Happtique Halts Mobile Health App Certification

We’ve written a number of articles over the years about Happtique. Much like I railed against the meaningless CCHIT certification, I felt that Happtique was the same as CCHIT but for mobile health. I was partially comforted by the criteria that came out because they were so general and broad. They were still meaningless, but I felt they could have been much worse. Either way, I don’t think a certification has any value when it comes to mHealth. They don’t know how or can’t measure the right things.

As the tweet above mentions, Happtique as halted their app certification after a developer revealed a number of major security holes in 2 of the Happtique certified apps.

The blog posts on the developer site are well worth the read. The thing that stood out to me was how the security issues were very simple security practices. It wasn’t like the developer used some complex hack to find the security holes. The passwords were stored in plain text. I mean really? They didn’t use any encryption in transit. Amazing!

Of course all this reminds me of all the HIPAA breaches we hear about where a laptop wasn’t encrypted. There are at least a few things in healthcare that should be considered no brainer decisions. Encryption is one of them.

Hopefully a number of good things will come out of this situation. First, people won’t trust a mobile health certification. Second, mobile health developers will see that they need to take security and privacy more seriously.

I created a little poll for you to share your thoughts on mobile health app certifications. Plus, feel free to pontificate in the comments.

About the author

John Lynn

John Lynn

John Lynn is the Founder of HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

1 Comment

  • When it comes to clinical quality, workflow and UX, let the end users decide what works best for them. When it comes to security, there are already a number of third party certifications available. I’d much rather the market decide (and get a little burned along the way) than promoting a false sense of value.

Click here to post a comment