Safeguarding Patient-Generated Health Information Created or Shared Through Mobile Devices


Mobile health technologies are increasingly becoming a valuable tool for improving the quality and efficiency of healthcare. A current example of work in this area involves The Robert Wood Johnson Foundation's Project HealthDesign, which is exploring use of personal health applications to promote better decision-making processes by patients and healthcare providers alike.

Under the most recent phase of the project, researchers are providing patients with smart phones to aggregate and send "observations of daily living" ("ODLs") and other information that can serve as an important indicator of a patient's health to healthcare providers through personal health record applications and other means. However, the use of smart phones and other mobile devices to generate and communicate health information subjects this information to unique security risks for which there are no widely accepted solutions. This is because when healthcare providers handle individually identifiable health information in electronic form, they are subject to the HIPAA Security Rule. But HIPAA regulates providers, not patients. When patients generate health information using applications on their mobile devices, this activity is not governed by the Security Rule. Thus guidance is lacking.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.


Manatt, Phelps & Phillips, LLP, is known for quality, for extraordinary commitment to clients, for... View Profile »

Follow Manatt, Phelps & Phillips, LLP: