Apple’s health apps now have a higher-tech security option.
The security firm Tresorit came out Tuesday with a tool to offer increased privacy options to developers using Apple’s open-source CareKit platform. Those options will help apps including apps run by hospitals reach HIPAA compliance.
Tresorit’s security technology, called ZeroKit, will offer user authentication for patients and healthcare workers, end-to-end encryption of health data, and “zero knowledge” sharing of health data, in which data isn’t shared with any service as it transfers.
End-to-end encryption is used for cloud storage, messaging and other services but hasn’t been widely adopted in healthcare apps, Tresorit senior vice president David Szabo told Mashable. Data is encrypted before it is uploaded to the cloud and that encryption key never leaves the user’s device.
“Our mission is to give the ability to developers to give privacy to you,” Szabo said. “Developers don’t want to see patients’ passwords.”
CareKit is an open-source platform that allows developers or even healthcare professionals with a little coding knowledge to create patient-focused apps. The platform has been used for home care, diabetes care and other health projects.
With enhanced cloud security, the platform is intended to be of better use to hospitals beholden to the government’s privacy rules around patient information. Healthcare professionals developing an app through CareKit can opt into ZeroKit’s security offerings. Consumers won’t choose whether to apply these encryption tools to their personal accounts.
“Apple designed the iOS platform and CareKit with security at its core. When building apps where data is shared across devices and with other services, developers want to extend this security to the cloud. This is exactly what ZeroKit does,” the ZeroKit team wrote in a blog post on Apple’s CareKit blog.
ZeroKit’s founders approached Apple about integrating their security system into CareKit about four months ago.