HHS Secretary Sylvia Mathews Burwell confirmed in a letter to Rep. Peter DeFazio (D-Oregon) that the agency would take additional steps to ensure HIPAA compliance with mHealth apps.
The letter, originally written in November but just made public, lists three additional steps the department will take to ensure compliance. Concerns have been raised about the data security of mHealth apps and patient privacy, and Ms. Burwell said HHS would step up its efforts to assure compliance as the use of apps becomes more widespread.
While the HHS Office for Civil Rights, which enforces HIPAA, already lists guidance and professional tools for app developers, Ms. Burwell said in the letter that administrators from OCR recently met with the ACT/The App Association, which represents approximately 5,000 app and IT firms, "to discuss the needs of companies and to ensure that OCR can provide technical assistance and guidance in appropriate and useful ways."
The HHS will also provide more clarity for companies and developers that store data in the cloud to prevent potential breaches and compromises of patient data, Ms. Burwell said. Additionally, HHS will forge a stronger relationship with the app and technology companies to ensure that the requirements are clear, she said.
"The commitment from both Congress and HHS underscores that changes to HIPAA guidances can be made without legislation," said Jonathan Godfrey, vice president of public affairs for ACT, in a news release. "Mobile health companies must know how HIPAA applies, and The App Association will continue working to create a better regulatory environment that encourages innovation in this life-changing marketplace."