Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build
Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions
Page standards status: Informative |
This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s devices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the consumer’s device(s) and other locations.
APU.4#83 | SHALL |
PHI and PII stored on a smartphone is stored as encrypted values. |
APU.4#84 | SHALL |
PHI and PII stored by the mobile app on any external server is stored as encrypted values. |
APU.4#85 | SHALL |
Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app. |
APU.4#86 | SHOULD |
Improve and/or upgrade encryption cipher and suites to match evolving best practices. |
APU.4#87 | SHALL |
PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values. |