Courtesy of Ziggy Creative Colony via Flickr/Creative Commons
Mobile health, or mHealth apps are increasingly abundant – not only among healthcare professionals, but among patients as well. From the healthcare professional’s perspective, these apps can help guide important decisions when it comes to patient care, and can allow for improved communications with fellow physicians and patients.
From the patients’ perspective, these types of apps contain a great wealth of health information and can help an individual be more health conscious (think fitness tracking, reminders to take medications and more). mHealth apps can also contribute to the bigger picture in collecting important aggregate health information.
However, mHealth apps have struggled in recent years to meet stringent privacy laws and HIPAA requirements. The abundance of app developers and the absence of app regulation puts patients and their protected health information at risk.
First, there are serious concerns regarding the security of apps. These issues include transmission of unencrypted information, a lack of privacy policies and appropriate warnings or disclosures, vulnerability to cyber-attacks, phishing attacks or an information breach. The question then becomes, who is responsible for these issues?
Believe it or not, the app developer is usually not the responsible party. In February, the Office for Civil Rights published Health App Use Scenarios & HIPAA. This document provides guidelines to help app developers determine whether or not they are subject to HIPAA regulations as a ‘business associate,’ or a non-healthcare provider with access to protected health info. Essentially, if the developer is not the entity “creating, receiving, maintaining or transmitting protected health information (PHI) on behalf of a covered entity or another business associate,” they are not subject to HIPAA regulation. Further progress was made in April when the Federal Trade Commission (FTC) released a tool to help app developers determine which regulations and laws may apply to their apps. The goal of this tool is to help developers create apps that better protect consumers, encourage innovation in mobile health, and comply with appropriate regulations.
Second, there is also concern regarding the actual reliability of the app. Is health information and advice contained therein accurate? Is it updated regularly and was an expert consulted during development of the app?
Consider the following when evaluating apps for professional use as a healthcare professional:
+ Who developed the app?
+ What are their credentials?
+ Did they take into consideration HIPAA and other laws and regulations?
+ How willing are your patients or colleagues to use the app?
Today’s technology holds limitless potential. Identifying and resolving risks won’t be easy, but effectively developed apps hold the promise of lowered costs, improved communication and empowerment for healthcare professionals and patients alike.
Is your organization in need of guidance or training at the intersection of healthcare, social media and technology? Call red balloon today (480) 270-5395.