Mobile data security guidelines on agenda at AMA meeting
The interim meeting of the American Medical Association in Orlando will consider several recommendations aimed at strengthening data security of mobile health applications and devices.
The policy suggestions come from a report released by the AMA’s Council on Medical Service. It noted the regulatory gray area mobile apps and devices fall into, even when storing or handling sensitive health information.
“As such, mHealth apps are not required to protect the privacy and security of an individual’s health information in the same way that a physician must because mHealth apps are not directly subject to HIPAA regulations,” the report said.
Among 11 policy recommendations in the report, AMA Wire Editor Kevin O’Reilly wrote four deal specifically with mobile data: Among these are ones that specifically apply to concerns about mHealth data, which state that the Association should:
- Support requiring mHealth apps and associated devices, trackers and sensors to abide by applicable laws addressing the privacy and security of patients’ information.
- Encourage the mobile app industry and other relevant stake holders to conduct industrywide outreach and provide necessary educational materials to patients to promote increased awareness of the varying levels of privacy and security of their information and data afforded by mHealth apps, and how their information and data can potentially be collected and used.
- Encourage the mHealth app community to work with the AMA, national medical specialty societies and other interested physician groups to develop app transparency principles, including the provision of a standard privacy notice to patients if apps collect, store or transmit protected health information.
- Encourage physicians to alert patients to the potential privacy and security risks of any mHealth apps that he or she prescribes or recommends, and document the patients’ understanding of such risks.
HHS’s own report in July 2016 admitted regulations haven’t kept pace with new technologies which collect health data, but said crafting new guidelines would have to be left up to Congress.
The report also noted when industry groups have crafted voluntary guidelines, they’ve been largely ignored, writing that “no widely adopted, comprehensive voluntary code of conduct has emerged.”
A vote from delegates on the AMA’s attempt at setting industry standards for mHealth is expected sometime before the meeting adjourns Nov. 15.