Getty Images

New Framework Helps Healthcare Assess Privacy, Security of Digital Health Apps

Industry groups created a framework aimed at helping healthcare providers and consumers assess the security and privacy of digital health apps that fall outside HIPAA’s purview.

The American College of Physicians (ACP), the American Telemedicine Association (ATA), and other industry leaders released a new framework to help providers and patients assess the security, privacy, safety, and usability of digital health apps.

“With more than 86 million Americans already using a health or fitness app, digital health brings new possibilities for the healthcare industry,” the framework’s website states.

“Yet, in a field of 365,000 products, where the vast majority fall outside of existing regulations, such as the medical device regulations, federal laws and government guidance, there has been no clear way to determine if a product is safe to use. This is stopping the national adoption of digital health, particularly in the fields of condition management, clinical risk assessment and decision support.”

Recently, regulators and industry groups have brought third-party health apps to the forefront of discussions surrounding health data privacy and security. The Federal Trade Commission (FTC) and state Attorneys General have tried to fill the gaps and enforce against health apps that fail to adequately inform users how their health data will be used.

In addition, the Confidentiality Coalition and the Workgroup for Electronic Data Interchange (WEDI) penned a letter to the HHS and Department of Commerce secretaries to raise concerns and provide recommendations regarding health apps and patient privacy.

"We continue to be concerned that patients will not have adequate information to be educated consumers regarding third-party apps and may not fully comprehend that they are assuming the risk of the security practices implemented by their chosen app," the letter stated.

"Specifically, patients may not understand when their information is and is not protected by HIPAA."

Many health apps are not subject to HIPAA, leaving them in a regulatory gray area where security and privacy obligations are left open to interpretation. When the law was enacted more than 25 years ago, third-party health apps were not part of the conversation.

Recognizing the ongoing industry confusion and need for guidance, the new assessment framework addresses key health app concerns and aims to help individuals assess applications for safety and security on their own.

The framework is meant to be accessible to all individuals, the ACP and ATA explained. When creating it, the groups to existing US regulations and international standards.

“Digital health technologies can offer safe, effective, and engaging access to personalized health and support, and provide more convenient care, improve patient and provider satisfaction, and achieve better clinical outcomes,” Ann Mond Johnson, CEO of the ATA, explained in the announcement.

“There are literally hundreds of health apps and devices for patients and clinicians to choose from, and our goal is to provide confidence that the health and wellness tools reviewed in this Framework meet quality, privacy and clinical assurance criteria in the U.S.”

Next Steps

Dig Deeper on Health data access & privacy