Mobile apps are proliferating in healthcare, but these handy tools could fall under HIPAA regulation.
HHS' Office for Civil Rights released a report addressing how HIPAA applies to health information a patient creates or manages through a health app and when app developers are required to comply with HIPAA regulations.
App developers are not considered covered entities under HIPAA if they do not work for a health plan, clearing house or provider. But, they could be considered a business associate, and business associates are subject to HIPAA. An app vendor would be considered a business associate if it "creates, receives, maintains or transmits protected health information on behalf of a covered entity or business associate," according to the report.
If the app vendor is selected independently by consumers who control all decisions regarding the transmission of PHI to a third party and the app vendor has no relationship with that third-party entity, it is not likely to be considered covered by HIPAA.