Mobile Health App Industry Calls on Congress to Update HIPAA

ACT, The App Association (App Association), an organization that represents software companies in the mobile app industry, sent a letter to U.S. Representative Thomas Marino (R-PA) calling on Congress to “adopt a more sensible implementation of health privacy laws.” The letter targeted Rep. Tom Marino because of his activity addressing issues that affect the mobile app industry. The App Association, which represents over 5000 members of the $68 billion mobile app industry, pointed to several areas in which federal agencies can change practices and ways in which federal law can be revised to foster the growing mobile health care app industry. The letter focuses on the importance of maintaining a safe balance between innovation and data security.


According to the letter, some of the innovative health apps include AirStrip®, which uses Department of Defense-level security encryptions to allow secure live views of patient data in order to facilitate quick and meaningful decision making. Aptible provides services that are narrowly focused on helping health apps protect patient data security and comply with federal health privacy laws. Another innovative app from Ideomed helps patients remember to take medications and assists with results tracking. Although the apps are improving patient lives and assisting doctors, the App Association says that HHS and Congress need to reevaluate the Health Insurance Portability and Accountability Act (HIPAA) (P.L. 104-191) in light of the changing mobile world.


The letter called on Congress to address three key areas related to health care privacy law: (1) access to existing regulations; (2) updates to the Office of the National Coordinator (ONC) guidance; and (3) outreach to new entrants in the mobile health care industry. The App Association letter informs Congress that most app developers are solo inventors or small groups of designers who do not have the knowledge or resources to navigate the federal register and other government resources that larger companies historically have hired experts to navigate. Subsequently, the letter calls on HHS and Congress to create user-friendly resources that app developers can use to ensure HIPAA compliance and speed up innovation.


The letter also criticizes the lack of current regulatory information and the backwards looking attitude of federal agencies. For example, the letter points out that a technical safeguard document on “Remote Use” on the HHS website was last updated December 2006, several months before the first iPhone® became available. , the letter calls for updates to regulatory standards and the issuance of agency expectations for compliance that are relevant in light of the current technological landscape. As one example, the App Association indicates that developers are in the dark about how or when cloud storage might trigger HIPAA violations.


The App Association is critical of HHS outreach practices, which the letter indicates are focusing on traditional health care marketplaces, despite the fact that the most exciting and innovative products are coming from outside those communities. As a result, the letter calls on HHS to extend its outreach programs to the emerging mobile health care industries so that HHS can learn more about the up and coming marketplace.