Hello and welcome to JustAnswer. Please note:This is general information for educational purposes only and is not legal advice. No specific course of action is proposed herein, and no attorney-client relationship or privilege is formed by speaking to an expert on this site. By continuing, you confirm that you understand and agree to these terms.
I’m wondering if automatic logout after a set time is required in our case.
HIPAA's security rule is subjective and it provides guidelines, but not specifications for most situations. There is no hard rule on what one is to do in such a situation. One is expected to follow the guidelines but what is to be done is up to the company. See HERE. Suffice to say, the less information the app holds on the user, the better. Also, a password ***** ***** mandatory, but is highly recommended. Not having a password ***** invites theft of information and misuse by people, which can culminate in a lawsuit under "negligence per se" and other actions.
The other consideration is whether this requirement would change if the device that’s using the app stays at home (the link above mentions that the location/traffic around the device matters).
No, it does not. The answer applies "as is" regardless.
I hope this helps and clarifies. Please use the SEND or REPLY button to keep chatting, or please RATE when finished. You may always ask follow ups at no charge after rating. Kindly rate my answer as one of TOP THREE FACES/STARS and then SUBMIT, as this is how experts get credit for our time. Rating my answer the bottom two faces/stars (or failing to submit the rating) does not give me credit and reflects poorly on me, even if my answer is correct. I work very hard to formulate an informative and honest answer for you; please reciprocate my good faith with a positive rating.