— telecareaware (@telecareaware) December 13, 2013
We’ve written a number of articles over the years about Happtique. Much like I railed against the meaningless CCHIT certification, I felt that Happtique was the same as CCHIT but for mobile health. I was partially comforted by the criteria that came out because they were so general and broad. They were still meaningless, but I felt they could have been much worse. Either way, I don’t think a certification has any value when it comes to mHealth. They don’t know how or can’t measure the right things.
The blog posts on the developer site are well worth the read. The thing that stood out to me was how the security issues were very simple security practices. It wasn’t like the developer used some complex hack to find the security holes. The passwords were stored in plain text. I mean really? They didn’t use any encryption in transit. Amazing!
Of course all this reminds me of all the HIPAA breaches we hear about where a laptop wasn’t encrypted. There are at least a few things in healthcare that should be considered no brainer decisions. Encryption is one of them.
Hopefully a number of good things will come out of this situation. First, people won’t trust a mobile health certification. Second, mobile health developers will see that they need to take security and privacy more seriously.
I created a little poll for you to share your thoughts on mobile health app certifications. Plus, feel free to pontificate in the comments.