Simplify HIPAA, Devs Tell DC - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Healthcare // Policy & Regulation
09:06 AM
Connect Directly

Simplify HIPAA, Devs Tell DC

App developer association ACT teams with AirStrip and other mobile app companies to ask for simpler, updated Health Insurance Portability and Accountability Act rules governing app development.

10 Ways To Strengthen Healthcare Security
10 Ways To Strengthen Healthcare Security
(Click image for larger view and slideshow.)

Mobile app developers want government healthcare agencies to make HIPAA regulations more flexible and current to meet consumer, technology, and provider needs.

In a letter sent Monday to Representative Tom Marino (R-PA), ACT, the association for application developers, in conjunction with AirStrip, Aptible, AngelMD, CareSync, and Ideomed, asked Department of Health and Human Services to "take a fresh look" at the Health Insurance Portability and Accountability Act (HIPAA) to ensure the regulation fits today's world, consumer requirements, and technological offerings.

"This is not pontification. This is about proactive changes to the guidance. That's why it is so tactical and so specific. We've all seen those letters that are broad and beautiful and ultimately unsuccessful. We need change and we need it now," said Morgan Reed, ACT's executive director, in an interview. "We are actively working with other members of Congress on both sides of the aisle to get to the expected outcome. I fully expect a bipartisan effort to move this forward to affect HIPAA."

[Smartwatches as cancer treatment devices? Read Intel Points Wearables, Big Data At Cancer Research.]

Too often, providers and consumers are dissatisfied with the user experience they encounter with electronic health records (EHRs), he said. Thirty percent of hospital executives are dissatisfied with their EHRs, a recent Premier study found. Consumers are concerned about privacy and security, surveys show. Although 83% of 3,687 people polled this spring expect hospitals to use EHRs, only 53% trusted their information was safe, according to The Morning Consult. Those who distrust EHR security were five times more likely to withhold information from their providers, an Office of the National Coordinator for Health IT (ONC) study found earlier this year.

(Source: Wikipedia)
(Source: Wikipedia)

Rep. Marino told InformationWeek:

We are seeing a boom in innovation and technological advances in the healthcare space, but unfortunately our regulatory environment has not kept pace with this progress, and is now hindering growth and leaving job creation hanging in the balance. I would like to see the Department of Health and Human Services, as well as other governmental departments that enforce and regulate the implementation of Health Insurance Portability and Accountability Act standards, revamp the way in which they provide information and interact with the public, including large and small healthcare companies. A company should not be forced to staff up with a dozen lawyers simply to ensure they are in compliance with the law. Rather, the burden should be on a transparent and responsive government to provide clarity and guidance, so companies can focus on growing their businesses and providing better and more innovative products and services to the public.

To improve communication between providers and consumers and simplify the process for developers to enter the healthcare market, ACT and other letter signatories made the following requests:

Make existing regulation more accessible to technology companies.
A dearth of user-friendly resources makes entering healthcare a challenge for technology companies. Without assistance from expensive third-party consultants or the ability to understand "inside the Beltway" tools such as the Federal Register, startups and smaller developers in Silicon Valley and other high-tech regions operate at a disadvantage, said Reed. Like other agencies that work with software companies, the ONC should give developers the information they need to write mobile health apps on a website that features directories, appendices, technical documentation, and searchable databases, as well as updated FAQs, so app developers can learn from others' examples. 

Improve and update guidance on acceptable implementations.
The remote use documentation on HHS's website pre-dates Apple's iPhone rollout. Last updated in December 2006, it does not include information on any new Apple iOS or Android phones or tablets, making it challenging for developers that want to ensure their apps meet HIPAA regulations. ACT recommends that the Office of Civil Rights (OCR) provide implementation standards or examples of standard implementations that would not begin an audit. For example, the group requests clarity regarding cloud and compliance: Currently, it is unclear what is needed when encrypted data is stored in the cloud and the cloud provider has no access to the encryption key.

Enhance outreach to new players in the vertical.
Rather than focus primarily on existing healthcare organizations, HHS and its agencies should expand their reach and presence to non-traditional players that want to enter this vertical. It should encourage existing mobile app developers to consider healthcare as an option, in part by participating in events far beyond Washington, ACT said.

Without changes, healthcare app developers must limit improvements to their software, Reed told us.

"We see many thousands who've foregone improvements on their products because they see a regulatory morass around HIPAA that they don't understand."

Although there are currently about 35,000 health and fitness apps on the market, the number, quality, and usefulness would increase if HIPAA were more understandable and less complex, Reed added.  

Alison Diana is an experienced technology, business and broadband editor and reporter. She has covered topics from artificial intelligence and smart homes to satellites and fiber optic cable, diversity and bullying in the workplace to measuring ROI and customer experience. An ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
9/24/2014 | 6:07:06 PM
Your privacy for sale
HIPAA is one of the few laws that actually functions as intended -protecting private medical data- but given that the US government is for sale, I'm sure it's only a matter of time before those protections are tossed out the window under the guise of "job creation," which is a red herring tossed to ignorant Americans but is really code for impunity for data breaches incurred by Big Business as a result of its nonexistent policies when it comes to security.
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Is Cloud Migration a Path to Carbon Footprint Reduction?
Joao-Pierre S. Ruth, Senior Writer,  10/5/2020
IT Spending, Priorities, Projects: What's Ahead in 2021
Jessica Davis, Senior Editor, Enterprise Apps,  10/2/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll