OCR Updates HIPAA Guidance for Health App Developers

The Department of Health and Human Services’ Office for Civil Rights (OCR) has updated its HIPAA guidance for health app developers to make it easier for developers of health apps to obtain answers to questions about the Health Insurance Portability and Accountability Act Rules.

Last year, the OCR was criticized by the app industry for doing too little to help health app developers understand the complexities of HIPAA Rules. The OCR responded by developing a new portal for mHealth developers to obtain answers to questions about HIPAA. The FTC also posted a mobile health app tool, which allows mHealth developers to quickly and easily determine whether they are considered a covered entity under HIPAA, and consequently whether they are required to adhere to HIPAA Rules.

The OCR invited questions from app developers on the specific aspects of HIPAA that were causing confusion. After reviewing the comments, feedback, and questions submitted by app developers, the OCR developed new HIPAA guidance for health app developers.

The HIPAA guidance for health app developers includes a number of different scenarios that explain when whether HIPAA Rules apply, together with key questions that app developers should ask themselves to determine whether they are classed as a business associate of a covered entity.

Now that the web portal has been up and running for a number of weeks, the OCR has been able to assess the feedback and update the portal to cover some of the most frequently asked questions and to make the answers more easily accessible.

The OCR has now finished its latest updates and the HIPAA guidance for health app developers now includes a number of useful links covering some of the basic elements of HIPAA. These include: What is the HIPAA Privacy Rule? What is the HIPAA Security Rule? Who are business associates? What is a covered entity? Which federal laws apply to you?

Health app developers can also use the new page to obtain sample business associate agreements (BAAs), view the HIPAA app use scenarios, and review HIPAA access videos.

The new page – and the portal – will be updated frequently to tackle more of the commonly asked questions and provide easy access to new guidance as and when it is released.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news