You are here: Home / Development Framework / Compliance and Security Gate

Compliance and Security Gate

Before leaving the development phase, apps should undergo a risk assessment and, if required, a review by the compliance and legal departments

IT Security

All applications should undergo a risk assessment by IT Security before being implemented. This applies to all technology, and apps are no different.

In addition, apps may undergo two additional reviews by IT security, the application scan for web components, in which the server component is scanned for known vulnerabilities, and a code review. Code reviews are indicated when an app uses protected personal information.


The office of Corporate Compliance must review any access or use of protected health information.

Health Information Services (HIS)

HIS must review any access or use of the electronic medical record.


The Food and Drug Administration regulates medical devices. They have been lenient in terms of not regulating research projects, but in general, if an app can affect a patient, including monitoring, distributing medication, or giving medical advice, you should prepare to file with the FDA. More information can be found on the FDA website.