Mobile app with HIPAA privacy questions? Check with OCR
Many mobile health developers -- and rightfully so! -- are curious about just what features and protections their devices need to have in order to comply with HIPAA privacy rules.
[See also: OCR: 'Pay attention to details']
The U.S. Department of Health & Human Services' Office for Civil Rights launched a website this week where mobile developers can get up to speed with the critical security issues at stake.
"We are experiencing an explosion of technology using data about the health of individuals in innovative ways to improve health outcomes," write OCR officials. "Building privacy and security protections into technology products enhances their value by providing some assurance to users that the information is safe and secure and will be used and disclosed only as approved or expected."
Even though state and federal laws – such as the HIPAA Privacy, Security and Breach Notification Rules – have specific prescriptions for IT privacy protections, many developers remain in the dark about just how those regulations are germane to their technology, according to OCR.
Anyone is welcome to browse the site: "Users who want to submit questions, offer comments on other submissions or vote on how relevant the topic is will sign in using their email address, but their identities and addresses will be anonymous to OCR," officials write. "OCR will consider the input provided on this site in developing our guidance and technical assistance efforts."
The aim is a two-way flow of information, also helping OCR get a better handle on what HIPAA guidance is most helpful: "What current provisions leave you scratching your heads? How should this guidance look in order to make it more understandable, more accessible? Stakeholders can also use this page to submit questions about HIPAA, present a use case, or see what their peers are discussing. Users can comment on the discussions and vote on which topics or use cases would be the most helpful or important."
Posting or commenting on the site "will not subject anyone to enforcement action," officials are careful to note.
Visit the site here.