad owners keep track of their health and fitness statistics, such as calories burned, weight fluctuations, and sleep patterns. HealthKit is for developers - who need to be careful about staying on the right side of the law when it comes to the privacy of healthcare information.

HealthKit collects data points from a variety of sources, such as Nike+, Map My Fitness, Endomondo, or FitBit. HealthKit takes the data and creates rich health profiles that cover a wide range of bases. The important part of HealthKit is that it can then communicate these data points with third-party apps.

While on stage during Monday's WorldWide Developer Conference keynote, Craig Federighi, Apple's head of software engineering, explained how it works, citing the Mayo Clinic' app as an example. "With the Mayo Clinic's integration with HealthKit, they're going to be able, say when a patient takes a blood-pressure reading, HealthKit automatically notifies their app, and their app is automatically able to check whether that reading is within that patient's personalized care parameters and threshold, and if not, it can contact the hospital proactively, notify a doctor, and that doctor can reach back to that patient, providing more timely care." Very interesting, but also very dangerous for developers.

Such apps will be subject to the federal government's HIPAA guidelines, which serve to protect consumer healthcare data. Apps that aren't HIPAA-compliant can get their developers into big trouble.

TrueVault, a company that helps apps achieve HIPAA compliance, recently published a guide for developers that explains the technical and legal requirements of creating healthcare apps.

"Anyone can choose to store their own health information on their mobile device, and many people do that already with apps that track things like heart rate, calories burned and blood-sugar levels," explained Jason Wang, founder and CEO of TrueVault. "But as soon as they share data with a medical professional, it becomes subject to HIPAA regulation."

Apple clearly has large ambitions for HealthKit. "We're also working with leaders in healthcare applications like Epic Systems," continued Federighi. "They provide the technology that enables hospitals serving over 100 million Americans. Now with their integration with HealthKit, patients at leading institutions will be able to get closer in sharing their information with their doctors."

Large healthcare systems, such as hospitals and universities, are already well aware of what they need to do to remain HIPAA compliant. TrueVault's Wang worries that many smaller, independent developers won't realize their apps need to follow the letter of the law, and hopes they take advantage of TrueVault's guide. The guide explains how apps might be used to store or share what the government considers to be Protected Health Information. It also provides information that will help developers understand the administrative, technical, and physical security aspects of HIPAA that need to be built into their app. Further, TrueVault is preparing its own SDK for iOS 8 in order to aid developers.

In sum, HealthKit offers developers a great opportunity to tap into a massive ecosystem. Before rushing in, however, app writers need to make sure they're up to speed on the laws governing healthcare and health information.

Eric Zeman I am a journalist who covers the mobile telecommunications industry. I freelance for Programmable Web and other online properties.

Comments