Spanish DPA (AEPD): Analysis of Information Flows in Android – Tools for compliance with Accountability

The objectives of the study focus on:

  • Defining the context and conceptual framework of the detection of the personal data communications in applications executed on an Android operating system.
  • Demonstrating the elevated risk in the mobile application environment of leaks of personal data and the need to carry out an evaluation of data flows
  • Studying the existing techniques for the detection and analysis of personal information flows in Android Applications.

https://www.aepd.es/media/estudios/estudio-flujos-informacion-android-en.pdf

HHS Clarifies HIPAA Liability Around Third-Party Health Apps

Interesting article that tries to summarize some of the latest HHS guidance. Includes “If the individual’s app – chosen by an individual to receive the individual’s requested ePHI – was not provided by or on behalf of the covered entity (and, thus, does not create, receive, transmit, or maintain ePHI on its behalf), the covered entity would not be liable under the HIPAA Rules for any subsequent use or disclosure of the requested ePHI received by the app,” officials explained.

https://healthitsecurity.com/news/hhs-clarifies-hipaa-liability-around-third-party-health-apps