Digital health companies often complain their work is choked by federal privacy and security rules that were developed for a different age. HHS' Office for Civil Rights signaled in a letter this week that it wants to help companies understand the law better—and is willing to be flexible to foster innovation.
The letter, sent to Rep. Peter DeFazio (D-Ore.), responds to concerns enumerated in an earlier request from a trade group called the App Association and digital health companies such as AirStrip regarding enforcement of the Health Insurance Portability and Accountability Act. Specifically, it promises updated additional guidance on HIPAA rules pertaining to cloud storage of personal health information, and reaching out to technology companies regarding ways to assist with rule compliance.
HHS is contemplating additional steps, such as “real-time solutions to hear from mobile application and other technology developers” and a “listening tour” to hear concerns and issues regarding the law. (Other divisions of HHS have used the “listening tour” model—for example, the Food and Drug Administration held several meetings at college campuses to explain its mobile medical app guidance in early 2014.)
Morgan Reed, executive director of the App Association, said he was very excited about the letter and Congress' efforts to bring the issue to the forefront of HHS' attention.
Reed said more clarity would be needed on cloud storage rules. “I think we'll continue to have questions about how cloud works in the healthcare setting. That's the 800-pound gorilla in healthcare discussions,” he said.
Follow Darius Tahir on Twitter: @dariustahir