Policy for Emory Public Mobile App Distribution (Adopted October 14, 2014, revised December 8, 2017)
Emory requires an internal review of all mobile applications developed at Emory prior to submission for distribution in public marketplaces, including but not limited to the Apple App Store and Google Play. This process is initiated by the Emory mobile application owner via ServiceNow request and facilitated by the mobile application review coordinator, in consultation with the Office of Technology Transfer in consultation with , Legal Counsel, Marketing & Communicationsthe Office of Compliance, Communications & Public Affairs, and Library and Information Technology Services (LITS). To To begin the process, please visit https://wiki.service.emory.edu/x/FqMlAw. As part of the Apple and Google submission processes for public distribution of mobile applications, parties distributing mobile applications must affirm their ownership of the intellectual property and accept marketplace terms and conditions, which include assuming some liability and accepting business obligations. Although Apple spends considerable effort tracking the ever-changing tax landscape, it is possible that errors and miscalculations can happen. If there is an underpayment assessment, the funding for that liability is not covered from a central source of funds. It will be up to the department, unit, or school to fund that expense in the unlikely event it were to arise. For these reasons reviews of the intellectual property ownership status, marketability, and potential liability to Emory are essential. All mobile apps owned by Emory are to be distributed through official Emory channels (i.e., Emory marketplace accounts) unless special dispensation for another distribution method is obtained during the review process.
Emory must also determine if mobile applications collect, transmit, or store any sensitive data and, if so, ensure that Emory's FERPA, HIPAA, PCI, or other appropriate compliance obligations are met. Distribution of mobile applications to any external (non-Emory affiliated) people without completing Emory's mobile application review process is prohibited. Distributing mobile applications that one does not personally own may also be a violation of marketplace agreements.
Policy for Emory Internal Mobile App Distribution (Adopted November 17, 2014, revised December 8, 2017)
Emory requires a review of all internal mobile applications at Emory (developed at Emory or vended) prior to distribution to end users for production use. Internal mobile applications are those intended for use by Emory people and Emory affiliates only and not segments of the general public. This process is initiated by LITS in the Emory mobile application owner via ServiceNow request and facilitated by the mobile application review coordinator, in consultation with LITS, Legal Counsel, and the Emory Healthcare and Emory University Compliance OfficersOffice of Compliance. To begin this process, please visit visit https://wiki.service.emory.edu/x/7ILaB. While internally distributed mobile applications do not have the same business and branding requirements as publicly distributed mobile apps, internal mobile applications have many of the same legal, compliance, and security implications. For this reason Emory must perform a technical review, compliance and regulatory review, and a security review for internal mobile apps. Mobile applications may be distributed internally to a limited user base for development and testing purposes prior to this review, but the reviews must be completed satisfactorily prior to distributing apps for production use.
Emory requires a review of all apps available in public marketplaces that are listed for download in the Emory Mobile App Catalog. The process for reviewing mobile apps endorsed by Emory and listed in the Emory Mobile App Catalog is initiated by the LITS in consultation with Emory Healthcare and Emory University Compliance Officers and [list other parties here]. To begin this process, please visit https://wiki.service.emory.edu/x/suIGBQ (the same process as the Vended Apps in the next section). These mobile apps are endorsed in some way by Emory when they appear in the Emory Mobile App Catalog, and they should be reviewed and documented to indicate the nature of their review and recommended or endorsed use.