The world of medicine is changing fast. Textbooks are no longer in vogue for medical information. Today, one can find almost any type of medical information on the web.
Hospitals and healthcare providers have now gone one step further to compete for patients. Many of them now have apps available on mobile devices like androids and iPhones. There are medical apps which provide consumers with the latest developments in medicine, when the ER is not busy, what services are provided by a healthcare facility and so on.
There are even apps which now help patients punch in their symptoms and come up with a differential diagnosis. The four leading apps which offer symptom diagnosis for patients include iTriage, WebMD, Isabel Symptom Checker and HealthShield. Each of these apps works in a similar manner-the consumer punches in his or her list of symptoms and the apps offers a presumed diagnosis or a differential diagnosis. In some cases, it also refers the patient to the appropriate specialist.
The question is what are the confidentiality rules governing these apps?
The problem is that because the apps are relatively new in the field of medicine, no standard rules have been developed regarding confidentiality. It is important to understand that HIPPA regulations took into effect in 2003 way before there were any androids and iphones. At that time the explosion of androids and their capabilities was never entertained by policy makers. Hence application of HIPPA regulation to mobile apps has becoming a confusing task. In fact several app developers have already sent Congress a memo on clarification before they face the wrath of HIPPA. While Congress ponders over the androids, it is important for all medical app manufacturers to know a few facts. The first is that HIPPA does not take too kindly if personal medical information is released to the public and whenever there is a doubt on confidentiality issues, you can rest assured HIPPA always wins. So if your apps have the following features, then you fall under HIPPA:
- Your app engages in electronic transactions or communications- this does not only mean talking or texting but any time of communications with a healthcare provider.
- Healthcare clearinghouses meaning your apps facilitates or processes health information received from another entity in a non-standard format or contains non-standard information content into standard data elements or a standard transaction.
- If your app provides information on health plans.
- You have Business associates or vendors who have a formal business associates agreement (BAA) with any of the above entities.
Unless your healthcare institution fits into one of these categories, HIPPA regulations do not apply. If the mobile app is aimed at consumers just for medical education it is most likely safe unless it receives data directly from a HIPAA-covered entity and there is a signed BAA. Even though consumers often willingly volunteer health information on various electronic devices and even though this information may be personal and sensitive, it generally does not suffice HIPAA protection.
However, if the healthcare provider's mobile apps is aimed at healthcare providers or other HIPAA-covered entities, than you can rest assured HIPPA rules apply.
Unfortunately, there are many gray area with apps. If the App deals with any type of protected medical data, covered entities will most likely that your institution sign a BAA. Then it is legally bound to comply with HIPPA rules such as providing security, confidentiality and privacy. Under the recently passed Omnibus rule, your institution is under the same legal liability for HIPPA compliance as the entity it covers.
Are you a mobile app developer? Check out these useful links below