HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Congress Asked by Mobile Health App Industry to Amend HIPPA

Software companies and mobile phone application developers are concerned about HIPAA regulations and many believe the legislation is hampering innovation. The industry accepts the need for strict controls to ensure data is recorded, stored and transmitted securely, but that there is some way to go to strike a good balance between data security and product development.

The App Association represents mobile phone app developers, with the organization communicating its concerns this month in a letter to congress. The letter was sent to U.S. Representative Thomas Marino (R-PA) who has already made an effort to help remove some of the barriers faced by the mHealth industry and mobile App developers.

The mobile phone app industry is reportedly worth an estimated $68 billion and the App Association represents some 5000 members. It has voiced concern about key areas which require federal government intervention and has requested that regulations be updated to allow mobile health apps to be developed and for growth to be promoted in the sector.

Several innovative applications have been developed in recent months which can improve efficiency in healthcare and improve the lives of patients. Apps are being developed to assist doctors – such as those allowing patient data to be viewed in real time over an encrypted network with military level security – in addition to patient-oriented apps such as those which remind patients to take their medication. However, current Health Insurance Portability and Accountability Act (HIPAA) regulations need to be changed to take fast changing technology into account.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

There are three main areas which require change according to the letter, and congress has been requested to address access to current regulations, updates to Office of the National Coordinator (ONC) guidance and outreach to startups in the mobile healthcare.

One problem that exists is that new app developers are not experts in data security laws and do not have the resources to obtain the information they need to ensure compliance with federal data security laws. Information should be made available in an easy to read format to allow individual developers to avoid bureaucracy and take the appropriate steps to ensure HIPAA compliance.

While legislation has been updated to take new technology into account, OCR efforts have been inconsistent. In the letter, the App Association highlights data that is years out of data citing a document available on the HHS website providing technical safeguards for remote use having last been updated in 2006; before the first iPhone was released for sale. Updates to regulations and standards are clearly required to keep pace with the current technological landscape in the healthcare sector.

The industry is expected to comply with all HIPAA regulations but there is considerable confusion over which HIPAA rules apply and to whom, with many developers unable to decipher the rules and regulations governing cloud storage of PHI and what is considered a HIPAA violation and how it can be avoided.

While the government appears to be focused on ensuring compliance in the traditional healthcare marketplace, resources should also be allocated to the mobile app industry which is producing some of the most innovative products in healthcare today. The App Association has called for outreach programs to start to enable the HHS to learn more about current technology and innovation and what the mobile healthcare industry requires from congress.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.