CARIN has created a Code of Conduct that all attested apps will maintain.

Be Transparent

In an easy to understand way, be clear with users regarding whether data is collected, how it is used, and explain what rights and obligations exist.

Allow Consent

Obtain separate, informed, proactive opt-in consent to use or disclose information and allow users the ability to easily revoke consent.

Disclose Usage

Collect, use, and disclose health information in ways that are consistent with reasonable user expectations and consumer consent.

Give Individual Access

Provide the ability for users to access all identifiable information about themselves collected by the application and the ability to be forgotten.

Prioritize Security

Store and retain health information in a manner consistent with best practices and protects against loss or unauthorized access, use, alteration, destruction, unauthorized annotation or disclosure.

Maintain Provenance

Maintain the provenance of the data about who or what entity originally supplied the data and, where relevant, who made changes to the data, and what changes were made.

Ensure Accountability

Designate a responsible executive officer within the company to ensure these commitments are followed, staff are trained, and applicable laws are followed.

Educate Users

Inform users about their health information sharing choices and the consequences of those choices, including the risks, benefits, and limitations of data sharing.

Be Transparent

In an easy to understand way, be clear with users regarding whether data is collected, how it is used, and explain what rights and obligations exist.

Allow Consent

Obtain separate, informed, proactive opt-in consent to use or disclose information and allow users the ability to easily revoke consent.

Disclose Usage

Collect, use, and disclose health information in ways that are consistent with reasonable user expectations and consumer consent.

Give Individual Access

Provide the ability for users to access all identifiable information about themselves collected by the application and the ability to be forgotten.

Prioritize Security

Store and retain health information in a manner consistent with best practices and protects against loss or unauthorized access, use, alteration, destruction, unauthorized annotation or disclosure.

Maintain Provenance

Maintain the provenance of the data about who or what entity originally supplied the data and, where relevant, who made changes to the data, and what changes were made.

Ensure Accountability

Designate a responsible executive officer within the company to ensure these commitments are followed, staff are trained, and applicable laws are followed.

Educate Users

Inform users about their health information sharing choices and the consequences of those choices, including the risks, benefits, and limitations of data sharing.