The world of medicine is changing fast. Textbooks are no
longer in vogue for medical information. Today, one can find almost any type of medical information on the web.
Hospitals and healthcare providers have now gone one step
further to compete for patients. Many of them now have apps available on mobile
devices like androids and iPhones. There are medical apps which provide
consumers with the latest developments in medicine, when the ER is not busy,
what services are provided by a healthcare facility and so on.
There are even apps which now help patients punch in their
symptoms and come up with a differential diagnosis. The four leading apps which
offer symptom diagnosis for patients include iTriage, WebMD, Isabel Symptom
Checker and HealthShield. Each of these apps works in a similar manner-the
consumer punches in his or her list of symptoms and the apps offers a presumed
diagnosis or a differential diagnosis. In some cases, it also refers the
patient to the appropriate specialist.
The question is what are the confidentiality rules governing
these apps?
The problem is that because the apps are relatively new in
the field of medicine, no standard rules have been developed regarding
confidentiality. It is important to understand that HIPPA regulations took into
effect in 2003 way before there were any androids and iphones. At that time the
explosion of androids and their capabilities was never entertained by policy
makers. Hence application of HIPPA regulation to mobile apps has becoming a
confusing task. In fact several app developers have already sent Congress a
memo on clarification before they face the wrath of HIPPA. While Congress
ponders over the androids, it is important for all medical app manufacturers to
know a few facts. The first is that HIPPA does not take too kindly if personal
medical information is released to the public and whenever there is a doubt on
confidentiality issues, you can rest assured HIPPA always wins. So if your apps
have the following features, then you fall under HIPPA:
-
Your app engages in electronic
transactions or communications- this does not only mean talking or texting but
any time of communications with a healthcare provider.
-
Healthcare clearinghouses meaning your
apps facilitates or processes health information received from another entity
in a non-standard format or contains non-standard information content into
standard data elements or a standard transaction.
-
If your app provides information on
health plans.
-
You have Business associates or vendors
who have a formal business associates agreement (BAA) with any of the above
entities.
Unless your healthcare institution fits into one of these
categories, HIPPA regulations do not apply.
If the mobile app is aimed at consumers just for medical education it is
most likely safe unless it receives data directly from a HIPAA-covered entity
and there is a signed BAA. Even though
consumers often willingly volunteer health information on various electronic
devices and even though this information may be personal and sensitive, it
generally does not suffice HIPAA protection.
However, if the healthcare provider's mobile apps is aimed
at healthcare providers or other HIPAA-covered entities, than you can rest
assured HIPPA rules apply.
Unfortunately, there are many gray area with apps. If the
App deals with any type of protected medical data, covered entities will most
likely that your institution sign a BAA. Then it is legally bound to comply
with HIPPA rules such as providing security, confidentiality and privacy. Under
the recently passed Omnibus rule, your institution is under the same legal
liability for HIPPA compliance as the entity it covers.
Are you a mobile app developer? Check out these useful links below
