cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Stevel
Level: Powered On

Personal Health Information, PHI, security considerations using PowerApps

Hi all,

I'm building a useful app that my agency is getting excited about using in the field. We start field trials next week. However, I'd like to be reassured by this community regarding PowerApp security as the information being viewed in the app is personal health information and is regulated by HIPAA disclosure rules.

 

We require that our mobile app users have autolocking turned on and they have to login into their agency O365 account, so, we have two factors of authentication which is a major requirement.

 

Does anyone know if/how we can enforce the auto locking requirement for PowerApps users? It is enforced by Outlook, but if a user does not have Outlook on their phone it would be nice to be able to enforce autolocking for PowerApps users.

 

Also, I assume that all communications between PowerApps and Azure SQL or PowerApps and our on-prem data warehouse are strictly HTTPS. I believe that to be the case, but is it documented anywhere?

 

Are there any security issues/gaps that I should consider about before I release my lovely app for field trials?

 

THANKS...Steve

2 REPLIES 2
Community Support Team
Community Support Team

Re: Personal Health Information, PHI, security considerations using PowerApps

Hi @Stevel,

 

For authentication under PowerApps, if should obey the policy configured within the organization (Office 365).

For the connecting issue, there is no documentation for HTTPs mentioned, for on-premise connection, it should be HTTP for SharePoint site and Dynamics NAV, based on what I know.

For security concerns, that would depend on the App configuration.

Adding some reference:

Share an app in PowerApps

Data loss prevention (DLP) policies

 

Regards,

Michael

Community Support Team _ Michael Shao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Stevel
Level: Powered On

Re: Personal Health Information, PHI, security considerations using PowerApps

Hi Michael,

 

I posted the same question as a PowerApps support ticket as I need an 'official' response to be able to show a future auditor. 

 

I also posted a PowerApps Idea regarding being able to optionally require devices to auto-lock if a user is accessing an app from within the powerApps shell. https://powerusers.microsoft.com/t5/PowerApps-Ideas/A-way-to-Enforce-phone-auto-lock-feature-like-Ou...

 

I'll post any official responses from support to this thread.

 

...Steve

Helpful resources

Announcements
firstImage

Watch Sessions On Demand!

Continue your learning in our online communities.

SecondImage

PowerApps Monthly Community Call

Next Wednesday, September 18th at 8am PDT

Power Platform 2019 release wave 2 plan

Power Platform 2019 release wave 2 plan

Features releasing from October 2019 through March 2020

FirstImage

Power Platform World Tour

Coming to a city near you

thirdimage

PowerApps Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

FourthImage

Join PowerApps User Group!!

Connect, share, and learn with your peers year-round

SecondImage

Power Platform Summit North America

Register by September 5 to save $200

Top Kudoed Authors
Users Online
Currently online: 189 members 4,864 guests
Please welcome our newest community members: