Otolaryngology Coding Alert

Question: Our clinicians are using more and more apps for a variety of reasons, including clinical decision-making and prescriptions. It makes our compliance manager uncomfortable. How can we know which apps must comply with HIPAA and which don’t need to?

New Jersey Subscriber

Answer: Whether a software application must comply with HIPAA or other federal privacy laws depends on a myriad of factors. Thankfully, you now have a user-friendly tool to help you find the answer.

The Federal Trade Commission (FTC) recently designed a new “litmus test” to pinpoint which apps must comply with HIPAA guidelines simply by answering the following 10 questions (see www.ftc.gov/tips-advice/business-center/guidance/mobile-health-apps-interactive-tool):

1. Does the app create, receive, maintain, or transmit identifiable health information?
2. Is the app developer a healthcare provider or health plan?
3. Do consumers need a prescription to access the app?
4. Did the developer create the app on behalf of a HIPAA covered entity?
5. Is the app intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease?
6. Does the app pose “minimal risk” to a user?
7. Is the app a “mobile medical app?”
8. Is the app developer a nonprofit organization?
9. Did the developer create the app as a covered entity?
10. Does the developer offer health records directly to consumers (or does the developer interact with or offer services to someone who does)?

Apps can help improve quality of care, communication with patients, education, and tracking or monitoring illnesses. But don’t forget that any information you – or your providers – are importing, accessing, and storing is sensitive information. Always take safeguards to keep it from falling into the wrong hands or being used in the wrong way.