See the following for considerations on protecting private and sensitive data:
● permissions to use external sites and services
● Logs and outputs – Do not log and output private, sensitive or identifiable information of users working with data from HealthCare Locator.
● Data – Data is read only in:
o HCP and HCO profiles (changes to data in profiles must be submitted to HealthCare Locator for approval)
o messages
● IDs – IDs are in plain text (not encrypted or obfuscated) since the system uses them for identification.
Other considerations for apps:
● KeyedString – Keyed strings are not encrypted or obfuscated so they should not contain any personal or sensitive information that compromises PHI. Apps using keyed strings (to classify and tag users, documents, and resources to facilitate searches) should not expose personal or sensitive information in the metainfo.
● Sending messages – Do not send the PHI (protected health information) of users to anyone. Doing so compromises security—making it not HIPAA (Health Insurance Portability and Accountability Act) compliant.
Other apps on your device, including external sites and services (external URIs), might be specified in profiles of HCPs and HCOs. If a user taps an icon or link to launch an external app or to open an external site or service, then your app must prompt the user for permission before taking them to the external app or site.
After integrating HealthCare Locator within your app and before submitting it to a vendor store, check store guidelines to make sure your app complies with how it uses and shares data from HealthCare Locator. Your app’s privacy practices must be known to users and follow acceptable guidelines of the store before users can download it. For details, see the following:
● App Store – For details, see the following:
https://developer.apple.com/app-store/app-privacy-details/
● Google Play – For details, see the following:
https://play.google.com/about/developer-content-policy/