The Office for Civil Rights has provided additional educational materials for app developers through the app developers portal that it developed last fall.
The new material is intended to assist healthcare entities and software developers to learn from different scenarios that explain when HIPAA applies to mobile health apps and when it doesn’t. In particular, there is often confusion of whether HIPAA applies when consumers are using smartphones to collect, maintain and transfer health information.
The scenarios and guidance is a useful tool for app developers to use when determining whether HIPAA applies. However, whether HIPAA applies or not, privacy and security is an important consideration when developing any app that is tied to health information.
OCR also issued fact sheets that detail scenarios on permitted access, use and disclosure of protected health information that have been confusing in the past. These fact sheets are a roadmap of how the OCR views permitted uses and disclosures of PHI and are very helpful for compliance.
The OCR has said that it will be issuing guidance on cloud computing this year, which has been a topic of confusion for many entities and will be welcomed. We will alert you when these new guidelines are released.