cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Stevel
Advocate III
Advocate III

Personal Health Information, PHI, security considerations using PowerApps

Hi all,

I'm building a useful app that my agency is getting excited about using in the field. We start field trials next week. However, I'd like to be reassured by this community regarding PowerApp security as the information being viewed in the app is personal health information and is regulated by HIPAA disclosure rules.

 

We require that our mobile app users have autolocking turned on and they have to login into their agency O365 account, so, we have two factors of authentication which is a major requirement.

 

Does anyone know if/how we can enforce the auto locking requirement for PowerApps users? It is enforced by Outlook, but if a user does not have Outlook on their phone it would be nice to be able to enforce autolocking for PowerApps users.

 

Also, I assume that all communications between PowerApps and Azure SQL or PowerApps and our on-prem data warehouse are strictly HTTPS. I believe that to be the case, but is it documented anywhere?

 

Are there any security issues/gaps that I should consider about before I release my lovely app for field trials?

 

THANKS...Steve

2 REPLIES 2
v-micsh-msft
Community Support
Community Support

Hi @Stevel,

 

For authentication under PowerApps, if should obey the policy configured within the organization (Office 365).

For the connecting issue, there is no documentation for HTTPs mentioned, for on-premise connection, it should be HTTP for SharePoint site and Dynamics NAV, based on what I know.

For security concerns, that would depend on the App configuration.

Adding some reference:

Share an app in PowerApps

Data loss prevention (DLP) policies

 

Regards,

Michael

Community Support Team _ Michael Shao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi Michael,

 

I posted the same question as a PowerApps support ticket as I need an 'official' response to be able to show a future auditor. 

 

I also posted a PowerApps Idea regarding being able to optionally require devices to auto-lock if a user is accessing an app from within the powerApps shell. https://powerusers.microsoft.com/t5/PowerApps-Ideas/A-way-to-Enforce-phone-auto-lock-feature-like-Ou...

 

I'll post any official responses from support to this thread.

 

...Steve

Helpful resources

Announcements
PA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

R2 (Green) 768 x 460px.png

Microsoft Dynamics 365 & Power Platform User Professionals

DynamicsCon is a FREE, 4 half-day virtual learning experience for 11,000+ Microsoft Business Application users and professionals.

Users online (2,328)