Chat with us, powered by LiveChat I am working on this assignment to pick a medical health mobile app and use the Happtique guidelines perform thorough review and validation of the app using a 3rd party guidelines. plea | WriteDen

I am working on this assignment to pick a medical health mobile app and use the Happtique guidelines perform thorough review and validation of the app using a 3rd party guidelines. plea

I am working on this assignment to pick a medical health mobile app and use the Happtique guidelines perform thorough review and validation of the app using a 3rd party guidelines. please pick a good medical health mobile app in the USA to perform the review using the guideline or document attached. There are three different types of apps to be considered such optimized apps, hybrid apps and native apps by using assessment following the Happtique Guidelines or Xcertia guidelines. 

 Review the Happtique guidelines   (now named Xcertia) released back in 2013. Going back to the app you discussed (App I recently discussed is AliveCor KardiaMobile App, but you can use other apps) to conduct a formalized assessment of how the app would perform against the Happtique Standards.  You should focus on the four key areas of the Happtique Guidelines (Operability, Privacy, Security, and Content Standards).  

You paper should be organized as such.  Note that some apps may not fit all the requirements laid out in the guidelines.  As such, students are provided a range of latitude in interpreting both the standards and applying the  framework against the app selected (the goal is to engage in a rigorous evaluation to inform future decision making). Please use the rubrics to present a solid plagiarism free paper. I will be working of this paper as well while waiting for this one.

The paper should be 3-6 pages double spaced.  Students should use approximately 4-6 external citations.   

This document contains proprietary and confidential information of Xcertia and shall not be used, disclosed or

reproduced, in whole or in part, for any purpose other than to view this document, without the prior written

consent of Xcertia.

2019 Board Approved Xcertia

Guidelines

Issued on: August 12, 2019

Xcertia mHealth App Guidelines 2019

2019 Proprietary & Confidential 2

The Xcertia Guidelines History

Today’s Xcertia Guidelines were first conceived in 2012. As part of the development process, a panel comprised of

thought leaders in the healthcare industry such as the Association of American Medical Colleges, Mobile Marketing

Association, Healthcare Information and Management Systems Society (HIMSS), the U.S. Food and Drug Administration

(FDA), and other federal agencies, was formed. In the spirit of collaboration, and to seek public input, these guidelines

were published for review and comment to maximize public and interested parties’ input.

In 2015 those same guidelines were updated with input from subject matter experts in the key areas of Operability,

Privacy, Security and Content. Shortly thereafter these guidelines were transferred to the newly formed non-profit.

Today, these guidelines now known as the Xcertia Guidelines, are backed by its founding members, the American

Medical Association (AMA), the American Heart Association (AHA), HIMSS, and the DHX Group, with a shared purpose to

provide a level of assurance to clinicians and consumers alike, that the mobile health apps that comply with the

guidelines are vetted to deliver value to the end user.

Under the Xcertia watch, the guidelines were updated in 2017 and then posted on the Xcertia website for public

comment. At the Connected Health Conference 2018 the Privacy and Security sections of the guidelines were again

updated and issued for public comment following that update by the Xcertia Work Groups in these two disciplines.

In February of 2019 the Xcertia Guidelines will have gone through a complete review and editing process by the

organization’s various work groups. These groups consisted of over forty individuals and contained subject matter

experts from a number of healthcare organizations and disciplines with expertise in the various sections within the

guidelines. As part of that effort the Xcertia Guidelines are divided into five sections, Privacy, Security, Usability,

Operability and Content, reflecting the key areas of guidance to ensure mHealth apps deliver true value in a trusted

environment to improve product adoption and use.

Since their release in February of 2019 the guidelines were available for public comment up until May 15, 2019. Those

comments have been considered by the work group leaders and their teams and where appropriate incorporated into

the Final 2019 Version of the Xcertia Guidelines.

Xcertia mHealth App Guidelines 2019

2019 Proprietary & Confidential 3

App Privacy Guidelines

App Privacy (P) Guidelines

Privacy will assess whether a mobile health app protects the user’s information, including Protected Health Information

(PHI), Personal Information (PI), Personally Identifiable Information (PII) in full compliance with all applicable laws, rules

and regulations. Where jurisdictions may conflict, the App Designer shall comply with the more rigorous requirements.

It is incumbent upon the developer to understand the scope and full requirements of the Privacy Rules and potential

notification requirements of the region(s) for which they intend to operate. Developers should have relevant procedures

in place and be able to document those procedures.

Guideline P1 – Notice of Use and Disclosure

The Privacy Notice is externally facing and describes to an app user how the organization collects, uses, and retains their

data (e.g., PHI, PI, PII). This notice should be unbundled from other information notices regarding the application. The

type(s) of data that the app obtains, and how and by whom that information is used, is disclosed to the user in a Privacy

Notice

Requirements for Guideline P1

• P1.01 Access: The identity of any entities that will have access to, collect and/or use of the user’s personal

information, shall be made available and disclosed to the user on an at least an annual basis and shall disclose use

by any parties as a part of the use chain.

• P1.02 Usage: The app publisher shall disclose any and all ownership, rights or licenses to any data collected about

the app and its usage, including the use of any data for commercial purposes.

• P1.03 Material Changes to Use: The app shall have a section (tab, button or equivalent) or active link to its Privacy

Policy, and owner represents that commercially reasonable efforts are used to notify users of any material

changes to its Privacy Policy.

• P1.04 User Registration: If registration is required to use all or some of the app’s features, the user shall be

provided with an explanation as to the uses of the registration information.

• P1.05 Data Collected and Opt Out: User shall be provided (or have access to) a clear list of all data points collected

and/or accessed by the app, including by the app publisher and all third parties such as in-app advertisers. This

includes personal data pertaining to the usage of the app, including but not limited to browsing history, device

Xcertia mHealth App Guidelines 2019

2019 Proprietary & Confidential 4

(e.g., unique identifiers), operating system, and IP addresses. How and from where such data points are collected

shall be disclosed. An Option should exist for user to opt-out of passing data to in-app advertisers.

• P1.06 Data Collected and Disclosed: User shall be provided (or has access to) a clear list of all data points collected

and/or accessed by the app pertaining to the specific user, including user-generated data and data that are

collected automatically about the user through other means or technologies of the app. This includes data points

collected for the purpose of any third-party sharing. How and from where such data points are collected is

disclosed.

• P1.07 Affirmative Consent to Use Data: The app publisher shall obtain affirmative express consent before using

user data in a materially different manner than was previously disclosed when collecting the data or collecting

new data, including for third-party sharing.

• P1.08 Affirmative Consent to Collect Data: The app publisher shall obtain affirmative express consent before

collecting personal data, in particular, Personally Identifiable Information (PII), Personal Health Information (PHI),

financial data or location data, including obtaining HIPAA authorizations where applicable.

• P1.09 Use and Updates of Information: The privacy policy shall inform users how they can get a copy of their

personal information that was collected by the app. A designated individual or toll-free number may be required

to be listed depending on domicile of user. The privacy policy shall also inform users how they can correct and

update information supplied by, or collected about them, held by or on behalf of the owner, or shared with third

parties, including the identity of such third parties, particularly in compliance with the HIPAA Privacy Rule, if

applicable, and any other state or

• international laws, rules, or regulations to the extent applicable.

• P1.10 Do Not Track Mechanism: If not otherwise provided by default, the app shall allow users to control the

collection and use of their in-app browsing data by supporting an online Do Not Track mechanism.

• P1.11 Opt Out or Do Not Contact: If not otherwise provided by default, the app shall allow users to control their

receipt of commercial messages from the app publisher and third parties through an “opt out” option, “do not

contact,” or substantially similar feature.

• P1.12 Sharing of Data: The app publisher shall not share any personal data with third parties, unless the app

publisher: (i) has an agreement with such third party that addresses safeguarding any and all such user data (BAA);

and (ii) takes the necessary measures to anonymize/de-identify all user data in accordance with the Health and

Human Services Safe Harbor guidelines for de-identification.(iii) the user provides an affirmative user consent (iv)

except when expressly disclaimed by app publisher (v) The app publisher has documented this within the Privacy

Policy.

Xcertia mHealth App Guidelines 2019

2019 Proprietary & Confidential 5

• P1.13 User Ability to Delete Data/Accounts: App publisher should allow a user to delete all personal data from

systems if canceling or deleting accounts. This functionality could be accessed by the user in app or by app owner.

• P1. 14 Changes to Privacy Policy: A mechanism shall be in place to notify users of changes to the Privacy Policy.

• P1.15 Consent to Changes in Privacy Policy: A mechanism shall be provided that enables users to acknowledge

and consent to changes to the Privacy Policy.

• P1.16 Notification in Event of Breach: User will be promptly notified (according to state or federal laws or

contractual obligations) if breach occurs that has compromised their information in accordance with applicable

state, federal and country laws.

Guideline P2 – Retention

If data is collected, the user shall be informed about how long the data is retained.

Requirements for Guideline P2

• P2.01 The Privacy Policy shall disclose the retention policy regarding user information. Such statement shall

include policies with respect to data retention under any third-party data sharing arrangement.

• P2.02 Retention and deletion time periods, which are based on clearly defined business needs or legal obligations,

shall be set. If business needs are defined as “in perpetuity,” this shall also be disclosed.

Guideline P3 – Access Mechanisms

The app user is informed, through an End User License Agreement, if the app accesses local resources (e.g., device

address book, mobile and/or LAN network interface, system stored credit card information, GPS and other location-

based services, contacts, camera, photos, SMS or MMS messaging, and Bluetooth) or resources from and/or for social

networking platforms, provided with an explanation by any appropriate means (e.g., the “About” section) as to how and

why such resources are used, and opt-in consent is obtained to access such resources.

Requirements for Guideline P3

• P3.01 If the app accesses any of the mobile device’s native hardware (camera, microphone, GPS/location,

Calendar, Address Book, etc.) the express reason for requiring such access shall be disclosed to the user, separate

from any warning/consent present in the mobile operating system.

Xcertia mHealth App Guidelines 2019

2019 Proprietary & Confidential 6

• P3.02 If the app accesses or uses any Wi-Fi, LAN, or mobile network data connections, an estimate of the amount

of data consumed shall be provided to the user along with a notice that carrier data charges may apply.

• P3.03 If the app accesses social networking sites (such as Facebook, Instagram, or like social media), the reason

why such sites are being accessed is disclosed to the user.

Guideline P4 – Health Insurance Portability and Accountability Act (HIPAA) Entity or

Business Associate

If the app, on behalf of a Covered Entity or a Business Associate (each as defined by HIPAA and the rules thereunder),

collects, stores, and/or transmits information that constitutes Protected Health Information (as defined by HIPAA and

the rules thereunder), it does so in full compliance with HIPAA and all applicable state and international laws, rules and

regulations.

Requirements for Guideline P4

• P4.01 The user can affirmatively opt in or out (at any time) of information shared with or given access by third

parties.

• P4.02 The app publisher certifies that a Business Associate Agreement (BAA) has been executed pursuant to

HIPAA with any and all necessary third parties.

• P4.03 The user can access or request any of his/her Protected Health Information (PHI) collected, stored and/or

transmitted by the app.

• P4.04 The app publisher uses requisite efforts to limit the use and disclosure of PHI, including ePHI, to the

minimum necessary to accomplish the intended purpose (e.g., “need-to- know”).

• P4.05 The publisher must demonstrate that procedures are in place so that in the event of a breach the app

publisher shall notify affected individuals, HHS, and in some cases, the media (news agencies, print, radio, etc.) of

a breach of unsecured PHI. Most notifications must be provided without unreasonable delay and no later than 60

days following the discovery of a breach.

Guideline P5 – Children’s Online Privacy Protection Act (COPPA)

The app has measures in place to protect children in accordance with applicable laws and regulations if website is

directed at children (see specific guidance Children’s Online Privacy Protection Act).

Xcertia mHealth App Guidelines 2019

2019 Proprietary & Confidential 7

Requirements for Guideline P5

• P5.01 The app provides clear notice of the content that will be made available and its suitability for specific age

groups.

• P5.02 The app includes a clear and conspicuous Privacy Notice/Policy that addresses use by any child under the

age of 13 and prevents usage without verifiable parental authority (please note state laws may have additional

carve out regulations for children).

• P5.03 The app provides for an age verification process—either automatic or self-reported—to control access to

age-restricted content and to minimize the inappropriate collection, use, or disclosure of personal information

from a child.

• P5.04 The app does not, without obtaining verifiable parental/legal guardian consent, collect, use, or disclose data

from any child under the age of 13.

• P5.05 The app enables a parent/legal guardian who becomes aware that the child has provided information

without his/her consent to contact the app publisher and eliminate account/delete that data.

• P5.06 The Privacy Policy provides that the app publisher will delete any child’s personal information upon notice,

or if the App publisher becomes aware or has knowledge, that such information was provided without the

consent of a parent/legal guardian, including information that was shared with a third party.

• P5.07 Apps that are intended for children must have a location default setting that enables parents/legal

guardians to prevent the app from automatically publishing their child’s location.

• P5.08 Apps that are directed at children under the age of 13 will have a default setting that prevents in-app

purchases.

• P5.09 Apps that are directed at children under the age of 13 will have a default setting that prevents usage of

camera and microphone.

Guideline P6 – General Data Protection Regulation (GDPR)

The app has measures in place to comply with applicable laws and regulations related to the European Union General

Data Protection Regulation (GDPR).

Requirements for Guideline P6

• P6.01 Provide Privacy Notice at the time user is providing information to the app. The Privacy Notice should be

available in search feature.

Xcertia mHealth App Guidelines 2019

2019 Proprietary & Confidential 8

• P6.02 The Privacy Notice must be concise (plain language), transparent and accessible. For the Privacy Notice to be

easily readable, key information is at front of notice and in a layered notice approach links are available for

additional information in full version.

• P6.03 The Privacy Notice must include the name of the organization, processor, name and contact details of the

representative, and contact details of the Data Protection Officer (DPO) if a DPO is required.

• P6.04 The Privacy Notice must state the lawful basis, legitimate purposes, and rights available to individuals in

respect of processing.

• P6.05 The user must be informed of the categories/source of personal data obtained if it is obtained from third party

sources. This must be provided within a reasonable period of obtaining the personal data and no later than one

month. Notice must be provided of the recipients of categories of personal data, whether the individuals are under a

statutory or contractual obligation to provide personal data and the details of transfers of personal data to any third

countries or international organizations.

• P6.06 The details and existence of automated decision-making including profiling (if applicable) and the retention

periods for personal data must be provided.

• P6.07 Unexpected uses of user data should be posted on the front page of the Privacy Notice and there must be

separate consent for different uses. A user must be given a simple way to consent to all types of uses listed (e.g. opt

in/opt out boxes for each). If the app is requesting the user to receive direct marketing materials, then there should

be a separate opt out box.

• P6.08 The user must be put on notice that they have the right to withdraw from further use of data (if applicable

through respective regional data governance laws) and the right to file a complaint with the respective regional

supervisory authority.

• P6.09 Best practice is to conduct audits to see what personal information the app maintains and conduct user

testing to see if the privacy notice is easily understandable.

• P6.10 The app developer must ensure the Privacy Notice is consistent with current use. If a material change is made

to the collection or use of data, the Privacy Notice must updated prior to processing.

• P6.11 If the event of a breach of personal data, understand the type of data that has been impacted. Prepare a

written report. And, based upon notice requirements of area of operation, Report within 72 hours of becoming

aware of the reportable breach to the relevant supervisory authority.

• P6.12 The App Developer shall be responsible for knowing relevant and appropriate regulations for the Regions in

which they intend to operate

Xcertia mHealth App Guidelines 2019

2019 Proprietary & Confidential 9

• P6.13 The End User Licensing Agreement (EULA) should document how notice shall be provided to individual and

appropriate authorities.

References: Additional information may be found at these sites:

US State Breach Notification Requirements: http://www.ncsl.org/research/telecommunications-and-information- technology/security-breach-notification-laws.aspx

European Union General Data Protection Requirements- Information Commissioners Office UK: https://ico.org.uk/for- organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed

Health and Human Services Safe Harbor: https://www.ecfr.gov/cgi- bin/retrieveECFR?gp=1&SID=90f45f0c857144405b17a43c35600c16&ty=HTML&h=L&mc=true&r=SECTION&n=se42.5.10 01_1952

HIPAA: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html?language=en

Xcertia mHealth App Guidelines 2019

2019 Proprietary & Confidential 10

App Security Guidelines

App Security (S) Guidelines

The Security Guidelines will assess if the application is protected from external threats and maintain the integrity,

availability, confidentiality, and resilience of the data.

Guideline S1 – Security Operations

The app publisher ensures that the app’s security procedures comply at all times with generally recognized best

practices and applicable rules and regulations for jurisdiction(s) in which the app is intended to be sold or used and such

procedures are explained or made available to users.

Requirements for Guideline S1 • S1.01 Administrative, physical, and technical safeguards to protect user’s information from unauthorized

disclosure or access are provided and employed.

• S1.02 Access to user’s information is limited to those authorized employees or contractors who need to know the

information in order to operate, maintain, develop, or improve the app.

• S1.03 If the app utilizes unique identifiers, the identifier is linked to the correct user and is not shared with third

parties.

• S1.04 If any third-party vendor services are utilized as part of the app, an information security risk assessment

should be conducted of the respective third parties.

• S1.05 If your organization is subject to HIPAA or other Information Security and/or Privacy regulations, an internal

risk assessment for any systems related to PHI/PII should be conducted.

• S1.06 App publisher should create and maintain a baseline configuration document for potential risks to be

identified.

• S1.07 Risk-appropriate authentication methods are used to authenticate users.

• S1.08 A written description of security procedures is provided in a section of the app (tab, button, or equivalent)

or through an active link. The se

HOW OUR WEBSITE WORKS

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of 
HIGH QUALITY & PLAGIARISM FREE.

Step 1

To make an Order you only need to click ORDER NOW and we will direct you to our Order Page at WriteDen. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
 Deadline range from 6 hours to 30 days.

Step 2

Once done with writing your paper we will upload it to your account on our website and also forward a copy to your email.

Step 3
Upon receiving your paper, review it and if any changes are needed contact us immediately. We offer unlimited revisions at no extra cost.

Is it Safe to use our services?
We never resell papers on this site. Meaning after your purchase you will get an original copy of your assignment and you have all the rights to use the paper.

Discounts

Our price ranges from $8-$14 per page. If you are short of Budget, contact our Live Support for a Discount Code. All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Please note we do not have prewritten answers. We need some time to prepare a perfect essay for you.