US Reps recommend 4 ways to bolster HIPAA for mHealth

From the mHealthNews archive
By Eric Wicklund

Spurred on by mHealth vendors, a pair of Congressman is asking Health and Human Services Secretary Sylvia Mathews Burwell to update healthcare privacy and security protections.

Reps. Tom Marino (R-Pa.) and Peter DeFazio (D-Ore.) sent a letter to Burwell late Thursday night with four recommendations:

  1. HHS should provide up-to-date, clear information on what is expected of mHealth vendors with regard to the Health Insurance Portability and Accountability Act (HIPAA), including updates on new technology (such as mobile apps) and new types of information storage (such as cloud services);
  2. HHS' Office of Civil Rights "should clearly identify implementation standards that can help companies conform to regulation to avoid enforcement action;"
  3. HHS should provide clarity for HIPAA obligations for mHealth companies and services that store data in the cloud; and
  4. HHS "should … strive to make it as easy and clear as possible for companies and individuals operating in good faith to comply with its regulations." This would include assigning staff members to help newcomers to the healthcare technology space, and perhaps the creation of a "voluntary badge program for companies seeking to prove compliance with HHS rules and regulations."

The lawmakers' letter comes on the heels of a letter sent to Marino this week by the 5,000-member ACT/The App Association and five mHealth companies asking that the government bring them up to date on efforts to regulate privacy and security of health information. The letter also called on officials to update HIPAA, which hasn't seen an upgrade since 2006, six months before the iPhone was introduced to the public and well before cloud storage was envisioned.

“The mobile health sector has exploded since the dawn of mobile devices, app stores and cloud storage," Marino said. "This provides new and exciting opportunities for patients and doctors to monitor and store critical health information. Unfortunately, our HIPAA regulations and guidance have been a hindrance for this emerging economy.”

“This is why Congressman DeFazio and I teamed up in a bipartisan letter to Secretary Burwell urging that she and her staff upgrade their operations to be more user-friendly for small and large healthcare companies. I hope the Secretary will take our suggestions to heart and earnestly strive to update the HHS offices to continue to maintain patient privacy while allowing breakthrough mobile health developments to get to market more quickly.”

ACT/The App Association Executive Director Morgan Reed praised Marino's and DeFazio's quick action.

"The App Association is pleased that Congress is strongly committed to the success of mobile health innovation. Our companies are using mobile connectivity from smartphones and tablets to give consumers greater access to healthcare providers and more control over their health information," he said. "We are committed to providing a safe and secure environment for our consumers with strong privacy protections. Unfortunately, we are working in a regulatory environment that has not kept pace with the rapid growth of technology."

Reed also released a portion of ACT's annual report on the mobile app economy, which is due to come out in a few weeks. In it, he noted that the health app industry has doubled in size to more than $4 billion in annual revenues over the past two years, with analysts expecting that number to jump to $26 billion by 2017.

"We are seeing incredible results from mobile healthcare innovation," Reed said. "Companies developing services through smartphones and tablets are helping to speed diagnoses and save lives."

According to Reed, the report also notes the diversity of the health app market, with less than 20 percent of the top apps being made in Silicon Valley and 78 percent of the top-grossing apps being made by small companies. In addition, he said, 56 percent of mobile app companies surveyed by ACT are hiring.