Skip to Main Content
Services Talent Knowledge
Site Search
Menu
Home page
Services Talent Knowledge
Firm Facebook
Firm Linkedin
Firm Twitter
Close Menu

Featured Industries

New & Emerging Industry Practice Areas

Practice Areas

Blog Post

April 21, 2016

HIPAA and Health Apps: Recent Guidance for Developers
The Office for Civil Rights (OCR) recently released guidance to aid app developers in navigating the Health Insurance Portability and Accountability Act (HIPAA).  In particular, the guide provides scenarios where HIPAA regulations might apply to mobile health applications. “We hope these new scenarios will help developers determine how federal regulations might apply to products they are building,” wrote Jocelyn Samuels, Director of the OCR.  “We also hope they will reduce some of the uncertainty that can be a barrier to innovation.” Specifically, the OCR guidance addresses two questions: How does HIPAA apply to health information that a patient creates, manages or organizes through the use of a health app?  When might an app developer need to comply with HIPAA? The guidance first walks through two circumstances in which an app developer might be required to comply with HIPAA.  First, HIPAA would apply to an app developer who works for a covered entity and, as a part of his or her job, is creating an app that involves the use or disclosure of protected health information (PHI).  Second, even if a developer is not a covered entity under HIPAA, he or she may be a business associate if he or she is creating or offering an app on behalf of a covered entity.  In such case, the app developer must comply with HIPAA. Perhaps most useful are the six scenarios addressed in the guide. One, for instance, reads as follows: “Doctor counsels patient that his BMI is too high, and recommends a particular app that tracks diet, exercise, and weight. Consumer downloads app to his smartphone and uses it to send a summary report to his doctor before his next appointment.”  Is this app developer a HIPAA business associate?  No.  The developer is not creating, receiving, maintaining or transmitting PHI on behalf of a covered entity or another business associate.  While the physician’s recommendation implies trust in the app, there is no indication that the physician hired the app designer to provide services to patients involving the handling of PHI. To read the full guide and to review all of the OCR’s scenarios, click here.

Recent Posts

Subscribe

Click here to sign up for alerts, blog posts, and firm news.
Sign Up

Featured Media

Alerts

ERISA Forfeiture Lawsuits: Navigating the Emerging Legal Landscape

Read More
About ERISA Forfeiture Lawsuits: Navigating the Emerging Legal Landscape

Alerts

EU Leads the Way on Artificial Intelligence Regulation

Read More
About EU Leads the Way on Artificial Intelligence Regulation

Alerts

End of An Era: SCOTUS Overturns Chevron After 40 Years of Deference to Administrative Agencies

Read More
About End of An Era: SCOTUS Overturns Chevron After 40 Years of Deference to Administrative Agencies

Alerts

SCOTUS Rejects Proposed Release of Sackler Family From Purdue Pharma Chapter 11 Plan as Not Permitted by the Bankruptcy Code

Read More
About SCOTUS Rejects Proposed Release of Sackler Family From Purdue Pharma Chapter 11 Plan as Not Permitted by the Bankruptcy Code

Alerts

NYS Appellate Court Reverses and Holds Liability Insurer Owed Duty to Defend to Policyholder in Sexual Abuse Lawsuit

Read More
About NYS Appellate Court Reverses and Holds Liability Insurer Owed Duty to Defend to Policyholder in Sexual Abuse Lawsuit

Alerts

New York State's Secret Sauce: Summary Judgment in Lieu of Complaint

Read More
About New York State's Secret Sauce: Summary Judgment in Lieu of Complaint
Previous Alert
Next Alert
View All Alerts

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out