Health Information Compliance Alert

Wearables provide new ways to promote healthy lifestyle among your patients.

Smartphone apps for health and wearables like Fitbit are all the rage right now, but they also present serious HIPAA privacy and security implications. The key is to utilize the data from these apps to your organization’s advantage, while at the same time ensure that the data doesn’t sink your compliance plan.

“There are apps for your smartphone to track your diet, sugars, heart rate, sleep, and just about anything,” according to a recent blog posting by attorney Mary Beth Gettins of Gettins’ Law. Health apps can be great tools for providing a wealth of information to enhance healthcare delivery.

And many health apps on the market are designed to enhance patient engagement between office visits, encourage prescription medication compliance, and inform marketing strategies for providers, insurers and pharmaceutical companies, notes David Feinleib of The Big Data Group based in San Francisco. Some apps also provide patients and their healthcare providers with the opportunity to analyze personal health data via wearable devices, helping patients to adjust their choices and lifestyle.

Health Apps Provide 5 Opportunities

“Big data” can provide important insights in capturing value, but traditional tools don’t always take complete advantage of this, according to McKinsey & Company. For example, unit-price discounts are based primarily on contracting and negotiating leverage, but they focus solely on reducing costs rather than improving patient outcomes.

“Although these tools will continue to play an important role, stakeholders will only benefit from big data if they take a more holistic, patient-centered approach to value, one that focuses equally on healthcare spending and treatment outcomes,” stated a recent McKinsey & Company report. Here are five pathways to assist in redefining value and identifying tools for the new era of embracing big data:

• Lifestyle: Encourage patients to play an active role in their own health by making the right choices about diet, exercise, preventive care, and other lifestyle factors.
• Care: Provide patients with the most timely, appropriate treatment available. The right care requires a coordinated approach, with all caregivers having access to the same information and working toward the same goal to avoid duplication of effort and suboptimal treatment strategies.
• Provider: Providers must have strong performance records and be capable of achieving best outcomes. Patients need to select the right provider based on her skill sets and abilities rather than job title — for instance, nurses or physicians’ assistants may perform many tasks that do not require a physician.
• Value: Providers and payors should continually look for ways to improve value while preserving or improving healthcare quality — for instance, developing a system in which provider reimbursement is tied to patient outcomes or employing programs designed to eliminate wasteful spending.
• Innovation: Focus on identifying new therapies and approaches to healthcare delivery and improve the innovation engines themselves — for instance, advancing medicine and boosting research and development productivity.

Example: The mobile health app offered by Ginger.io tracks patients through their mobile phones and assists with behavioral health therapies, recording data about calls, texts, geographic location, and even physical movements.

The app integrates patient data with public research on behavioral health, and the insights obtained can be revealing, the report noted. “For instance, a lack of movement or other activity could signal that a patient feels physically unwell, and irregular sleep patterns (revealed through late-night calls or texts) may signal that an anxiety attack is imminent.”

Beware of the HIPAA Pitfalls

But while you’re pondering how these increasingly popular health apps and wearables can cut costs and improve patient care in your organization, beware that the HHS Office for Civil Rights (OCR) is also taking notice. Health apps undoubtedly create certain implications regarding HIPAA compliance, so OCR has now released new guidance on the subject.

If you’re a covered entity or business associate, you’re already subject to HIPAA. That’s why OCR’s new guidance focuses on health app vendors and developers.

OCR’s guidance, released on Feb. 11, aims to demonstrate how HIPAA applies to health information that a patient creates, manages, or organizes through the use of a health app, as well as when might an app developer need to comply with the HIPAA Rules, according to Gettins. OCR used a series of questions and illustrative scenarios to show when a health app developer or vendor might be subject to HIPAA regulations.

Resource: To read the OCR’s new guidance document, go to http://hipaaqsportal.hhs.gov/community-library/accounts/92/925889/OCR-health-app-developer-scenarios-2-2016.pdf.