Tech & Innovation in Healthcare
Are Health Apps Subject to the Health Breach Notification Rule? Find Out.
Question: Our practice is using health apps and wearable devices to remotely monitor patients’ vitals when they’re at home. We’ve established a secure network, data collection policies, and are complying with HIPAA rules. Do you have any other advice to ensure our practice is compliant? Maine Subscriber Answer: Wearable devices, such as FitBits or Apple Watches, are part of the Internet of Things (IoT) and incorporating them into your organization can be beneficial to both the provider and the patient. Wearable devices are effective at monitoring patients’ vitals from afar, so your patients can go about their daily lives without having to constantly write down important health information. You’re off to a great start by securing your network, establishing data collection policies, and complying with HIPAA rules. However, you should check the policies of the health apps and devices you’re currently using. On Sept. 15, 2021, the Federal Trade Commission (FTC) issued guidance that health app developers need to comply with the Health Breach Notification Rule. The Health Breach Notification Rule requires vendors of personal health records and related entities to notify the FTC, consumers, and media (in some cases) when data is acquired or disclosed without the consumer’s authorization. Since the Rule’s issuance in 2009, the use of health apps and connected devices has increased considerably. The devices and apps are prime targets for cyberattacks. Health apps collect a wide swath of information, such as glucose levels for those with diabetes, sleep patterns, and heart health data. In a statement, the FTC wrote “These apps have a responsibility to ensure they secure the data they collect, which includes preventing unauthorized access to such information” (URL: www.ftc.gov/news-events/press-releases/2021/09/ftc-warns-health-apps-connected-device-companies-comply-health). The FTC indicates the Health Breach Notification Rule covers apps and connected devices that can pull information from multiple sources and aren’t covered by a similar Department of Health and Human Services (DHS) rule. Additionally, any company that doesn’t comply with the rule may be subject to financial penalties of up to $43,792 per violation per day.
Tech & Innovation in Healthcare
- 2021 Year-in-Review:
Protect Against the Pandemic with mRNA Vaccines
Receive peace of mind with at-home COVID-19 test kits. In the battle against the COVID-19 [...] - ACL Surgery:
Get Back on the Basketball Court Sooner with the BEAR Implant
Learn how medical professionals can detect many cancers at once. What if providers could detect [...] - Cybersecurity Quiz:
Test Your Cyber Smarts With These 7 Tough Questions
Make data security a priority in 2022. The combination of the telehealth expansion, increases in [...] - Toolkit:
Start 2022 Right With a Social Media Audit
Consider adding these 7 steps to your compliance plan. For better or worse, social media [...] - Cybersecurity Quiz Answers:
Boost Your Health IT With These Answers
Tip: Understand what ‘keylogging’ means. Check your cybersecurity smarts against these answers. Answer 1: A [...] - Reader Questions:
Disinfect Your Healthcare Devices to Prevent Cross Contamination
Question: We’re constantly washing our hands, using hand sanitizer, and disinfecting high-touch surfaces around our [...] - Reader Questions:
Are Health Apps Subject to the Health Breach Notification Rule? Find Out.
Question: Our practice is using health apps and wearable devices to remotely monitor patients’ vitals [...] - Reader Questions:
Thwart Identity Theft With Better PHI Disposal Protocols
Question: Our primary care practice is relocating to another office with more space, and we’re [...]
