Is there a HIPAA-compliant goniometer app?
Clinical guide · Reviewed by Kevin Lan, OTR/L, ATP · Updated July 2026
Strictly speaking, no — because no app can be. There is no HIPAA certification, and compliance is an obligation of the clinician or facility, not a property of software. What an app can do is make your compliance easy or put it at risk, and the difference comes down to architecture: where patient data lives, whether it is encrypted, who can access it, and whether it is ever transmitted. This guide explains who HIPAA actually applies to, what to verify in any goniometer app that stores patient information, and how Goniometer is designed so that patient data never leaves the device at all.
Who HIPAA actually applies to
HIPAA's Privacy and Security Rules apply to covered entities — providers, health plans, and clearinghouses — and to their business associates: vendors that create, receive, maintain, or transmit protected health information (PHI) on a covered entity's behalf. If you are an OT, PT, ATC, or physician documenting a patient's range of motion, the compliance obligation is yours and your facility's. The app you measure with enters the picture in one of two ways:
- A cloud-based app makes its vendor a business associate. If patient data syncs to the vendor's servers, the vendor handles PHI on your behalf — you need a signed business associate agreement (BAA) with them, and their security posture becomes part of your risk.
- An on-device app that never transmits patient data keeps the vendor out of the loop entirely. No PHI ever reaches the developer, so there is no business associate relationship, no BAA to sign, and no third-party server that can be breached.
The second architecture is simpler for you in every respect — there is one less contract, one less vendor audit, and one less place patient data can leak from.
There is no such thing as a "HIPAA-certified" app
The Department of Health and Human Services does not certify software, and no accreditation it recognizes exists for the claim. When app marketing says "HIPAA certified," treat it as a red flag: at best it is loose shorthand, at worst it is a claim no one can substantiate. The honest version of the claim — the one you can verify yourself — is architectural. Ask where the data lives and what protects it, and judge the app on the answers.
The checklist: What to verify in any goniometer app
| Ask | Why it matters |
|---|---|
| Where does patient data live? | On-device only means no server to breach and no BAA. Cloud sync means the vendor is a business associate — ask for the BAA before you store a single patient. |
| Is it ever transmitted? | Analytics, crash reporting, and "anonymous usage data" pipelines are the quiet ways clinical data leaks. Check the App Store privacy label — it is a binding declaration. |
| Is it encrypted at rest? | A lost or stolen phone is the most likely real-world incident. Data should be unreadable while the device is locked. |
| Is there access control? | A biometric or passcode lock on patient screens keeps a borrowed or unattended phone from exposing records — and it should not cost extra. |
| Are deletes real? | Deleting a profile should purge the data, not hide it. Retention you cannot end is a liability. |
| Does it encourage data minimization? | The less identifying information stored outside your chart, the smaller every risk above becomes. Initials beat full names. |
How Goniometer is designed for HIPAA-covered practice
Goniometer: Range of Motion is built by a practicing clinician around one rule: patient data never leaves the device. Point by point against the checklist:
- On-device only, works fully offline. There are no accounts and no cloud. Nothing is transmitted to the developer or anyone else — the App Store privacy label is "Data Not Collected." Because no PHI ever reaches the developer, no BAA is needed.
- Encrypted at rest. Patient profiles are stored with iOS file protection, unreadable while the device is locked, and excluded from cloud backups.
- Face ID lock — free for every user. Access control on patient data is never paywalled. With the lock on, patient screens re-lock when you leave the app and are shielded in the app switcher.
- Real deletion. Deleting a profile purges it from storage.
- Data minimization by design. The profile screen asks for a short label or initials — not full names — so the app stores as little identifying information as possible while your chart remains the system of record.
- No analytics, no tracking, no third-party SDKs touching clinical data — there is no pipeline for it to leak through.
What stays on your side of the line
An on-device architecture removes the vendor from your risk surface, but it does not remove your own obligations, and it would be dishonest to suggest otherwise. Three habits close the loop:
- Keep the device itself secured — a passcode and up-to-date iOS are what make file-level encryption meaningful.
- Treat exported reports like any patient document. The moment a PDF or CSV report leaves the app through the share sheet, it is governed by your facility's policies — share it through approved channels, not personal email.
- Follow your facility's mobile-device policy. Some employers require managed devices or specific apps for anything patient-related; the architecture here supports that conversation, but the policy call is theirs.
Measure with nothing to breach. Goniometer keeps every profile encrypted on your iPhone, locked behind Face ID, and never sends patient data anywhere — free to measure, with 47 guided movements. Download Goniometer on the App Store.
Frequently asked questions
Is Goniometer HIPAA compliant?
No app can be "HIPAA certified" — no such certification exists, and compliance is an obligation of the clinician or facility, not the software. Goniometer is designed to support your compliance: patient data never leaves the device, is encrypted at rest, can be locked behind Face ID at no cost, and is never transmitted to anyone. The App Store privacy label is "Data Not Collected."
Does using Goniometer require a business associate agreement (BAA)?
No. A BAA is required when a vendor creates, receives, maintains, or transmits PHI on your behalf. Goniometer's developer never receives any patient data — everything stays on the device — so there is no business associate relationship and no BAA to sign. A cloud-based app is different: its vendor handles PHI and should offer a BAA.
Is there such a thing as a HIPAA-certified app?
No. HHS does not certify products as HIPAA compliant. Treat "HIPAA certified" in app marketing as a red flag and evaluate the architecture instead: where data lives, whether it is encrypted, who can access it, and whether it is ever transmitted.
Can I put patient names in a goniometer app?
The safer habit is data minimization: identify profiles with initials or a short label rather than full names, dates of birth, or record numbers. Goniometer's profile screen prompts exactly that, so the stored data carries as little identifying information as possible while your chart remains the system of record.
Are exported PDF and CSV reports covered by HIPAA?
Once you export and share a report it leaves the app and becomes your responsibility under your facility's policies, like any document containing patient information. Share exports through approved channels — your EMR or secure messaging — not personal email or chat.
References
- U.S. Department of Health and Human Services, Office for Civil Rights. The Security Rule. hhs.gov/hipaa/for-professionals/security
- U.S. Department of Health and Human Services, Office for Civil Rights. Covered Entities and Business Associates. hhs.gov/hipaa/for-professionals/covered-entities
- Apple App Store privacy label for Goniometer: Range of Motion ("Data Not Collected"). apps.apple.com — Goniometer: Range of Motion
Related guides
This guide is educational and is not legal advice — consult your compliance officer or counsel for decisions about your practice. Goniometer is an educational and reference tool; it is not a medical device and is not intended for diagnosis or treatment decisions.