HIPAA on the Hill

healthcare_governmentThe pace of mHealth innovation shows no signs of slowing down. New technologies are not only improving the lives of patients, but also empowering clinicians. However, healthcare is a highly regulated space dominated by major vendors, and it is vital that the regulatory environment keep up with the changing world. Specifically, it’s time for the Department of Health and Human Services (HHS) to take a fresh look at the Health Insurance Portability and Accountability Act (HIPAA) to ensure it better fits today’s mobile world.

Current HIPAA guidelines – while critical – need to be revised to support smaller companies that can transform the space. Leading app developers across the industry are working together to seek clearer guidelines that will encourage innovation. The App Association recently joined with AirStrip, CareSync, and other mHealth companies urging government representatives to look at this issue so we can better align our practices with theirs and together work towards the goal of improved patient care.

We recommend:

1. Make existing regulation more accessible for tech companies

Information on HIPAA is still mired in a Washington, D.C. mindset that revolves around reading the Federal Register, or hiring expert consultants to ‘explain’ what should be clear in the regulation itself. Not surprisingly, app makers do not find the Federal Register to be an effective resource when developing health apps.

Additionally, there are limited user-friendly resources available for app developers, who are mostly solo inventors or small groups of designers – not large companies with the resources to easily hire counsel or consultants who can help through the regulatory process.

Proposed solution: HHS must provide HIPAA information in a manner that is accessible and useful to the community who needs it. The agency should draft new FAQs that directly address mobile developer concerns.

2. Improve and update guidance from OCR on acceptable implementations

The current technical safeguards documentation available on the hhs.gov website is significantly out of date. Without new documentation that speaks to more modern uses, it will be difficult for developers to understand how to implement HIPAA in an effective way for patients.

Proposed solution: HHS and OCR must update the ‘Security Rule Guidance Material’ and provide better guidance regarding mobile implementations and standards – or examples of standard implementations that would not trigger an enforcement action – instead of leaving app makers to learn about these through an audit.

3. Improve outreach to new entrants in the healthcare space

Some of the most innovative new products in the mobile health space are coming from companies outside the traditional healthcare marketplace. Yet HHS appears attached to ‘traditional’ healthcare communities.

Proposed solution: In order to ensure the expansion of innovative new technologies, it is essential that HHS, OCR and others expand their outreach to the communities that are driving innovation.

These issues are critical to the mobile health economy. By working more closely together, we can create a regulatory environment that encourages innovation in this life-changing marketplace.

Morgan Reed is the executive director of ACT | The App Association, the leading organization representing software companies in the mobile app community.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s