One out of every six people today in the United States is using some form of health wearable including fitness bands, smart watches, smart clothing, smart glasses, or tracking devices. As on date, there are more than 165,000 health related mobile apps available in Apple and Android app stores with total number of mHealth app downloads crossing 3 billion. Are all these health related apps and wearables unlocking the true potential of mobile technology and truly disrupting healthcare space?
Collecting personal health data by an app or wearable gadget is one thing but any solitary data without context has far less value than the data which can be shared across the care continuum and acted upon by the users and their healthcare providers and family members. However, the ability to share personal health information between app users and their healthcare providers brings up the challenge of HIPAA privacy and security compliance for application developers. The question is – is this a challenge or an opportunity?
According to Research and Markets, the total mHealth market will reach $ 26 Billion in revenue by 2017. With Apple launching ‘HealthKit’ with iOS 8 and Google’s health tracking platform – ‘Google Fit’ for Android and Samsung S Health, the number of mHealth apps and health wearables will grow by leaps and bounds. Most of the pharmaceutical companies and health institutions are bullish on using HealthKit and similar platforms in a hope that these services will help with monitoring patients with chronic conditions such as diabetes and hypertension. The objective is to provide timely information to allow for medical interventions and avoid ER visits or hospital admissions.
For all reasons, mobile is a platform of choice for next generation of healthcare management tools. This is further fueled by catalysts such as Small Form Factor devices, WLAN, VoIP, WebRTC, IaaS, PaaS, Big Data analysis, Interoperability standards (HL7, DICOM, X12 etc.) and Social Media Platforms.
How do I know that my mobile health Application or health wearable software is subject to HIPAA compliance?
To answer this question, it is important to evaluate whether the mobile app will be used only to collect and store personal health data or transmit protected health information (PHI) to providers. Similarly, for health wearables it’s important to consider whether the user’s personal health data which the device is collecting will remain only with the user or that will be transmitted to Health care providers for tracking and monitoring user’s health. HIPAA Privacy Rule defines PHI as individually identifiable health information including demographic information collected from an individual, transmitted or maintained in any form or medium and:
(1) Is created or received by a covered entity (health care provider, health plan, employer, health care clearinghouse); and
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
(i) That identifies the individual; or
(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual
Some of the publically available information such as name or address of an individual can be PHI if it is on a covered entity’s computer simply because its presence suggests that the individual is or was a patient. Likewise, PHI can also include what would otherwise be anonymous information such as date of service, any payment information related to a medical service, telephone number, Fax number, email address, vehicle number etc.
Even if the objective of the app is to collect data only for solitary use, if a user chooses to use the app to transmit personal health data to a doctor then the app is subject to HIPAA compliance requirements.
While platforms such as Apple HealthKit, Google Fit and Samsung S Health makes the promise of collecting personal health indicators from multiple sources and sharing it seamlessly with healthcare providers a reality, developers need to be careful about following HIPAA privacy and security rule guidelines when developing apps for these platforms to avoid regulatory hurdles.
Keep watching this space for more information on building HIPAA compliant mHealth applications or reach out to