Congress to HHS: Update HIPAA mHealth guidance
The federal regulatory environment is not keeping up with changes in the mobile health industry, and the Department of Health and Human Services (HHS) should update its HIPAA guidance to better regulate this burgeoning market, according to two House representatives.
Following up on a letter sent to him from ACT|The App Association, Rep. Tom Marino (R-Penn.), along with Peter DeFazio (D-Ore.), sent a letter to HHS Secretary Sylvia Mathews Burwell pointing out that the agency’s website outlining technical compliance with HIPAA has not been updated since 2006, “years before an app store existed, much less the modern mobile device.”
As such, companies both large and small are struggling to determine if their mobile health apps are in compliance with HIPAA regulations. Some have hired legal teams just to determine, with some level of certainty, whether their product is in compliance.
“In order to make sure that mobile health apps and other companies can in good faith comply with these [important] protections, we ask that HHS provide clear, easily accessible and up to date regulatory guidance for HIPAA compliance with regard to new technologies,” according to the letter.
The congressmen also called for:
- The development of Implementation standards by the Office of Civil Rights to help companies conform to regulation and avoid enforcement action
- Clarity on HIPAA obligations for companies that store data in the cloud
- The assignment of HHS employees with technical expertise to regularly engage with companies in the emergent healthcare technology space.
Read the full letter.