Feds Should Clarify Rules for Health Apps, Advisers Say

Medical Devices Law & Industry Report provides complete in-depth, interdisciplinary news coverage of all major developments in the rapidly changing medical...

April 19 — Federal health IT policy advisers April 19 joined the call for the HHS to clarify how mobile health apps are affected by federal privacy laws and regulations.

Despite recent guidance from regulators, many health app developers and their customers remain unsure how privacy rules apply to health information stored on smartphones and on various applications, advisers to the Department of Health and Human Services Office of the National Coordinator for Health IT said.

This uncertainty has kept some software developers out of the health market and made many people wary of storing their health data on mobile apps.

The HHS Office for Civil Rights should provide additional guidance to clarify exactly how the Health Insurance Portability and Accountability Act applies to mobile health apps, the head of the API task force, an advisory body to the ONC, said.

“Relationships between providers and app developers are often complex, and the OCR's recent guidance, while helpful, might not fit all cases,” Meg Marshall, director of policy for EHR vendor Cerner and co-chairwoman of the API task force, said.

The API task force is studying the security risks and policy issues associated with building application programming interfaces (APIs) into electronic health record systems, which will make it easier for third-party tools such as mobile apps to receive data from health-care organizations.

An API is a set of technical protocols that allows third-party software programmers to build tools to interact with an information database or program.

Federal health IT regulators have said the technology will make it easier for consumers to download their health records to personal health record platforms and mobile applications.

The group presented its draft recommendations to the Health IT Policy and Health IT Standards committees, the main advisory bodies to the ONC. The task force will issue its final recommendations May 17.

The group joins federal lawmakers and a mobile app trade organization in calling for the HHS to clarify how federal laws applies to consumer health technologies (10 MELR 07, 3/30/16).

Guidance for Developers

Two federal agencies recently released guidance on how federal regulations apply to mobile apps.

The Federal Trade Commission April 5 released web-based interactive tools to give app developers a better sense of how their products are affected by current regulations and laws (10 MELR 08, 4/13/16).

The OCR in February published informal guidance clarifying when mobile apps are subject to HIPAA rules.

However, both actions fall short of what app developers really want: a clear dividing line between what is and what isn't covered under HIPAA and other health privacy laws, Josh Mandel, who also services as co-chairman of the task force, said.

For example, he said, it's unclear whether an app that allows patients to communicate with their health-care provider is covered under HIPAA if the provider didn't recommend or develop the app.

To contact the reporter on this story: Alex Ruoff in Washington at aruoff@bna.com

To contact the editor responsible for this story: Kendra Casey Plank at kcasey@bna.com