OCR Releases New Guidance On HIPAA For Mobile Health Technology

Jackson Lewis P.C.

Over the past few years, and particularly during the COVID-19 pandemic, the Department of Health and Human Services Office for Civil Rights in Action (OCR) has made countless efforts to enhance its Health Insurance Portability and Accountability Act (HIPAA) guidance and other related resources on its website. Last week, the OCR launched a new feature on their website HHS.gov, entitled Health Apps, which updates and renames the OCR’s previous Health App Developer Portal, and is available here.

The new site features the OCR’s helpful guidance on “when and how” HIPAA regulations may be applicable to mobile health applications, acutely relevant during the COVID-19 pandemic as many aspects of the healthcare industry shift to telehealth.

Here are the key features of the OCR’s new Health Apps:

  • Mobile Health Apps Interactive Tool
    • The Federal Trade Commission (FTC), in conjunction with OCR, the HHS Office of National Coordinator for Health Information Technology (ONC), and the Food and Drug Administration (FDA), created a web-based tool to help developers of health-related mobile apps understand what federal laws and regulations might apply to them.
  • Health App Use Scenarios & HIPAA
    • Provides various use scenarios for mHealth applications, and explains when an app developer may be acting as a business associate under the HIPAA Rules.
  • FAQs on the HIPAA Right of Access, Apps & APIs
    • Provides helpful insight on how the HIPAA Rules apply to covered entities and their business associates with respect to the right of access, apps, and application programming interface (APIs).
  • FAQs on HIPAA & Health Information Technology
    • Provides helpful insight on the relationship between HIPAA and Health IT.
  • Guidance on HIPAA & Cloud Computing
    • Assistance for HIPAA covered entities and business associates, including cloud service providers, in how to effectively utilize cloud computing while still maintain HIPAA compliance.

As telehealth has increasingly become the norm, and the US continues to implement and consider various forms of contact tracing apps, patient privacy and maintaining HIPAA privacy and security obligations has never been more important. The increased use of mobile health applications and other related tools to assist healthcare providers with facilitation of telehealth capabilities, also comes with an increased risk of data breaches and improper disclosures of protected health information (PHI) to unauthorized individuals. The features of OCR’s new Health apps are a great starting point for HIPAA covered entities and businesses associates that utilize mobile health apps, and want to ensure compliance with their HIPAA obligations.

Below are some of our additional resources on OCR HIPAA related initiatives of late:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jackson Lewis P.C. | Attorney Advertising

Written by:

Jackson Lewis P.C.

Jackson Lewis P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.