Congressmen Urge HIPAA Improvements on Behalf of App Developers

Last week ACT | The App Association, a grassroots organization representing mobile app developers sent a letter to congressman Tom Marino (R-PA) petitioning for changes and updates to be made to Health Insurance Portability and Accountability Act (HIPAA). ACT, alongside mobile health app companies CareSync, angleMD, Aptible, AirStrip, and Ideomed, urged the Department of Health and Human Services (HHS) to reexamine how HIPAA is implemented in today's rapidly-evolving mobile medical apps space.”We are committed to providing a safe and secure environment for our consumers with strong privacy protections. Unfortunately, we are working in a regulatory environment that has not kept pace with the rapid growth of technology,” ACT's executive director Morgan Reed says.

Representative Marino and Representative Peter DeFazio (D-OR) have sent a bipartisan letter to Secretary of Health and Human Services, Sylvia Matthews Burwell, at HHS in support of the requests made by ACT. “In order to make sure that mobile health apps and other companies can in good faith comply with these important protections, we ask that HHS provide clear, easily accessible and up to date regulatory guidance for HIPAA compliance with regard to new technologies,” the letter states.

HHS has not updated its web-based documentation outlining technical compliance with HIPAA since 2006. The first iPhone was released a year later and the App Store and Google Play, where most health apps are sold, were not online until 2008. HHS, rather unintentionally, missed the gun on a huge tide of change in the digital healthcare space.

In their letter Marino and DeFazio, who is a member of the House Community Health Care Caucus, outline four steps HSS should take to “ensure that mobile app developers and other new health technologies can easily determine if they are compliant with HIPAA:”

1.) Provide Updated Information. In addition to updating HIPAA to account for mobile and other new technologies, the congressmen request “routine updates to regulatory guidance should continue in order to keep pace with advances in technology.”

2.) Clarify Implementation Standards. “The Office of Civil Rights (OCR) housed at HHS should

clearly identify implementation standards that can help companies conform to regulation and avoid enforcement action.”

3.) Clarify how HIPAA Applies to the Cloud. App developers should have a clear idea of the HIPAA obligations of the storage centers that provide cloud-based data storage for mobile health companies.

4.) Provide Compliance Assistance. The congressmen suggest that HHS assign knowledgable employees to regularly engage with companies in the healthcare technology space and work with them to ensure their apps and products are HIPAA compliant. The letter also suggests the possibility of a voluntary badge program for companies seeking to prove compliance with HIPAA. “This would allow American healthcare companies to be more competitive in foreign and domestic markets and would provide an economic incentive to follow important safeguards for the benefit of patients," the letter says.

“The app industry has long looked to congressmen Marino and DeFazio for their leadership on tech issues.,” Reed says. “We are grateful for their support to create a better regulatory environment that encourages innovation in this life-changing marketplace. HHS needs to know that they have champions both in Congress and industry that want to see HIPAA improved.”  

Reed says that ACT is pushing forward and has been engaging the Senate on this matter. He says they've seen bipartisan support as well as support from other companies and organizations on the issue. "It's amazing how much traction it's gotten—the number of calls I've gotten from companies and others asking, 'How can I be a part of this.' It tells me he touched a nerve." 

Ultimately, from conversations with other companies and with HHS, Reed believes app developers and HHS are really on the same page. "There are lots of staff at HHS who would love to see improved outreach to the developer community," Reed says. "Everyone really wants the same thing. We think congress is going to play an important role in getting that greenlight and getting it out there."

-Chris Wiltz, Associate Editor, MD+DI
[email protected]