Crossing the Threshold
Arbormoon Software, a mobile-development shop in Ann Arbor, Mich., is in talks with clients about building apps that require HIPAA compliance. While the company’s already released a range of apps—including SPORT Weather, which provides hyper-local forecasts on Samsung’s Gear 2—it hasn’t yet dealt with sensitive health data. “You can do the math and HIPAA violations become exceedingly frightening. Anything that crosses the threshold into HIPAA data, developers really need to be aware of it,” said Arbormoon President Dave Koziol. “You have to know where that line is.”Upload Your ResumeEmployers want candidates like you. Upload your resume. Show them you're awesome.
More Regulation Coming?
States might be more willing to enact new privacy regulations than the federal government, according to Deven McGraw, a partner in law firm Manatt, Phelps & Phillips and longtime member of the Health IT Policy Committee within the Department of Health and Human Services. Last year, California amended its state health privacy law, the Confidentiality of Medical Information Act, extending it to hardware and software that collects medical information on behalf of a consumer, a law considered stricter than HIPAA. It also has been cracking down on mobile developers who fail to provide a privacy policy. “And that might not be California’s last word on the matter,” McGraw said. Connecticut’s attorney general, meanwhile, wants Apple to more fully explain how it plans to protect information collected by the upcoming Apple Watch. On the federal level, a White House report in May concluded that current privacy protections might be inadequate in this era of Big Data; the Federal Trade Commission (FTC) is reviewing security and privacy rules around consumer health data to figure out whether new regulations might be necessary. Koziol sees the restrictions Apple, Google and others are putting into place as possible efforts to ward off further government regulation: “In the past, any app could get to all the data, and now on all the platforms that has to be approved by the user. So we’re seeing some changes in how much protection the data is getting from the operating system vendors.”Know Your Stuff
Those contacted for this story offered their best advice for mobile developers: Educate yourself about the regulations that apply to the data used in your app, whether through reading on your own, hiring a consultant or lawyer, or talking to a company that’s already gone through the same process. Reed suggests that being able to answer venture capitalists’ questions about whether your work is covered by HIPAA can ultimately pay dividends: “If two people come in the door pitching an app, and you come in understanding why you’re not covered by HIPAA, and why you are meeting the (FDA) standards for quality systems regulation, you get the funding.” Knowing those answers can also help sell an app to risk-averse healthcare clients. “Be prepared to politely push back on people who might not be well versed,” Reed said. “Sometimes the risk officers in hospitals have a tendency to say no even when the facts aren’t on their side, when the technology doesn’t require a business associate agreement… You may have to educate your customer before they make the decision to purchase your product.”Related Articles
- Apple Watch: Worth Your Development Hours?
- How Wearable Electronics Could Change Your Life
- Sample Resume: Healthcare IT Compliance and Security Officer