Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

New Guidelines for Health App Developers

Article Placeholder Image
By Christopher Coble, Esq. on March 04, 2016 1:00 PM

Current estimates value the health app market at around $10 billion. Everyone wants to get in shape, and they want easy access to their health data to help boost their fitness and wellbeing. The trick is giving them access to that data, and storing it, without violating medical privacy laws.

Faced with the uncertainty of whether federal statutes like HIPAA apply to health tracking apps, the Department of Health and Human Services released new guidance to developers and vendors to make sure their health apps are HIPAA-compliant. Here's what you need to know:

Is HIPAA Hungry for You?

The most important question for health app developers is whether they need to comply with the Health Insurance Portability and Accountability Act. HIPAA governs the collection, storage, and sharing of a person's private medical information.

Generally, HIPAA only applies to health plans, health care clearinghouses, and most health care providers. But HIPAA can also apply to business associates of those entities, like those creating or offering an app on behalf of covered entities. According to the guidelines, "a business associate is a person [or entity] who creates, receives, maintains or transmits protected health information (PHI) on behalf of a covered entity or another business associate."

Clientele Questionnaire

As the guidelines point out, there is no bright-line rule for determining whether your app will be covered by HIPAA. But it does provide a set of questions that can help you figure it out. Among them:

"Are your clients covered entities?"

"Were you hired by, or are you paid for your service or product by, a covered entity? Or another business contracted to a covered entity?"

"Does a covered entity (or a business associate acting on its behalf) direct you to create, receive, maintain or disclose information related to a patient or health plan member?"

Generally speaking, if you're offering services directly to consumers, and collecting health information only for them or on their behalf, you're probably not subject to HIPAA regulations.

Even so, the privacy of your customers' data should be your highest priority. So if you're creating an app, especially a health-related one, you might want to discuss the legal issues with an experienced business attorney.

Follow FindLaw for Consumers on Google+.

Related Resources:

Find a Lawyer

More Options