The health care industry is increasingly adopting mobile apps for a variety of purposes, including tracking patient health conditions and sharing patient data. Privacy and security are important considerations, and it is imperative for health care providers to know the federal laws and regulations that apply to apps.

Harris Beach health care clients should educate themselves before deploying apps that access, collect, share, use or maintain information related to an individual consumer’s health. This includes apps that:

• track or monitor fitness or activity, diet, mood, sleep, menstruation or fertility, smoking or alcohol consumption, or medications
• help consumers view, use, or share their medical records or health insurance claims data or otherwise access information from their doctor, health care clinic or health plan
• sync with health platforms or internet-connected devices, like a fitness tracker, sleep monitor, blood pressure monitor or a watch that records activity or heart rate
• diagnose or treat a disease or health condition, or record information that might be relevant to diagnosis or treatment

The Federal Trade Commission (FTC), Food and Drug Administration (FDA), the HHS Office for Civil Rights (OCR) and the HHS Office of the National Coordinator for Health Information Technology (ONC) recently updated the Mobile Health App Interactive Tool to help developers of health-related mobile apps understand regulations.

Developers can navigate a series of high-level questions to access detailed information about the federal laws that might apply to the app, including the FTC Act, the FTC’s Health Breach Notification Rule, the Children’s Online Privacy Protection Act (COPPA), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Food, Drug and Cosmetics Act (FD&C Act), and the 21st Century Cures Act and ONC Information Blocking Regulations.

More information about how HIPAA Rules might apply to health apps is available at OCR’s HIPAA and Health Apps page.