We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

Help for mHealth: OCR Launches HIPAA Discussion Portal

Paul Otto

Paul Otto,

Washington, D.C.

13 October 2015
The HHS Office for Civil Rights (OCR) has launched an online portal designed to solicit questions from mHealth developers regarding compliance with HIPAA privacy and security requirements. The portal is designed to demystify HIPAA for app developers while providing guidance to regulators about which aspects of HIPAA may require clarification.
Help for mHealth: OCR Launches HIPAA Discussion Portal

OCR emphasized that the site will not be used to inform or identify potential enforcement actions. Instead, OCR hopes that the site will be a cooperative platform, allowing app developers to guide OCR’s selection and focus of future guidance topics. OCR senior adviser Linda Sanches has stressed that app developers should be candid and forthcoming with their questions, which will be anonymous to OCR and moderated for appropriateness.

In addition to highlighting potentially ambiguous HIPAA provisions, OCR recommends that developers use the site as a platform for sharing difficult use cases and best practices for designing strong privacy and security protections into mobile apps. The questions submitted to date demonstrate a desire for clear guidance on topics ranging from the determination of whether an organization is a covered entity to the applicability of HIPAA to cloud storage.

Users may comment on any question on the site as well as vote on its relevance. Although OCR does not intend to provide targeted responses to individual questions, the agency has pledged to use submissions to inform future guidance releases and to provide links to existing resources where possible.

Both OCR and the FTC are likely to devote significant attention in coming years to the privacy and security risks presented by mobile health apps. Further details are expected at the upcoming mHealth Summit, which will take place November 8-11 in Washington, D.C. And internationally, European regulators are evaluating concerns regarding the collection, processing, and use of customer data by mHealth apps.

Brian Kennedy, an associate in our Washington, D.C. office, contributed to this entry.

Paul Otto

Paul Otto,

Washington, D.C.

Cybersecurity in the Health Sector

The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...

02 May 2016
Loading data