The short answer…yes! In February of this year, The U.S. Department of Health and Human Services (HHS) released a document covering just this very topic. The longer answer…as mHealth grows, so do the number of questions surrounding privacy of records, the relationships of app developers and covered entities under the act, and the scenarios in which the definitions might be made. The Federal Trade Commission (FTC) also offers general security guidelines to app developers including recommendations for naming a person responsible to oversee security issues, understanding mobile platforms, generating secure credentials and using encryption.
HHS’s rulings definitely take into account the relationship of the app developer and detail specific scenarios to help developers better understand if their app is dealing with protected health information (PHI) and therefore needs to be HIPAA compliant. There are gray areas and to further define PHI, if a developer is building a wearable device or application that collects the user’s personal health information, but does not plan on sharing it with a covered entity such as a doctor at any point in time, then the developer does not need to be HIPAA compliant and do not violate the HIPAA Privacy Rule.
When developing an mHealth app, there are many regulations to consider including HIPAA and HITECH for data privacy; and if the app can be considered a medical device, one needs to consider FDA process as well. Certifications may very well soon be the future of mHealth apps, but time will tell as the industry expands.
As mobile accessibility grows, top EHR providers such as the award winning Greenway PrimeSuite, Medisoft and Lytec all offer superior cloud-based access for physicians and patients. Contact the Microwize sales department for more information about the cloud-computing capability of these products.
