Safeguarding Mobile Health Apps

The rise of mobility offers healthcare organizations potential savings due to their high adoption rates and low deployment costs via apps. At the same time, the increasing reliance on mobile devices poses new challenges for healthcare organizations, business associates and providers.



Protecting the confidentiality and integrity of ePHI and the unauthorized manipulation of mHealth (mobile health) apps is essential in promoting trusted communication between provider and patient.

For providers, mobile devices can be used as a decision support tool as a means to look up medical information or to facilitate the exchange of medical image sharing with colleagues, such as specialists. Patients using mobile devices can access medical applications, communicate virtually with their provider, or access their electronic medical records. For both groups, however, there is ongoing risk associated with the leakage of sensitive data, especially when it’s accessed with a personal device and/or via an insecure Wi-Fi network.

Healthcare-mobile apps

Maturing mHealth Processes

mHealth is changing the nature of the provider-patient relationship. Today, more than 90 percent of respondents to an annual HIMSS leadership survey use mobile devices within their organizations to engage patients in their care. This same survey also found that 73 percent of respondents believe the use of app-enabled patient portals has been the most effective tool, to date, in patient engagement.(1)



Regulation and Standards

When it comes to satisfying relevant regulations and standards in mHealth and healthcare related matters there are established as well as emerging regulations and standards to which providers must adhere. These include:

For software applications processing ePHI:

HIPAA Security Rule Recommends the use of FIPS 140-2 compliant encryption products to protect ePHI

NIST SP 800-66 (An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act)

  • Recommends strong authentication for EHRs accessed via mobile devices

  • Recommends encryption for ePHI at rest and ePHI in motion when data is ePHI 

  • Recommends the use of mechanisms to encrypt and decrypt ePHI

NIST SP 1800-1DRAFT (Securing Electronic Health Records on Mobile Devices)

For Mobile Health apps:

  • Several certification programs exist for mobile health apps. e.g., PatientView, HealthTap, Wellocrocy, and IMS's Health Appscript

  • U.S. Food & Drug Administration (FDA) reviews apps that can be considered medical devices. Per FDA guidance, if a mobile app is intended for use in performing a medical device function (e.g. for diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease), it is a medical device, regardless of the platform on which it is run.(2)

(2) 8)

DIGIPASS for Apps Illustration


VASCO’s two-factor authentication hardware tokens enable healthcare workers to securely access patient records and prescribe medications via any mobile device, while meeting the “separate authentication device” rule established by DEA for EPCS compliance. As a result, VASCO protects all data processed by mobile health apps, while enabling developers to integrate security functions into their web-based and mobile applications that ensure their integrity against unintended or deliberate alteration.

emptyDIGIPASS for Mobile:
  • Frictionless, authentication and e-signing experience for mobile users

  • Integrated with VASCO's patented CRONTO technology and Open QR codes

emptyDIGIPASS for Apps:
  • Comprehensive SDK that natively integrates application security, two-factor authentication and transaction signing into mobile applications

  • Drives new levels of interconnected mobile app security and intelligence without performance lags or customer visibility

  • Easy to use
    - Biometric authentication (selfie, fingerprint)
    - Support for push notifications

Related Content

Related Products

This website uses cookies to improve user experience, functionality and performance. If you continue browsing the site, you consent to the use of cookies on this website. Note that you can change your browser/cookie settings at any time. To learn more about the use of cookies and how to adjust your settings, please read our cookie policy.