- A group of healthcare application developers recently called into question what it alleged are outdated government privacy guidance and unfavorable regulations.
In addition to seeking more developer-friendly resources to help them comply with HIPAA requirements, the application developers are looking more clarification from the Department of Health and Human Services (HHS) on their data privacy responsibilities. According to Reuters, CareSync, AirStrip and AngelMD sent a letter voicing their regulatory concerns to Pennsylvania Republican Representative Tom Marino.
One of the central issues for developers is that while the healthcare industry’s technology innovation has been ramped up of late, privacy guidance materials for developers are severely out of date and companies have been forced to hire outside legal counsel. Marino added that he had asked developers in the past to provide more detail in their needs.
“A company should not be forced to staff up with a dozen lawyers simply to ensure they are in compliance with the law,” said Marino in response to the letter. “Rather, the burden should be on a transparent and responsive government to provide clarity and guidance, so companies can focus on growing their businesses and providing better and more innovative products and services to the public.”
Another area of confusion from the developers’ perspective is health cloud data storage, as it asked that the government offer more guidance on cloud privacy requirements for developers as well as mHealth. HHS responded to the developers’ queries by reminding them that it offers mobile privacy and security guidance on its website. However, the argument could be made that those materials aren’t necessarily current because they’re based on a HHS Mobile Device Roundtable from March 2012.
More mHealth vendors rely on cloud-based technology to support their products these days than in 2012 and much of the HHS advice revolves around devices that locally stored data. The technology evolution since that 2012 roundtable has made some (not all) of the guidance obsolete. Alternatively, the government could make the case that developers need to invest their own resources to ensure HIPAA compliance.