Health App

Health App

The Health App base program is for smart-phone and web-based health application clients and/or the platforms that support them. Specifically, the program is for those who desire to demonstrate compliance with DirectTrust’s core criteria which cover, for example, HIPAA Privacy and Security, cybersecurity, business practices, physical and personnel resources, and the secure use of third-party cloud service providers. It also assesses health app stakeholder-specific criteria focused on systems that operate outside of HIPAA, such as the privacy and security for health and wellness data, including compliance with the FTC Health Breach Notification Rule.

This program can be augmented by additional criteria focused on the following optional accreditations, if they are applicable:

  • CARIN Code of Conduct for Consumer-Facing Applications, which assures third parties and consumers that an organization will only share data collected in the application with the knowledge and consent of the end user and other criteria related to data use transparency and best practices. 
  • Digital Therapeutics, which demonstrates compliance with efficacy, data privacy and security requirements for digital therapeutics applications and platforms (DTx).  This program was developed in conjunction with the Digital Therapeutics Alliance, and is administered by DirectTrust.
  • UDAP™ Client App, which demonstrates through assessment and testing that a client application can interoperate with health information networks and FHIR® endpoints to support dynamic client registration and secure identity- assured authentication.  This program also available as augmentation for other DirectTrust programs that assess and test server and identity provider behavior. 

Resources

Ready to move forward?

Apply for Accreditation

Accredited Organizations