Apple is upping security options for its health apps.
The tech giant has partnered with the security firm Tresorit to offer developers using Apple’s CareKit platform increased privacy options, helping reach HIPAA compliance.
Tresorit’s security technology, called ZeroKit, will offer user authentication for patients and healthcare workers, end-to-end encryption of health data, and “zero knowledge” sharing of health data, in which data isn’t shared with any service as it transfers.
End-to-end encryption is used for cloud storage, messaging and other services but hasn’t been widely adopted in healthcare apps, Tresorit senior vice president David Szabo told Mashable. Data is encrypted before it is uploaded to the cloud and that encryption key never leaves the user’s device.
“Our mission is to give the ability to developers to give privacy to you,” Szabo said. “Developers don’t want to see patients’ passwords.”
CareKit is an open-source platform that allows developers — or even healthcare professionals with a little coding knowledge — to create patient-focused apps. The platform has been used for home care, diabetes care and other health projects.
With enhanced cloud security, the platform is intended to be of better use to hospitals beholden to the government’s privacy rules around patient information. Healthcare professionals developing an app through CareKit can opt into ZeroKit’s security offerings. Consumers won’t choose whether to apply these encryption tools to their personal accounts.
“Apple designed the iOS platform and CareKit with security at its core. When building apps where data is shared across devices and with other services, developers want to extend this security to the cloud. This is exactly what ZeroKit does,” the ZeroKit team wrote in a blog post on Apple’s CareKit blog.
ZeroKit’s founders approached Apple about integrating their security system into CareKit about four months ago.