Feds Want mHealth Developers Better Educated on HIPAA
The HHS Office for Civil Rights, which enforces the HIPAA privacy, security and breach notification rules, wants mobile health developers—as well as developers of other health IT products—to become more familiar with HIPAA.
OCR has rolled out a new portal, hosted by crowdsourcing platform vendor IdeaScale, to help developers learn about the rules and submit questions or offer comments, with a subtle warning that the portal should be used.
“Building privacy and security protections into technology products enhances their value by providing some assurance to users that the information is safe and secure and will be used and disclosed only as approved or expected,” the agency explains. “Such protections are sometimes required by federal and state laws, including the HIPAA privacy, security and breach notification rules. Yet, many mHealth developers are not familiar with the HIPAA rules and how the rules would apply to their products.”
Input provided on the site will inform OCR in developing guidance and technical assistance. In particular, the agency is looking for comments on topics to address in guidance, current HIPAA provisions that make stakeholders scratch their heads, and ways to make guidance more understandable and accessible.
Participating providers must register on the IdeaScale website and will sign into the OCR portal using an email address provided to IdeaScale, but identities and emails will be anonymous to OCR. Further, “Posting or commenting on a question on this site will not subject anyone to enforcement action,” the agency pledges.
While targeting mobile health developers and others who are building health IT products, the new portal is available to anyone in the industry who has question or wants to contribute comments or ideas. OCR also would not mind if participants attached its widget to their websites or blogs.