Search
We use cookies to better understand how you use our site and to improve your experience by personalizing content. Please review our updated Privacy Policy and Terms of Use. If you accept the use of cookies, please click the "I accept" button.I acceptI declineX
 
Skip navigational links
 
 

To Be or Not to Be: HHS OCR Publishes New Guidance on Business Associate Qualification for App Developers in the Health Care Industry

 

Executive Summary - March 2016

To Be or Not to Be: HHS OCR Publishes New Guidance on Business Associate Qualification for App Developers in the Health Care Industry
Rebecca Merrill (Dentons US LLP, Atlanta, GA and Boston, MA)

On February 11, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) published guidance clarifying when the Health Insurance Portability and Accountability Act of 1996 (HIPAA) applies to mobile health application developers. In an effort to address app developer demand for an understanding of when and how HIPAA applies to a developer’s product concept, the new use case guidance issued by OCR provides a deeper look into the issues of patient-generated data and covered entity interactions with app developers. A better understanding of applicable requirements empowers developers to design the security infrastructure of an app product in accordance with HIPAA security requirements, rather than undertaking a redesign of an existing product to overlay the security requirements. This Executive Summary provides a summary of the six use case scenarios and clarity on app developer obligations under HIPAA.

We would like to thank the author for sharing her expertise with her colleagues.

© 2018 American Health Lawyers Association. All rights reserved. 1620 Eye Street NW, 6th Floor, Washington, DC 20006-4010 P. 202-833-1100 F. 202-833-1105