Mobile health apps offer exciting opportunities in the healthcare industry, offering providers the ability to expand patient care beyond the limits of the clinic. Yet even though wearables and health app usage has doubled over the past two years, and health apps continue to dominate app stores, developers still struggle to build apps that plug in to the needs of a regulation-centered industry in meaningful ways. Thankfully, the industry is responding.

The most recent response has come in the formation of Xcertia, a multi-stakeholder collaboration between the AHA, the AMA, DHX Group and HIMSS. Xcertia, a nonprofit organization, promotes best practices for mobile health apps and gathers input around app creation and use from members of the healthcare community.

On a regulatory level, the FTC maintains a list of mobile health app best practices to help developers create high-quality apps that align with industry standards. When identifying the apps best-suited to their organization’s needs, healthcare stakeholders should look for apps that possess the following features, as outlined by the FTC:

1. Minimal Data Collection

Patient data collection requires careful scrutiny of industry regulations. The FTC recommends that mobile health apps collect data only if the data is integral to a product or service. Additionally, a well-developed app must be able to secure, transmit, store and eventually delete the data.

2. Limited Access and Permissions

In an era of smartphones and apps that access everything from locations to contacts, many consumers don’t question why an app would need to pull certain information. A responsibly designed app will use trusted user interface as much as possible, as opposed to direct API access, and use those trusted components only when it makes sense, in order to minimize unnecessary data collection.

3. Secure Authentication

Healthcare records and information are valuable to patients, healthcare professionals and, unfortunately, hackers, so using authentication as a method of improving application-level security should be a primary concern during development. From the beginning, developers and owners should invest in designing, implementing and testing app authentication. If the risk of illegitimate access is high, options such as multifactor authentication should be considered.

4. Compatibility

Mobile platforms differ by API, security features and permissions. A well-built app should be developed only after researching these differences, and it should adapt codes as needed to protect user data. These questions become more complex when third-party service providers are introduced. Responsible developers work to ensure data is protected, and they communicate their expectations and requirements to any entity they’re working with.

Keep patient data secure in the mobile era.

White Paper

Download this free guide to keeping your healthcare apps secure. Download Now

5. Application-level Security

Well-developed mobile health apps are built by companies that prioritize security from the ground up. At the minimum, one person is responsible for data security, if not an entire team. Engineers behind the app should have experience in secure coding practices or be trained as needed. Data security should be a priority at every stage in the app’s lifecycle, from design to development to launch, all the way to post-market. Since healthcare threats are always evolving, security measures will need to do the same.

6. Resources for Security Improvements

Security is a concern across the board, so naturally, multiple resources for improving application-level security exist. These come in the form of software libraries, software development kits (SDKs), cross-platform toolkits and free tools that can be used to improve encryption, navigate pre- and post-launch testing, check password strengths, test interfaces and reverse engineer programming code.

7. Clear Communication

A well-designed app talks to its users in a clear, simple way. In healthcare, it’s especially important to avoid jargon as much as possible. Developers should acquire clear consent before gathering any information, both during installation and at any point afterward, and the app must include an easily accessible privacy policy.

8. Compliance With Regulations

For mobile health app developers, this can be especially challenging, since laws ranging from the FTC act, HIPAA and the FTC’s Health Breach Notification Rule, to the FDA’s Federal Food, Drug & Cosmetic Act could apply to all, or parts, of an app. The collection of financial data, the data of young children (under 13) and even state laws will be factors in developing an app that is compliant with the proper legal environments.

There are many other recommendations provided by organizations such as the FTC for creating the best mobile health apps possible. Wise developers, healthcare providers and businesses should review these best practices closely, as 2017 presents an exciting opportunity for the development of mobile health technology that produces truly positive outcomes.

Healthcare IT leaders have a lot on their plates for the upcoming year. Here’s why 2017 is looking to be a breakout year for healthcare technology.

Posts By

Megan Williams

Megan Williams is a consultant and writer who specializes in healthcare technology. She has over a decade’s experience in hospital revenue cycle consulting and holds an MBA with a focus on international business, as well as a degree in hospital administration. She works with growing and established healthcare B2B companies in creating work that is in touch with the latest developments in healthcare, and maintains her work at

View more posts by Megan Williams