Happtique Halts Mobile Health App Certification

Posted on December 20, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’ve written a number of articles over the years about Happtique. Much like I railed against the meaningless CCHIT certification, I felt that Happtique was the same as CCHIT but for mobile health. I was partially comforted by the criteria that came out because they were so general and broad. They were still meaningless, but I felt they could have been much worse. Either way, I don’t think a certification has any value when it comes to mHealth. They don’t know how or can’t measure the right things.

As the tweet above mentions, Happtique as halted their app certification after a developer revealed a number of major security holes in 2 of the Happtique certified apps.

The blog posts on the developer site are well worth the read. The thing that stood out to me was how the security issues were very simple security practices. It wasn’t like the developer used some complex hack to find the security holes. The passwords were stored in plain text. I mean really? They didn’t use any encryption in transit. Amazing!

Of course all this reminds me of all the HIPAA breaches we hear about where a laptop wasn’t encrypted. There are at least a few things in healthcare that should be considered no brainer decisions. Encryption is one of them.

Hopefully a number of good things will come out of this situation. First, people won’t trust a mobile health certification. Second, mobile health developers will see that they need to take security and privacy more seriously.

I created a little poll for you to share your thoughts on mobile health app certifications. Plus, feel free to pontificate in the comments.