1

I am building a health app for Android and that need to be HIPAA compliant.

Is it allowed to store user activity data in SQLite database?

CL.
  • 173,858
  • 17
  • 217
  • 259
Techie Manoj
  • 432
  • 3
  • 14

1 Answers1

0

HIPAA says that you must

Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights […]

How do you prevent somebody who steals the device from viewing health information? At a minimum, you have to encrypt the database, and the encryption key must not be stored on the device.

CL.
  • 173,858
  • 17
  • 217
  • 259
  • Does it mean "No, we cannot without encryption in all cases"? What if it is not PHI(protected Health Information) and is also anonymised. – Techie Manoj Sep 28 '17 at 11:44
  • Then why does it need to be HIPAA compliant? – CL. Sep 28 '17 at 12:14
  • If the data is related to what user eats, drinks or how much he do exercise. Does this go beyond the purview of PHI, this is my doubt? – Techie Manoj Sep 28 '17 at 12:28
  • That would be a legal question, and off topic here. – CL. Sep 28 '17 at 12:37
  • @Techie Manoj If the app is used in a health care facility and it contains patient information it needs to be HIPAA compliant also if you are caring or providing a service to a patient that medicare reimbursed you for that care same story HIPAA compliant Go read HIPAA rules – Vector Oct 08 '17 at 00:52