With how quickly technology is evolving, ensuring mobile devices and applications are HIPAA compliant continues to be a challenge.
- The federal Health Insurance Portability and Accountability Act of 1996, better known as HIPAA, is one of the main pieces of healthcare legislation that every member of the industry must be aware of and comply with. HIPAA aims to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.
However, as technology has evolved, it has becoming increasingly difficult to adhere to HIPAA compliance rules. This is only made more difficult by the fact that governing bodies could do a better job of monitoring and explaining HIPAA guidelines.
Last month, a letter written by Department of Health & Human Services (HHS) Secretary Sylvia Burwell in November 2014, was made public. It was written in response to a letter by Representatives Peter DeFazio (D-OR) and Tom Marino (R-PA), who asked the HHS Office for Civil Rights (OCR) to provide a clearer and updated set of HIPAA guidelines when it comes to new technology and mobile health.
Burwell’s letter recognized that mobile health is gaining popularity, which is increasing the number of questions that professionals have about how HIPAA applies to the technology.
“We understand that existing guidance materials may not address all the questions that companies in this emerging field may have,” Burwell wrote. “To begin to address these issues, OCR has already met with ACT | The App Association, which represents over 5,000 app companies and information technology firms, to discuss the needs of companies and to ensure that OCR can provide technical assistance and guidance in useful ways.”
She also spoke about the need to continue the dialog between the industry and mobile experts. This will help create “real time solutions” for the most pressing issues in the community.
The letter from DeFazio and Marino also asked the HHS to discuss clarifying how HIPAA rules apply to companies and services that store data in the cloud and asked for HHS to make it easier for companies to comply with all HIPAA regulations.
“We would like HHS to assign employees with technological expertise to regularly engage with companies in the emergent healthcare technology space,” DeFazio and Marino wrote. “These employees should be prepared to work with app developers and others to make sure that products incorporate HIPAA protections beginning at the early stages of product development.”
There are thousands of health related mobile applications and devices on the market and the number is growing, seemingly every day. With no signs of slowing down, ensuring that these devices and apps are HIPAA compliant are crucial, not only for success.but also to ensure that patient information remains secure.