Software companies and mobile phone application developers are worried about HIPAA regulations and have argues that the legislation is hampering new innovation.
The industry has recognized the for stringent controls to ensure data is recorded, stored and transmitted safely, but that there is a long way to go to strike a happy balance between data security and product development.
The App Association represents mobile phone app developers, with the organization voicing its concerns this month in a recent letter to congress. The letter was issued by U.S. Representative Thomas Marino (R-PA) who has already made attempts to help remove some of the obstacles faced by the mHealth industry and mobile App developers.
The mobile phone app industry is supposedly worth an estimated $68 billion and the App Association represents some 5000 members. It has voiced worry about key areas which require federal government intervention and has asked that regulations be updated to permit mobile health apps to be developed and for growth to be promoted in the sector.
Several innovative applications have been developed in recent months which can increase efficiency in healthcare and improve the lives of patients undergoing treatments. Apps are being developed to aid doctors – such as those allowing patient data to be viewed in real time over an encrypted network with military level security – in addition to patient-oriented apps such as those which send reminders to patients to take their medication. However, current Health Insurance Portability and Accountability Act (HIPAA) regulations need to amended to take fast changing technology into account.
There are three main parts of HIPAA which require change according to the letter, and congress has been requested to look into access to current regulations, updates to Office of the National Coordinator (ONC) guidance and outreach to startups in the mobile healthcare.
One issue that exists is that new app developers are not experts in data security laws and do not have the resources to gain access to the information they need to ensure compliance with federal data security laws. Information should be made freely available in an easy to read format to allow individual developers to avoid bureaucracy and take the appropriate steps to ensure they are adhering to HIPAA compliance rules.
While legislation has been refreshed to take new technology into account, OCR efforts have been intermitent. In the letter, the App Association emphasizes data that is years out of data citing a document available on the HHS website providing technical safeguards for remote use having last been updated in 2006; before the first iPhone was released for sale. Updates to regulations and standards are clearly needed to keep pace with the current technological landscape in the healthcare sector.
The industry is expected to adhere with all HIPAA regulations but there is considerable confusion over which HIPAA rules apply and to whom they apply to, with many developers unable to understand the rules and regulations governing cloud storage of PHI and what is considered a HIPAA violation and how it can be prevented.
While the government seems to be focused on ensuring compliance in the traditional healthcare marketplace, resources should also be given to the mobile app industry which is producing some of the most innovative products in healthcare currently. The App Association has called for outreach programs to begin to enable the HHS to learn more about current technology and innovation and what the mobile healthcare industry needs from congress.