New portal to clear up HIPAA regs for mobile developers

A new online portal is designed to help mobile health technology developers better understand HIPAA privacy and security issues. 

The Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) established the portal in response to calls from legislators. In September 2014, Reps. Tom Marino (R-Pa.) and Peter DeFazio (D-Ore.) wrote to HHS Secretary Sylvia Mathews Burwell urging the agency to clarify and update HIPAA regulations for mobile application developers.

The letter asks federal officials to clarify HIPAA obligations for services storing data on the cloud; offer implementation standards through OCR; recruit employees who can work with startups to produce HIPAA-compliant products; and update the steps vendors must take to comply with HIPAA.

OCR said the platform will help the agency better determine where to focus its guidance for developers, especially those involved in mobile health technology.

Anyone can browse the site and visitors also can register with the website. User identities and email addresses will be anonymous to OCR. Registered users have the ability to offer comments on other submissions, submit questions and vote on the relevancy of topics.

OCR noted that posting or commenting on a question will not result in enforcement action.

"We are experiencing an explosion of technology using data about the health of individuals in innovative ways to improve health outcomes," OCR said in an announcement. "Building privacy and security protections into technology products enhances their value by providing some assurance to users that the information is safe and secure and will be used and disclosed only as approved or expected. ... Yet many mHealth developers are not familiar with the HIPAA rules and how the rules would apply to their products."

The platform is a step in the right direction, according to ACT | The App Association, which urged Congress last year to press HHS for more clarity. While mobile connectivity "is poised to revolutionize healthcare by giving individuals greater access to their own health information and improving patient outcomes," said ACT Executive Director Morgan Reed. "Unfortunately, a major obstacle to realizing the benefits of mobile health technology has been uncertainty around HIPAA. We pledge to work with OCR to get resolution in these areas and to make this resource work best for companies committed to helping us live healthier through mobile technology."

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”