The App Association (ACT) – an advocacy and educational group set up to represent mobile app developers – recently wrote to the Office for Civil Rights seeking clarification on HIPAA privacy rules, and how they apply to mobile developers.
Developers are eager to incorporate the necessary privacy controls to ensure HIPAA-compliance; however many are not certain about what controls are required.
Yesterday, the OCR responded to Representative Peter DeFazio, and confirmed that it believes the aim should be to provide “the best possible compliance guidance in the industry” and that it is “moving forward in a number of ways” towards this goal.
DeFazio had asked for more clarity on HIPAA obligations for groups storing data in the cloud, wanted to find out what is expected of technology companies in order to adhere with HIPAA rules and asked for the OCR to work regularly with technology companies and provide compliance assistance.
In the correspondence, the OCR stressed out that it does supply information and compliance tools via its website and that the information has been gathered collaboratively with the Office for the National Coordinator for Health Information Technology. However, in a field that is increasing at such a rapid rate it has not been able to address all of the problems raised.
The OCR confirmed that it has entered into talks with ACT and is in the process of developing “real time solutions” to address the issues which are most pressing, and will ensure that these problem areas are specifically referred in the guidance it issues. The OCR is also looking into the possibility of holding what it refers to as “listening sessions”, where stakeholders can air their views about privacy and security.
App Association Director, Morgan Reed believes the privacy developer guidelines the OCR has provided so far are not up to date, which is hindering development of mobile health apps. He also say HIPAA is stopping many hospitals and clinics from using the new tools and services provided by mobile developers.
“Often we talk to developers who have got their first round of funding, they have a good idea that promotes good patient outcomes, but then they get into the development cycle and the sales just aren’t there. There’s a disconnect.”
Now that discussions have been initiated, Reed has asked for mobile developers to contact ACT with specific examples and information about specific problems that have been experiences so it can make them known to the OCR. Once the issues have been identified the OCR will be able to improve the assistane it provides to better serve the mobile industry.
Mobile health apps have massive potential to improve efficiency in healthcare as well as patient outcomes; however developers of mobile health apps are having trouble attracting interest from healthcare providers due to fears that their products would cause breaches of the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA Privacy and Security Rules serve to secure patient privacy and keep health and personal data safe. Substantial financial penalties are being issued by both the Office for Civil Rights and Attorney General’s Offices for non-compliance, and understandably healthcare providers are being very cautious with any new technology or software that could possibly touch the Protected Health Information of their subscribers.
