One of the most exciting areas I see in modern healthcare IT is the prescribing of apps to patients in lieu of, or in combination with, pharmaceuticals. There is a growing body of evidence that carefully curated apps can be effective in helping patients manage their own care, particularly in areas such as behavioral health.
Imagine my delight when I read an article in MedCity news talking about a series of pilot studies conducted at Mount Sinai using a tool called RxUniverse that allows clinicians to easily prescribe curated apps to patients – something I have waited nearly a year to see come to fruition.
When we talk about curated apps it’s important to understand that apps must be viewed from both a medical and an IT perspective. Apps that don’t work are bad, but apps that leak patient data onto devices, or store data in the cloud in unencrypted form, are potentially equally harmful to a patient concerned about their privacy.
Assessing apps from a security perspective it a complex activity that requires significant expertise and time.
- In many cases, it may be necessary to audit the cloud-based infrastructure of the app provider to see if they have encrypted data at rest, provided solid audit trails, and done all the other things needed to comply with HIPAA/HITECH. Just because a developer relies on Amazon Web Services and has signed a business associates agreement with them, it can by no means be assured that they have correctly configured the security features of the product.
- Once cloud infrastructure has been assessed the app itself must be inspected to ensure that it doesn’t leave traces of protected health information on the device, as well as making sure all communication with the cloud is performed in encrypted form.
Startups are not always well versed in healthcare IT privacy and security and it’s easy to make unintentional mistakes during the development process that can lead to serious consequences down the line.
Caveats aside, the field of patient apps is growing rapidly and will soon be a part of every physician’s practice. It’s important that we can feel assured that such apps are safe, effective, and secure before we use them, and the emergence of curated app stores is a great step in the right direction.