Ensuring Protection of Sensitive Data in Messaging Apps via Access Levels

Nearly every industry optimizes communication processes and private information sharing. But in the healthcare industry, this is complicated by the need to implement increased security measures for user data protection.

One patient may be surrounded by an array of relatives, medical staff, and social workers. All of them discuss and share information on the treatment, with varying levels of involvement. 

How can you improve this communication while protecting the patient’s data? By implementing a software solution with communities, sometimes called care circles. 

Such communities should bring together all those close to a patient’s treatment and ensure a secure connection between them. Let’s figure out what these communities are.  

Communities as a win-win solution for secure chats

Social networks like Facebook offer a great example of digital communities where any user can surround themselves with whomever they like. There are lots of Facebook communities built around interests and causes. 

The same logic has been borrowed by healthcare organizations to enable patients, relatives, and health professionals to build communication channels around one issue (i.e. a course of treatment). 

There’s always one individual — the creator/admin of the community — who decides who can join and sends requests to potential members. Each member may have a different level of access to information shared within the community depending on the permissions set by the admin.

Community-based apps may have one or several types of circles depending on their complexity. Carely, a family caregiving app, allows a user to create just one circle to gather all family members in one place. 

eCuris, a medical app developed by Yalantis, has three types of circles. The first includes a patient and all their family members. The second gathers a doctor and the team responsible for a particular patient, including nurses and caregivers. The last circle incorporates all medical staff along with the patient and their relatives.

Care-circle-in-Carely 

Read also: How to build a logbook app for EHRs

Feed as a central place for communication

Just as with social media, community-based apps may have a feed — the main screen of the app — where most of the discussion takes place. 

Carely provides a Care Feed. This is where family members and friends of elderly people can gather to manage their caregiving and share news. 

Users of community-based apps should also be able to create private chats with individual group members. 

When a user registers in eCuris as a patient, chats are automatically created for healthcare professionals, family, and all users related to the patient. The main chat in eCuris is the Healthboard. This is where all communication happens between patients, their relatives, and their healthcare professionals. Patients and family members can also create extra chats if needed.

Healthboard-in-the-eCuris-app

How to ensure security for a community-based app

Any chat app — and especially a medical chat app — will deal with sensitive personal data. Keep in mind the following factors and privacy practices when building an app that’s easy for users to adopt but at the same time reliable and protects your users’ valuable data.

HIPAA compliance for a medical app

Being HIPAA compliant means that an app adheres to HIPAA security and data privacy standards. The tricky part is usually not figuring out how to comply with HIPAA but rather determining in what cases the HIPAA Privacy and Security Rules apply. 

We suggest you research regulatory compliance in light of the peculiarities of your app. Our article on HIPAA requirements and other regulations related to medical software will help you get closer to understanding if your app has to comply with HIPAA.

HIPAA compliance for cloud storage

For cloud storage, we suggest you choose between Google Cloud Drive, Microsoft One Drive, Amazon, and Box, as these services focus on HIPAA compliance. 

Yalantis chose Amazon as the cloud storage provider for eCuris since Amazon provides a computing platform that can support healthcare apps in a manner consistent with HIPAA requirements.

Data encryption
 
The use of encryption security technology guarantees that the contents of messages can’t be read even if the messages are intercepted by cybercriminals. Secure healthcare messengers differ from other popular messengers in that copies of messages aren’t stored on routing servers and can’t be intercepted on public Wi-Fi. This level of security is assured by encrypting PHI (protected health information) and encapsulating it in a unique communication channel. Only authorized users have access to this channel after verifying their identity by means of a username and password.

User authentication

You can protect your app from unauthorized use with multi-factor authentication (MFA). This type of access control requires a user to provide multiple proofs that they’re an authorized user. If a user’s device is lost, MFA prevents unauthorized access to their data. 

With two-factor authentication (2FA), the system asks users to confirm their identity by entering a password and any second factor of identification. This may be a user’s biometric identifier, which can be obtained with fingerprint or iris scanning. Or it may be a verification code contained in a text message. Implementing 2FA is usually enough to make sure that only authorized users can access data.

User permissions

For a community-based app dealing with sensitive data, it’s vital to provide different permissions depending on the user type. In eCuris, users have limited access to patient data based on their roles. 

For instance, a caregiver has access only to patient information required for caregiving. A caregiver can also do things such as change profile data and send chat invitations on behalf of an incapacitated patient. A doctor, in turn, can do things like appoint a deputy. 

An admin can apply different settings to each user depending on the user’s role. These settings designate each user’s capabilities in the system and level of data access. 

Message expiration and logging out

An end-to-end encrypted messaging app won’t save a user if their phone is compromised or stolen and its contents can be accessed. You should strongly consider setting an expiry timer on in-app conversations to ensure that older messages will be deleted and disappear. 

There’s also a log off feature that falls under HIPAA standards. A HIPAA-compliant app has to automatically log off a user after a defined interval. This ensures that nobody will be able to use a session except for the authorized user.

Protecting a healthcare app from penetration

Many different types of attacks, including man-in-the-middle and phishing attacks, pose a threat to sensitive data. 

We suggest you research types of attacks and figure out what types of attackers might be interested in the data transmitted through your medical app. This knowledge will help you prevent or handle threats effectively.

Read also: How to develop a successful anonymous social networking app

How can you use the data you collect?

Dealing with sensitive data is not only challenging but also might be effectively applied for monitoring of patients’ health. Take surveys, for example. In eCuris, we needed to monitor patients’ health and make sure doctors get systematic updates about their patients’ conditions. So we implemented a survey feature in the form of a customized questionnaire appearing on the Healthboard. 

Admins can create surveys to track a patient’s condition or measure a patient’s satisfaction with the service. Alerts are sent to doctors based on the information given by patients in surveys (for instance, data that indicates rapid weight gain).

Surveys-in-eCuris

What to season your community-based app with

Community-based apps are each different. But all of them are based on people’s concern about and care for people who are close to them. The following features are commonly implemented in medical and non-medical community-based apps and are likely to attract and please users. 

Geolocation. Location sharing enables trusted users to see each other’s real-time whereabouts and past location history. Life360, a private circle app, allows all members of a circle to view the real-time location of other members on the map. Users can also receive push notifications if another linked user enters or leaves their most frequented places. Family Locator, an app with a private family chat feature, is designed for keeping track of family members’ locations. 

Integration with smart devices. The ability of app users to be informed about the state of their loved one’s health might be ensured through more than communication. eCare21, a healthcare platform linking friends, family, and healthcare specialists, provides real-time patient monitoring through smart devices. Thanks to such integrations, the platform monitors indicators including glucose, blood pressure, physical activity, and medication adherence.

SOS alerts. In case of emergency – for instance, if a patient is having a heart attack – the ability to call for help is difficult to overestimate. Life360 takes care of their users by implementing a Help Alert button. When this button is pressed, the user’s location is instantly sent to all emergency contacts. In addition, the app provides a vehicle crash detection feature. Life360 uses a phone’s sensors to detect collisions, after which an assigned manager calls the driver or a passenger. If there’s no response, an ambulance is sent to the location. 

Geolocation-in-Life360

The road from the app idea to fully developed data secure medical solution is bumpy. We’re happy when customers we’ve developed healthcare software for come back to us for future versions — like eCuris did. They recently asked Yalantis to build the second version of the eCuris platform. We’ll help you avoid the pitfalls of medical app development just like we’ve done for eCuris.  

4.8/ 5.0
Article rating
20
Reviews
Remember those Facebook reactions? Well, we aren't Facebook but we love reactions too. They can give us valuable insights on how to improve what we're doing. Would you tell us how you feel about this article?
Want to build a medical app?

We’ll gladly help you!

Contact us

We use cookies to personalize our service and to improve your experience on the website and its subdomains. We also use this information for analytics.

More info