HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

New Framework for Assessing the Privacy, Security, and Safety of Digital Health Technologies

The American College of Physicians (ACP), American Telemedicine Association (ATA), and the Organization for the Review of Care and Health Applications (ORCHA) have collaborated to produce a new framework for assessing the digital health technologies used by healthcare professionals and patients.

Currently, more than 86 million Americans use a health or fitness app. These digital health technologies, which include more than 365,000 individual products, can collect, store, process, and transmit personal and health information that would be classed as protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA); however, the majority of these technologies are not covered by HIPAA and fall outside of other regulations, federal laws, and government guidance. The lack of guidance in this area is hindering the adoption of digital health technologies, which have tremendous potential for improving condition management, clinical risk assessment, and decision support.

The developers of digital health technologies often share user data collected by their products and apps with third parties but do not necessarily disclose their data sharing practices with consumers, and their privacy policies are often far from transparent. The use of these apps and technologies can place user privacy at risk. The technologies may also lack appropriate security controls and could be vulnerable to cyberattacks that could expose sensitive user data.

“The Digital Health Assessment Framework is intended to be an open framework, accessible for anyone to use, to support the adoption of high-quality digital health technologies and help healthcare professionals and patients make better-informed decisions about which digital health tools best suit their needs,” said the ATA in a press release.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

The framework includes components that healthcare professionals and consumers can use to assess data and privacy, clinical assurance and safety, usability and accessibility, and technical security and stability, and was developed to support U.S. guidelines, regulations, and best practices for digital health practices.

“Digital health technologies can offer safe, effective, and engaging access to personalized health and support, and provide more convenient care, improve patient and provider satisfaction, and achieve better clinical outcomes,” said Ann Mond Johnson, CEO of the ATA. “There are literally hundreds of health apps and devices for patients and clinicians to choose from, and our goal is to provide confidence that the health and wellness tools reviewed in this Framework meet quality, privacy and clinical assurance criteria in the U.S.

ACP is conducting a pilot study of health apps which will be reviewed against the framework, with the goal of creating an extensive library of acceptable digital health tools. The framework will be regularly updated based on feedback from digital health technology companies, healthcare professionals, consumers, and other stakeholders to reflect changes in clinical practice, and the latest guidelines and best practices.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.