Health Apps and HIPAA – Recent FAQs Highlight Importance of Covered Entities and Business Associates Scrutinizing their Relationships with App Developers

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) released a new set of HIPAA FAQs addressing the applicability of HIPAA to certain health apps and the covered entities and business associates that interact with them. These FAQs build upon prior guidance from OCR that outlined the framework for evaluating whether a health app developer must comply with HIPAA, but tackle a different question – when are covered entities or business associates liable under HIPAA for the subsequent misuse of electronic protected health information (ePHI) by a health app developer? To answer questions about an app developer’s HIPAA obligations, OCR’s prior guidance focused on the direct-to-consumer nature of the app. OCR concluded that if the patient initiated use of the app, or brought the app to his or her health care provider (i.e., a covered entity), the app developer would not be considered a business associate of that covered entity. Notably,…

Read more detail on Recent Administrative Law posts –

This entry was posted in Administrative law and tagged , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply