Mobile data security guidelines on agenda at AMA meeting

The interim meeting of the American Medical Association in Orlando will consider several recommendations aimed at strengthening data security of mobile health applications and devices.

The policy suggestions come from a report released by the AMA’s Council on Medical Service. It noted the regulatory gray area mobile apps and devices fall into, even when storing or handling sensitive health information.

“As such, mHealth apps are not required to protect the privacy and security of an individual’s health information in the same way that a physician must because mHealth apps are not directly subject to HIPAA regulations,” the report said.

Among 11 policy recommendations in the report, AMA Wire Editor Kevin O’Reilly wrote four deal specifically with mobile data: Among these are ones that specifically apply to concerns about mHealth data, which state that the Association should:

  1. Support requiring mHealth apps and associated devices, trackers and sensors to abide by applicable laws addressing the privacy and security of patients’ information.
  2. Encourage the mobile app industry and other relevant stake holders to conduct industrywide outreach and provide necessary educational materials to patients to promote increased awareness of the varying levels of privacy and security of their information and data afforded by mHealth apps, and how their information and data can potentially be collected and used.
  3. Encourage the mHealth app community to work with the AMA, national medical specialty societies and other interested physician groups to develop app transparency principles, including the provision of a standard privacy notice to patients if apps collect, store or transmit protected health information.
  4. Encourage physicians to alert patients to the potential privacy and security risks of any mHealth apps that he or she prescribes or recommends, and document the patients’ understanding of such risks.

HHS’s own report in July 2016 admitted regulations haven’t kept pace with new technologies which collect health data, but said crafting new guidelines would have to be left up to Congress.

The report also noted when industry groups have crafted voluntary guidelines, they’ve  been largely ignored, writing that “no widely adopted, comprehensive voluntary code of conduct has emerged.”

A vote from delegates on the AMA’s attempt at setting industry standards for mHealth is expected sometime before the meeting adjourns Nov. 15. 

""
John Gregory, Senior Writer

John joined TriMed in 2016, focusing on healthcare policy and regulation. After graduating from Columbia College Chicago, he worked at FM News Chicago and Rivet News Radio, and worked on the state government and politics beat for the Illinois Radio Network. Outside of work, you may find him adding to his never-ending graphic novel collection.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.