Last week I discussed how the Food and Drug Administration (FDA) has drafted guidelines when it comes to regulating medical mobile apps used as medical devices. That spurred me to wonder what role does the Health Insurance Portability and Accountability Act (HIPAA) play in the development and use of medical apps. Do developers and app users even need to consider HIPAA and how do they know if they violate privacy concerns?
The issue comes down to what information the app displays and who will use the app. In general, HIPAA only applies to “covered entities” and their “business associates.” These may seem like somewhat vague terms, but the definitions are not too confusing:
- Covered entities apply to things such as employer-sponsored insurance, places that process health care claims or healthcare providers that electronically conduct transactions
- Business associates apply to entities that protect health-related information.
In simple terms, if information displays an actual service date, patient information or other confidential information, app developers are subject to HIPAA laws. Apps designed to provide general medical information are not. While the definitions and examples make sense, they have the potential to become muddled. If someone sends information to his/her physician, HIPAA does not apply. Here is where it gets interesting – once a physician who is covered by HIPAA receives that information, the app becomes subject to privacy laws.
Concluding ThoughtsWhat do developers do in these cases? When they work on an app, they will need to consider the audience – the user factors into this equation, but how developers choose to distribute the app really does not. If the app provides non-patient specific information, HIPAA does not apply. Once the app involves patient information, developers would benefit by ensuring they use a HIPAA checklist because it may become easy to blur the lines – especially if healthcare professionals and patients use the same app.
·
No comments:
Post a Comment