Simplify HIPAA, Devs Tell DC - InformationWeek
IoT
IoT
Healthcare // Policy & Regulation
News
9/16/2014
09:06 AM
50%
50%
RELATED EVENTS
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Simplify HIPAA, Devs Tell DC

App developer association ACT teams with AirStrip and other mobile app companies to ask for simpler, updated Health Insurance Portability and Accountability Act rules governing app development.

10 Ways To Strengthen Healthcare Security
10 Ways To Strengthen Healthcare Security
(Click image for larger view and slideshow.)

Mobile app developers want government healthcare agencies to make HIPAA regulations more flexible and current to meet consumer, technology, and provider needs.

In a letter sent Monday to Representative Tom Marino (R-PA), ACT, the association for application developers, in conjunction with AirStrip, Aptible, AngelMD, CareSync, and Ideomed, asked Department of Health and Human Services to "take a fresh look" at the Health Insurance Portability and Accountability Act (HIPAA) to ensure the regulation fits today's world, consumer requirements, and technological offerings.

"This is not pontification. This is about proactive changes to the guidance. That's why it is so tactical and so specific. We've all seen those letters that are broad and beautiful and ultimately unsuccessful. We need change and we need it now," said Morgan Reed, ACT's executive director, in an interview. "We are actively working with other members of Congress on both sides of the aisle to get to the expected outcome. I fully expect a bipartisan effort to move this forward to affect HIPAA."

[Smartwatches as cancer treatment devices? Read Intel Points Wearables, Big Data At Cancer Research.]

Too often, providers and consumers are dissatisfied with the user experience they encounter with electronic health records (EHRs), he said. Thirty percent of hospital executives are dissatisfied with their EHRs, a recent Premier study found. Consumers are concerned about privacy and security, surveys show. Although 83% of 3,687 people polled this spring expect hospitals to use EHRs, only 53% trusted their information was safe, according to The Morning Consult. Those who distrust EHR security were five times more likely to withhold information from their providers, an Office of the National Coordinator for Health IT (ONC) study found earlier this year.

(Source: Wikipedia)
(Source: Wikipedia)

Rep. Marino told InformationWeek:

We are seeing a boom in innovation and technological advances in the healthcare space, but unfortunately our regulatory environment has not kept pace with this progress, and is now hindering growth and leaving job creation hanging in the balance. I would like to see the Department of Health and Human Services, as well as other governmental departments that enforce and regulate the implementation of Health Insurance Portability and Accountability Act standards, revamp the way in which they provide information and interact with the public, including large and small healthcare companies. A company should not be forced to staff up with a dozen lawyers simply to ensure they are in compliance with the law. Rather, the burden should be on a transparent and responsive government to provide clarity and guidance, so companies can focus on growing their businesses and providing better and more innovative products and services to the public.

To improve communication between providers and consumers and simplify the process for developers to enter the healthcare market, ACT and other letter signatories made the following requests:

Make existing regulation more accessible to technology companies.
A dearth of user-friendly resources makes entering healthcare a challenge for technology companies. Without assistance from expensive third-party consultants or the ability to understand "inside the Beltway" tools such as the Federal Register, startups and smaller developers in Silicon Valley and other high-tech regions operate at a disadvantage, said Reed. Like other agencies that work with software companies, the ONC should give developers the information they need to write mobile health apps on a website that features directories, appendices, technical documentation, and searchable databases, as well as updated FAQs, so app developers can learn from others' examples. 

Improve and update guidance on acceptable implementations.
The remote use documentation on HHS's website pre-dates Apple's iPhone rollout. Last updated in December 2006, it does not include information on any new Apple iOS or Android phones or tablets, making it challenging for developers that want to ensure their apps meet HIPAA regulations. ACT recommends that the Office of Civil Rights (OCR) provide implementation standards or examples of standard implementations that would not begin an audit. For example, the group requests clarity regarding cloud and compliance: Currently, it is unclear what is needed when encrypted data is stored in the cloud and the cloud provider has no access to the encryption key.

Enhance outreach to new players in the vertical.
Rather than focus primarily on existing healthcare organizations, HHS and its agencies should expand their reach and presence to non-traditional players that want to enter this vertical. It should encourage existing mobile app developers to consider healthcare as an option, in part by participating in events far beyond Washington, ACT said.

Without changes, healthcare app developers must limit improvements to their software, Reed told us.

"We see many thousands who've foregone improvements on their products because they see a regulatory morass around HIPAA that they don't understand."

Although there are currently about 35,000 health and fitness apps on the market, the number, quality, and usefulness would increase if HIPAA were more understandable and less complex, Reed added.  

Alison Diana has written about technology and business for more than 20 years. She was editor, contributors, at Internet Evolution; editor-in-chief of 21st Century IT; and managing editor, sections, at CRN. She has also written for eWeek, Baseline Magazine, Redmond Channel ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
asksqn
50%
50%
asksqn,
User Rank: Ninja
9/24/2014 | 6:07:06 PM
Your privacy for sale
HIPAA is one of the few laws that actually functions as intended -protecting private medical data- but given that the US government is for sale, I'm sure it's only a matter of time before those protections are tossed out the window under the guise of "job creation," which is a red herring tossed to ignorant Americans but is really code for impunity for data breaches incurred by Big Business as a result of its nonexistent policies when it comes to security.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll