Developers can now build end-to-end encryption into CareKit, Apple announced on its CareKit blog, adding more security and a faster track to HIPAA compliance for developers building healthcare apps on the open source platform.
While CareKit was built with "security at its core," according to the blog post, Apple has partnered with the security firm Tresorit to offer ZeroKit for CareKit developers.
In addition to offering end-to-end encryption of health data, it offers user authentication via PAKE (Password-authenticated key agreement) technology, which does not store password hashes. It also offers "zero knowledge" key management. The combination of PAKE user authentication, zero knowledge key management, and CareKit's default file system encryption "protects [protected health information] from breaches, while providing a seamless experience to your end-users," Apple said.
ZeroKit is available for iOS, Android, and web browsers and requires no previous knowledge of security, according to Apple.
Personal health information, of course, has been a major target for hackers. Last year, according to the Identity Theft Resource Center (ITRC), business and health care were the hardest hit vertical industries.