Share this article on:
Software companies and mobile phone application developers are concerned about HIPAA regulations and many believe the legislation is hampering innovation. The industry accepts the need for strict controls to ensure data is recorded, stored and transmitted securely, but that there is some way to go to strike a good balance between data security and product development.
The App Association represents mobile phone app developers, with the organization communicating its concerns this month in a letter to congress. The letter was sent to U.S. Representative Thomas Marino (R-PA) who has already made an effort to help remove some of the barriers faced by the mHealth industry and mobile App developers.
The mobile phone app industry is reportedly worth an estimated $68 billion and the App Association represents some 5000 members. It has voiced concern about key areas which require federal government intervention and has requested that regulations be updated to allow mobile health apps to be developed and for growth to be promoted in the sector.
Several innovative applications have been developed in recent months which can improve efficiency in healthcare and improve the lives of patients. Apps are being developed to assist doctors – such as those allowing patient data to be viewed in real time over an encrypted network with military level security – in addition to patient-oriented apps such as those which remind patients to take their medication. However, current Health Insurance Portability and Accountability Act (HIPAA) regulations need to be changed to take fast changing technology into account.
There are three main areas which require change according to the letter, and congress has been requested to address access to current regulations, updates to Office of the National Coordinator (ONC) guidance and outreach to startups in the mobile healthcare.
One problem that exists is that new app developers are not experts in data security laws and do not have the resources to obtain the information they need to ensure compliance with federal data security laws. Information should be made available in an easy to read format to allow individual developers to avoid bureaucracy and take the appropriate steps to ensure HIPAA compliance.
While legislation has been updated to take new technology into account, OCR efforts have been inconsistent. In the letter, the App Association highlights data that is years out of data citing a document available on the HHS website providing technical safeguards for remote use having last been updated in 2006; before the first iPhone was released for sale. Updates to regulations and standards are clearly required to keep pace with the current technological landscape in the healthcare sector.
The industry is expected to comply with all HIPAA regulations but there is considerable confusion over which HIPAA rules apply and to whom, with many developers unable to decipher the rules and regulations governing cloud storage of PHI and what is considered a HIPAA violation and how it can be avoided.
While the government appears to be focused on ensuring compliance in the traditional healthcare marketplace, resources should also be allocated to the mobile app industry which is producing some of the most innovative products in healthcare today. The App Association has called for outreach programs to start to enable the HHS to learn more about current technology and innovation and what the mobile healthcare industry requires from congress.