Smartphone Applications. If the Health Plan uses smartphone applications (apps) to allow enrollees direct access to Agency-approved member materials, the Health Plan shall comply with the following: 1. The smartphone application shall disclaim that the app being used is not private and that no PHI or personally identifying information should be published on this application by the Health Plan or end user; and 2. The Health Plan shall ensure that software applications obtained, purchased, leased, or developed are based on secure coding guidelines; for example: a. OWASP [Open Web Application Security Project] Secure Coding Principles – ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/index.php/Secure_Coding_Principles; b. CERT Security Coding – ▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇/secure-coding/; and c. Top 10 Security Coding Practices – 32. Attachment II, Core Contract Provisions, Section XII, Reporting Requirements, Item A., Health Plan Reporting Requirements, sub-item 1.c. is hereby amended to now read as follows:
Appears in 2 contracts
Sources: Medicaid Hmo Non Reform Contract (Wellcare Health Plans, Inc.), Medicaid Hmo Non Reform Contract (Wellcare Health Plans, Inc.)