Catching Up to the Cloud
By Tamer Abouras
In the past decade or so, we’ve become an increasingly data-centric, numbers obsessed society in recent years. Analytics have completely integrated and taken over the way we assess sports, business and all manner of polling data. On some level, it seems as though our ability to crunch numbers and look in between them is limited only by our level of interest, since virtually anything can be measured.
When it comes to your mobile phone, among the most popular are health and fitness apps. We love tracking how fast we’ve run, how far we’ve gone and what our heart rate was doing while we were on that jaunt. And many of us enjoy monitoring things like blood pressure, with or without the introduction of exercise, since apps designed for tasks like that are much more convenient and organized than manually using a machine and writing out numbers longhand.
Yet, in spite of the convenience of logging and storing all of this information, there’s likewise an ongoing chronicling of the ease with which our personal records can be at risk of hacking and theft, with some even speculating that hacking might now be considered an epidemic. Regardless of your particular opinion on that matter, the bottom line is that our mobile and wireless health data is vulnerable without some sort of privacy protections written into law. And for as much as technology routinely speeds past our lawmakers, concerted effort on their part can often mitigate the damages.
SEE ALSO: Safer in the Cloud
According to Bloomberg BNA, “The Department of Health and Human Services Office for Civil Rights published guidance to aid in determining when and how the Health Insurance Portability and Accountability Act (HIPAA) applies to mobile health applications.
Health App Use Scenarios & HIPAA, published in February to the OCR’s mHealth Developer Portal, includes six scenarios to help developers that are not covered entities (health plans and health providers directly covered by HIPAA) determine when they are considered business associates (not directly covered but still subject to HIPAA).”
The guidance received a positive review from Paula M. Stannard, counsel with Alston & Bird in Washington, who said, “I think that this guidance is helpful in that it clearly reminds people, both covered entities and health app developers, of instances where the author of the health app is clearly not regulated under HIPAA as a business associate: When it's the consumer that's ultimately using the app and making the decision as to whether the covered entity receives data from it, and/or there's no relationship between the app developer and the covered entity (except for an interoperability arrangement).”
ADVANCE Opinion Poll: Which metric has performed best since your ICD-10 changeover?
The U.S. House of Representatives joined HHS recently in addressing these issues, as the House Subcommittees on Information Technology and Health Care, Benefits, and Administrative Rules suggested that some laws we have on the books now may be woefully ineffective or taken for granted.
“HIPAA was passed in 1996 before broad adoption of the mobile revolution, HITECH was passed in 2009 before much of cloud computing existed,” Rep. Ted Lieu (D-CA) said.
“Right now old and unclear privacy laws hinder interoperability between health IT systems and devices,” Rep. Will Hurd (R-Texas) said at the hearing. “In today’s hearing I hope to hear specifically what laws or regulations need to be changed or updated and how they should be changed or updated or abandoned.”
This positive step in the protection of privacy helps delineate how far HIPAA and HITECH can go in keeping your information safe. The only problem, of course, is how much more innovation will come to market by the time we truly get a handle on what we have now?