Congressmen ask HHS to clarify rules around health data privacy

Members of Congress Thursday sent a letter to Health and Human Services Secretary Sylvia Mathews Burwell asking that the government work more closely with app developers to stay within health data privacy laws.

Reps. Tom Marino (R-Pennsylvania) and Peter DeFazio (D-Oregon) penned the letter, dated September 18, after working closely with a software industry group.

The call for more clarity on the subject originally came from The App Association, which sent a letter saying as much to members of Congress earlier this week. There is a huge interest among developers to get into the health space, App Association executive director Morgan Reed told VentureBeat. But, he said, many balk because of confusion over the regulatory environment.

From the Congressmen’s letter:

“Documentation on the Health and Human Services (“HHS”) website outlining technical compliance with HIPAA (Health Insurance Portability and Accountability Act) has not been updated since 2006, years before an app store existed, much less the modern mobile device.

Many companies creating mobile health apps have told us that they want to fully comply with HIPAA regulations but have difficulty confirming that they have done so because current regulatory guidance does not cover technologies that they are using.

In some cases, small technology companies have reported having to hire large legal teams just to determine with some level of certainty that their product is in compliance with HIPAA. In order to ensure that innovative health companies do not inadvertently run afoul of the law, regulatory guidance should be routinely updated to reflect modern technologies being used in the health field.”

In particular, Marino and DeFazio ask HHS to clarify HIPAA rules around storing health data in the cloud, which means on a company’s own servers.

The Congressmen also ask that the HHS work more closely with software companies.

“We would like HHS to assign employees with technological expertise to regularly engage with companies in the emergent healthcare technology space. These employees should be prepared to work with app developers and others to make sure that products incorporate HIPAA protections beginning at the early stages of product development.”

They also suggest that HHS develop a voluntary badge program for companies seeking to prove compliance with HHS rules and regulations.

“The mobile health sector has exploded since the dawn of mobile devices, app stores, and cloud storage,” said Rep. Marino in a statement. “This provides new and exciting opportunities for patients and doctors to monitor and store critical health information. Unfortunately, our HIPAA regulations and guidance have been a hindrance for this emerging economy.”

Congressmen Marino and DeFazio have been the go-to guys on the Hill for the App Association, a spokeswoman told me. “We are grateful for their support to create a better regulatory environment that encourages innovation in this life-changing marketplace,” said the App Association’s Reed.

“HHS needs to know that they have champions both in Congress and industry that want to see HIPAA improved,” Reed said.