Question: Our practice would like to start using a mobile health app to engage our patients. How can we determine whether the mobile health app is HIPAA compliant?
Answer: Mobile health apps, also known as mHealth apps, are increasing in popularity, noted attorneys Lawrence Tabas and Jenna Shedd in an article for Obermayer Rebmann Maxwell & Hippel LLP Attorneys at Law. More than 100,000 mHealth apps are available on iOS and Android platforms.
“Mobile health apps have the potential to revolutionize the healthcare industry by engaging patients in their healthcare and facilitating communications between patients and their physicians,” Tabas and Shedd wrote. “However, there are many privacy and security risks associated with their use.”
In fact, the HHS Office for Civil Rights (OCR) has acknowledged that more guidance about HIPAA’s applicability to mHealth app developers is necessary, especially for those storing data in the cloud.
Some mHealth app developers are confused about how HIPAA applies to developing these apps, Tabas and Shedd pointed out. But the risk is clear — mHealth apps “contain large amounts of data, the majority of which is personal and sensitive information about the app’s user. Mobile health app developers must be aware of these laws and regulations in order to create successful apps and avoid penalty under the law in the event of a breach of any protected health information contained within the app.”
Best strategy: Look for a developer that clearly understands HIPAA and provides security protections for the user information contained on the mHealth app.