On September 15, The App Association (ACT), along with several of its mobile health company members, asked Congress for more clarity on HIPAA cloud regulations for mobile app developers. Specifically, the organization sent a letter to Rep. Tom Marino, asking him to encourage Congress to enact greater clarity with their regulations.
According to ACT’s Executive Director, Morgan Reed, they are interested in addressing this issue considering that so many members of ACT are either engaged, or interested in becoming engaged, with either health or fitness, and could be potentially impacted by HIPAA regulations.
HIPAA covers a wide range of issues regarding insurance coverage portability and health care delivery. In relevance to mobile apps, though, HIPAA’s Privacy Rule regulates how medical services providers, health insurers, etc. store, share, access, and communicate patient information. Breaching the Privacy Rule can and has cost medical providers thousands of dollars in fines — in 2011, UCLA settled for $865,550 in regard to potential HIPAA violations.
“I would hazard a guess that close to 30% of our members are either actively pursuing this or already engaged in it,” explained Reed in an interview with MobiHealthNews. Reed says that HIPAA privacy regulation rules are often not spelled out very clearly for software developers, and it becomes difficult to translate what they mean for apps.
ACT is also arguing that the government should promote better accessibility of HIPAA and health IT policies for tech companies. Currently, they are published in the Federal Register. Publishing them in more places, or actively seeking out developers could be useful in ensuring a standard that is followed, since many app developers are fairly unfamiliar with HIPAA to begin with.
Reed points out that ultimately, it’s patients who would benefit from clearer regulations. Because HIPAA regulations are often confusing or murky for developers to understand, many don’t even attempt to enter the field of something that could be HIPAA-related — even though their participation could potentially lead to innovative and promising healthcare apps.
“If care systems don’t understand the intersection of HIPAA and mobile, and their reaction is to say ‘no’, then apps that improve outcomes don’t make it through the front door,” warned Reed. Hopefully, Congress will pay attention to ACT’s letter, and act accordingly on creating a HIPAA policy that has more clarity for app developers.