New Resource Provides HIPAA Help for mHealth Developers

A new online tool has been released by the Connected Health Initiative providing HIPAA help for mHealth developers and healthcare providers. The new tool – called HIPAA Check – has been developed to aid understanding of the complexities of the HIPAA Privacy and Security Rules.

Health apps now track a range of user metrics. Data collected by the apps are stored along with personally identifiable information. Much of the information collected, stored and transmitted by these apps is classed as protected health information (PHI) under HIPAA Rules. However, since these apps were not available in 1996 when HIPAA was initially enacted, no provisions are included in HIPAA Rules for the technology.

OCR has previously provided HIPAA help for mHealth developers, although many mHealth app developers are still confused about HIPAA Privacy and Security standards. The App Association has called for OCR to provide further assistance, claiming the lack of guidance is holding back innovation. Without further assistance, it is difficult for developers to ensure their apps incorporate the appropriate safeguards to comply with HIPAA Rules.

Today, mHealth apps are used by many businesses, including some healthcare organizations. In the case of the latter, the apps must include a host of safeguards to ensure PHI is kept confidential. The lack of understanding of the requirements of HIPAA has stopped many app developers from working with HIPAA-covered entities. If mHealth developers can incorporate the necessary safeguards to ensure the apps do not violate HIPAA Rules, it would greatly improve the chances of their apps being adopted by healthcare organizations.

Understanding the healthcare industry and the complex Health Insurance Portability and Accountability Act is critical. If mHealth apps do not incorporate the necessary privacy and security controls, a HIPAA-covered entity would be in violation of HIPAA Rules if those apps were used. Large fines can be issued by regulators if HIPAA Rules are violated.

Unfortunately, the language used by the healthcare industry can be confusing for developers. Morgan Reed, President of CHI says ““We felt the (mHealth app) developer community was getting bogged down and we wanted to build a bridge for them to better understand HIPAA.” The new interactive tool includes videos and a questionnaire for mHealth app developers to learn about the requirements of HIPAA Rules. The tool is invaluable for mHealth developers that are struggling to understand HIPAA legislation.

The new tool provides the information mHealth developers need to ensure their apps comply with HIPAA, including detailed explanations of specific aspects of HIPAA Rules and links to resources for further information. Users are able to complete a test using the tool and will be provided with a detailed report on the developer’s responsibilities under HIPAA.

The report can also be provided to the developer’s clients and users to ensure they understand what they need to do to ensure privacy is protected and data are secured.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of