What is the best mobile application development platform? There are four alternative approaches.  Which one is best for your organization?

The first approach to building new app experiences is to Do-it-Yourself (DIY)  and build the application development platform, then build your app.  Organizations that are new to mobile application development often don’t comprehend everything that needs to be purchased, installed, built, developed, secured, and maintained to deliver a 5-star app experience. This diagram outlines the application development platform stack you need to build an app with a DIY approach – from building the client app to building and managing new mobile services and traditional platform middleware and infrastructure.

And if you have to deliver a HIPAA compliant app, it adds several layers of additional complexity, including defining and implementing Physical Safeguards, Technical Safeguards, Documentation Safeguards, Administrative Safeguards, and Breach Notification Rules. Developing, documenting, implementing, and certifying all of these requirements takes months and could cost upwards of $100,000. Certification alone can be extremely costly for the application development platform independent of the app itself.


HIPAA application requirements

HIPAA Compliance Requirements for mHealth apps

One way to reduce your costs is to turn to a cloud provider that has already done the hard work to build portions of the stack and pre-certified their services. The key question is, which type of cloud service is best for you and your apps and which will lower your time to market and project cost risks?

There are three versions of cloud “*aaS” offerings that provide an application development platform. The chart below compares the various levels of coverage by service type: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Backend as a Service (BaaS). The first step is to make sure whichever “*aaS” you choose meets your business needs, in this case HIPAA Compliance with a Business Associate Agreement (BAA) to back it up.

Application Development Platform Alternatives

Four Alternatives for Implementing Mobile Apps

IaaS: The cloud provider gives you infrastructure services on-demand, including networking, storage, servers, and virtualization. In some cases, the operating system is included as well. You would have to develop, integrate, secure, and maintain the other platform middleware and mobile-specific components of the stack along with building your app.  In many cases, each of these components will have a different pricing structure based upon usage, which can be confusing and hard to budget.  For HIPAA compliant apps, you would also be responsible for ensuring compliance for the components not covered under the cloud IaaS provider’s BAA.

PaaS: The cloud provider gives you all the components of IaaS as well as the platform middleware (and operating system if needed). For HIPAA apps, the provider should be willing to sign a BAA to cover their portion of the stack. You would be responsible for developing, integrating, securing, and maintaining the mobile-specific middleware components in addition to building and maintaining your app. As with IaaS, each of these components will have a different pricing structure based upon usage, which can be confusing and hard to budget.  You would also be responsible for ensuring HIPAA compliance for the components not covered under the cloud provider’s BAA.

BaaS: The cloud service provider gives you all of the IaaS and PaaS components as well as the mobile-specific middleware plumbing required to deliver high performing online and offline user experiences. If needed, the BaaS provider should be willing to ensure HIPAA compliance for the stack up through their service layers and should sign a BAA, as well as pass through the BAA from the underlying cloud infrastructure provider. With BaaS, you would just need to focus on building your app experience. The BaaS provider has taken care of infrastructure, compliance, security, and all the mobile features you need.  With Kinvey BaaS, you get the complete service for a fixed, predictable price per app.   Kinvey’s pricing is fully transparent and easy to budget.  

BaaS provides the lowest Total Cost of Ownership (TCO) for your app (check out our BaaS savings calculator). You don’t have to build the stack – instead you login and use it from day 1. It’s been estimated that, with BaaS, you can achieve 86% faster release cycles and spend 90% of your time on app features instead of infrastructure, middleware and maintenance.  Don’t just take our word for it, Kinvey is the a leader and top ranked platform in The Forrester Wave: Mobile Development Platform 4Q 2016. In addition, we recently contracted a third party to do a research project on the business value that our customers are receiving by using Kinvey.  Read the results: Business Value of Kinvey Research Report.   

If you have the need for a HIPAA compliant app, here are all the components required for HIPAA compliance. It’s quite a list and we are proud to say that Kinvey’s HIPAA Compliant App Cloud successfully meets all of the applicable requirements.