Mobile apps? There's a lobby for that. ACT | The App Association, a grassroots organization representing over 5000 small- to mid-size app developers and IT firms, has written a letter to Congress asking for a new and improved Health Insurance Portability and Accountability Act (HIPAA) that better fits with how modern mobile technology is used.

“Our members are improving the lives of patients and empowering their doctors within the current law. Unfortunately, this comes at significant cost in both time and innovation.” ACT writes in a letter to representative Tom Marino (R-PA). Marino is vice-chairman of the House Judiciary Subcommittee on Courts, Intellectual Property, and the Internet and also serves on the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.

In the letter, ACT, alongside mobile health app companies CareSync, angleMD, Aptible, AirStrip, and Ideomed, urges the Department of Health and Human Services (HHS) to reexamine how health privacy laws are implemented and to remove obstacles that keep innovative mobile technologies from quickly reaching the market. “While there has been an enormous amount of innovation in mobile health, outdated regulatory guidance causes hurdles for developers and prevents new entrants to the space,” an ACT statement says.

The group outlined three key changes and improvements to HIPAA that it would like to see:

1.) Make existing regulation more accessible for tech companies

ACT believes the government does not do a good job of providing information to app developers in a way that is comprehensive or efficient. The government should also adopt new FAQs that speak more directly to mobile developer concerns.
 

2.) Improve and update guidance from OCR on acceptable implementations

HHS should update the current technical safeguards documentation on its Web site. “Given that HIPAA is a federal statute that mandates several requirements, the Office of Civil Rights (OCR) should provide implementation standards — or examples of standard implementations that would not trigger an enforcement action — instead of leaving app makers to learn about these through an audit,” the ACT letter says.

3.)  Improve outreach to new entrants in the healthcare space

ACT wants HHS to extend its outreach beyond traditional health communities and more into the technology space where the most exciting innovations in mobile health have been coming from. “In order to ensure the expansion of innovative new technologies, it is essential that HHS, OCR and others expand their outreach to the communities with whom they must engage.”
 

Responding to the letter, Rep. Marino told InformationWeek he supports the provisions outlined by ACT. “We are seeing a boom in innovation and technological advances in the healthcare space, but unfortunately our regulatory environment has not kept pace with this progress, and is now hindering growth and leaving job creation hanging in the balance,” he says. Marino adds that the current implementation of HIPAA places too big a burden on companies. “A company should not be forced to staff up with a dozen lawyers simply to ensure they are in compliance with the law. Rather, the burden should be on a transparent and responsive government to provide clarity and guidance, so companies can focus on growing their businesses and providing better and more innovative products and services to the public.”

Passed in 1996, HIPAA's final privacy and security rules were drafted in 2002 and 2003—not really so long ago, but a whole different era in terms of the state of mobile technology. ACT boasts a number of big-name sponsors including, Apple, AT&T, Facebook, Microsoft, and Intel. Dr. Mark Blatt, Intel's Worldwide Medical Director, recently suggested in a blog post that patients should be given the option to opt out of HIPAA, writing, “... We should be creating a climate that favors risk, and shouldn’t pass regulations that so protect citizens that nothing happens.”

Other large companies have also expressed frustration with HIPAA. Larry Page, co-founder of Google (not a sponsor of ACT) cited HIPAA's red tape as being one of the primary reasons that Google would not be directly entering the healthcare technology space in the foreseeable future.  

-Chris Wiltz, Associate Editor, MD+DI
[email protected]