FHIR DASHBOARDGAPI DASHBOARDAPP GALLERYMARKETPLACE
Code of Developer Best Practices

Code of Developer Best Practices

We are excited for you to build apps on the Greenway Health Developer Platform. We hope that the power of this platform helps to foster an app ecosystem that improves patient care and outcomes and streamlines clinician workflow.

We expect you to build apps responsibly and in keeping with a set of best practices as outlined below:

Safety

• If your app is provider-facing and provides an ability to search for one or more patients and/or display patient information, assure that it uses/displays enough information to identify the correct patient. (Eg: Full Name, Date of Birth, Gender)

• If your app is patient-facing, assure that it displays enough information to identify the patient. (Eg: Full Name, Date of Birth, Gender)

• Where and when clinically appropriate, your app displays patient allergies and intolerances

• Because of the inherent latency and intermittent nature of network connectivity, assure that the user is informed that access to the app may be subject to interruption and/or non-availability.

• Make sure to follow industry standards for user-centered design and accessibility

Privacy and Transparency

• Provide users with a clear privacy policy that describes what data is collected by your app and how it is used, and how long it is retained

• Obtain consent from users for any secondary uses of the data used in your app

• Obtain consent from users if you provide access to the data or transfer data to third parties

• Provide a clear description in the Application Gallery and on your website of your app’s features and functionality and what clinical data elements your app collects; as well as any secondary uses of the data, and/or third party access to the data.

• Provide an accurate upfront representation of any fees and all associated costs the user might have to pay in order to use your app

Security

• Encrypt all data at rest using industry standard algorithms described in FIPS-140-2 with an appropriate bit length such as AES256.

• Store encryption keys securely and only make them accessible to users with system admin rights.

• Encrypt all data in flight with TLS 1.2, assuring the validity of the server’s TLS certificate using a certificate that is trusted by your host.

• Use standard authentication and authorization protocols such as OAuth.

• If your app prompts the user for sensitive information, the information is never stored in clear text, and is protected using one-way hashes such as SHA256.

• Enforce timeouts for user inactivity where appropriate

• Maintain the security of your client IDs and client authentication secrets

• Maintain the security of refresh tokens

• Perform regular code and web vulnerability scans.

• Do not reveal your app's internal state information in error messages.

Quality and Scalability

• Your app must not cause inconsistencies in the clinical data it displays.

• You will test your app under load to assure stable performance and that it will not negatively impact patient safety or clinical workflow

• Use industry standard source code management and software development and quality assurance methodologies

© 2024 All rights reserved. Greenway Health, LLC - Terms of Service - Privacy Policy