OCR's new site for app developers highlights HIPAA problems

“The statute was enacted to help patients access data but it has evolved into a barrier."
By Eric Wicklund
11:04 AM

The Office for Civil Rights has launched a website designed to help app makers and innovators maneuver through the regulatory landscape – but the real problem might be regulations as they exist today.

"A major obstacle to realizing the benefits of mobile health technology has been uncertainty around HIPAA," said Morgan Reed, executive director of ACT | The App Association.

That's because HIPAA was passed in 1996, long before smartphones, tablets and other mobile devices were ubiquitous.

Learn on-demand, earn credit, find products and solutions. Get Started >>

"The statute was originally enacted to help patients access their own health data, but it has evolved into a barrier making that information even harder to get," Reed explained. "What's most important at this stage is to provide clear and meaningful guidance to app makers about how HIPAA will be implemented in a mobile environment." 

[Sign up for the new Healthcare IT News Privacy & Security Update.]

Reed added that OCR's new site is "a step in the right direction," but that much work remains on that path. 

OCR's website invites app developers – whether small startups, established companies or healthcare providers building their own technologies – to ask questions about HIPAA health information privacy, security and breach notification rules and talk to OCR representatives about app design and development.

The new site is a piece of Health and Human Services Secretary Sylvia Burwell's pledge to address HIPAA concern and close the gap between industry stakeholders and the federal rules and regulations concerning information privacy and security.

Aside from the new website, Burwell said that officials are looking at how HIPAA can be applied to cloud storage providers and related services, and they're considering scheduling a series of "listening sessions" with stakeholders. 

This article originally appeared on Healthcare IT News sister site mHealth News.  

Related articles: 

5 tips for fighting cybercrime 

Q&A: Cleveland Clinic's security chief Mark Dill 

Partners CISO Jigar Kadakia talks the evolving threat landscape