A lot has changed since the HIPAA Privacy Rule was finalized in 2002 and the HIPAA Security Rule was finalized a year later in 2003. The iPhone had not been released (that happened in 2007), Apple had just released the iTunes store, the first “do not call” list law was passed, and Arnold Schwarzenegger was elected Governor of California.
Laws and regulations often struggle to keep up with the pace of innovation in the mobile technology space, forcing app developers to apply laws that were drafted in a different era to emerging technologies. To address this issue, the U.S. Department of Health and Human Service’s Office for Civil Rights (OCR) has launched a website that allows health app developers to submit questions about HIPAA. The questions will be reviewed by OCR to decide the guidance and technical assistance it will draft. The site will allow OCR to engage with mHealth designers and developers on issues and concerns related to protecting health information privacy.
Some of the early questions submitted seek guidance around patient generated health data, the content of business associate agreements, cloud computing and audit logging.
OCR should be applauded for engaging with the health IT and digital health community to advance privacy and security compliance in the rapidly evolving health app space.
You can submit your questions via the OCR website.