Lawmakers Hear Calls for Updates to HIPAA Guidance

Stay ahead of developments in federal and state health care law, regulation and transactions with timely, expert news and analysis.

By Michael D. Williamson

March 2 — The federal government needs to update HIPAA guidance on remote access to patient data, according to the leader of an app industry group.

Guidance from the Department of Health and Human Services covering remote use of patient health data was last updated in December 2006 and the first iPhone didn't become publicly available until June 2007, Morgan Reed, executive director of the ACT, The App Associationtold Bloomberg BNA after a March 2 House Science, Space, and Technology Subcommittee on Research and Technology hearing.

“Without new documentation that speaks to more modern uses, it’s difficult for app makers to understand how to implement HIPAA in an effective way for patients,” Reed said in a March 2 e-mail to Bloomberg BNA.

Rep. Suzanne Bonamici (D-Ore.) agreed about the need for new HIPAA guidance. “It's really time we update a lot of these things,” she said at the hearing.

The subcommittee convened the hearing to examine the development of apps and wearable technologies for monitoring, diagnosing and tracking disease and medical conditions. A number of barriers hinder some mobile health apps from being used more broadly. Those barriers include regulatory systems, data security and privacy, and reimbursement issues.

Even though regulatory and other barriers may hinder health app development, 50 percent of smartphone users are expected to have downloaded mobile health apps and the total mobile health market revenue is expected to reach $26 billion by 2017, the subcommittee said in a March 2 statement.

The subcommittee chairwoman, Barbara Comstock (R-Va.), said the rapid growth of mobile health technology is a reflection of the ingenuity of app designers. This new technology can and should open up a new revolution that makes everyone personally engaged and responsible for their health care, Comstock said.

Reimbursement Challenges

In addition to calling for updated HIPAA guidance, Reed underscored the need for proper Medicare reimbursement for mobile health services.

Despite the demonstrated value remote patient monitoring technologies hold for “improving the American health system, statutory and regulatory constraints on Medicare reimbursement for health care professionals’ use of telehealth and remote patient monitoring technologies have long been a deterrent to advancement and adoption,” Reed said in written testimony.

Language in the Social Security Act has resulted in significant restrictions on telehealth services by adding odd and untenable requirements, such as originating site and geographic restrictions, Reed said. He added remote patient monitoring is unreasonably restrained by a Center for Medicare & Medicaid Services’ policy decision that bars direct coverage for the service.

“As a result, Medicare coverage for telehealth is startlingly deficient, while reimbursement for remote patient monitoring is non-existent and denies reasonable reimbursement for the monitoring of patient generated health data that should be leveraged to improve care outcomes,” Reed wrote.

The CMS's continued restrictions against paying for certain mobile health and patient monitoring services come as providers “must now shift from fee-for-service to value-based payments, and the resulting incentives favor outcomes more than procedures,” Reed said in his testimony.

“This transition significantly elevates the value of connected health data that comes from remote patient monitoring, chronic condition management, wearable sensors, and apps.”

To contact the reporter on this story: Michael D. Williamson in Washington at

To contact the editor responsible for this story: Brent Bierman at

Request Health Care on Bloomberg Law