- Healthcare providers and mHealth app developers trying to understand the complexities of HIPAA now have a new resource at their disposal.
The Connected Health Initiative, an offshoot of ACT | The App Association, has launched an interactive tool designed to help mobile health application developers figure out compliance with the privacy and security guidelines of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Morgan Reed, the organization’s president, says the questionnaire and accompanying video are geared toward mHealth app designers who might not understand the language of healthcare.
“Healthcare, like many other industries, has its own language and style,” he says. “We felt the (mHealth app) developer community was getting bogged down … and we wanted to build a bridge for them to better understand HIPAA.”
“We found that we had to build a tool for this other community that doesn’t live and breathe HIPAA every day.”
The resource targets a concern voiced by the Office of the National Coordinator for Health IT (ONC) last year. In a 32-page report sent to Congress last year, ONC executives noted HIPAA works fine for “traditional” healthcare, but can be confusing in an era of mobile devices, wearables and social media.
“Many of us now use wearables and other types of health information technology to help us manage our health and the health of our loved ones,” Karen DeSalvo, MD, the ONC chief at that time, and Jocelyn Samuels, then the director of the Health and Human Services Department’s Office of Civil Rights (OCR), wrote in a blog. “These fitness trackers, their related social media sites where individuals share health information, and other technologies are changing the way we interact and control our own health. However, they did not exist when Congress originally enacted (HIPAA) in 1996.”
“HIPAA serves traditional healthcare well and supports national priorities for the safe and secure flow of health information, but its scope is limited,” they added. “It applies only to organizations known as “covered entities” - health plans, healthcare clearinghouses and healthcare providers conducting certain electronic transactions - and their business associates. Yet these days, scores of new businesses use consumer-facing technology to collect, handle, analyze, and share health information about individuals - sometimes without those individuals’ knowledge.”
To create its new resource, CHI worked with Joy Pritts, the ONC’s former chief privacy officer. Reed said the organization’s goal was to give mHealth app developers something that would improve the app’s chances of success and adoption.
Given that HIPAA was drafted before mHealth tools and technology were part of the healthcare ecosystem, Reed said it was a challenge creating a resource that helps define how these platforms should protect sensitive health information. It’s a familiar argument that has led some mHealth advocates to call for a new or updated version of HIPAA.
In a blog accompanying the “HIPAA Check” resource, Reed said it’s important to break HIPAA down to its most basic imperative: protecting patient information.
“At its most basic level, HIPAA is designed to protect the privacy and security of patients by governing how entities that handle sensitive health information should protect that data, and it ensures patients are informed about how that data is used and stored,” he wrote.
HIPAA Check asks a series of questions regarding the user’s mHealth app, with videos and links to other resources accompanying each segment. Once the test has been completed, the user is offered a full report that explains each question and answer in more detail and offers more resources.