Providers Leery of Embracing mHealth Because of Privacy Concerns

Mobile Health Applications Benefits

Many medical practices, attracted by the potential of mobile health or mHealth applications to engage patients, hesitate to embrace this technology because of concerns of HIPAA compliance. Though there are some apps with absolutely no risk of HIPAA breach, like SuperCoder’s handy ICD-10 app, other patient-centric mHealth apps carry that risk. With hundreds of thousands of mHealth apps available for iOS and Android devices, mobile health apps could revolutionize healthcare by helping patients take active interest in their health. In addition to those benefits, mHealth apps could also expedite patient-physician communication.

Mobile Health Has Broad Application

Currently, mobile health solutions range from monitoring apps that could provide telehealth consultations or follow conditions like arrhythmia to reminder apps that prompt patients to take medications or show up for their next scheduled appointment with their providers. Products like the Apple Watch, the Fitbit, and Android Wear smartwatches, which track heart rate, sleep habits, fitness activity, and more, have become increasingly popular with consumers.

Experts Wonder: How HIPAA Compliant is mHealth?

HIPAA experts say that practices are right to raise concerns about HIPAA compliance of mHealth apps. These apps can hold large amounts of sensitive, personal data of the individuals using them. What happens in the event of a data breach from these apps?

A new web portal launched by the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) and hosted by the crowdsourcing web portal Ideascale seeks questions and comments from mobile health developers and other health IT professionals. In addition to commenting and submitting questions, developers can learn about HIPAA requirements at the portal.

Developers Want Guidance on Patient-Physician Data Flow

One commenter said that developers need better guidance about HIPAA compliance in patient-generated health data. The commenter observed that HIPAA focuses on one-way data sharing emanating from the covered entity out to patients and other entities, while data from mHealth products flow in the opposite direction, from patients to the healthcare provider. Would HIPAA prevent this patient-directed flow of data to providers?

A moderator from OCR responded that information created or held by patients is not subject to HIPAA until it is received by a covered entity or business associate. The OCR moderator said, “HIPAA does not prevent hospitals, medical practices and other covered entities from receiving patient generated health data, whether by phone, paper, fax, online patient facing portal, or mHealth application.” However, covered entities and business associates are obligated under the HIPAA Security Rule to conduct a security risk analysis to evaluate and address potential risks of any collection solutions for capturing patient-created electronic personal health information (ePHI), such as web portals, data transfer applications, or network connections.

Have You Jumped on the Wearable Tech Bandwagon?

I’m a lifelong Apple fangirl, living happily in an all-Apple ecosystem, and as such I’m hankering for an Apple Watch. Have you started using a fitness tracker or other wearable technology? What do you think of it? Let us know in the comment box below. We love to hear from you!

Stay Current on HIPAA Requirements the Easy Way

What’s the fastest way to get the latest information to keep your practice HIPAA compliant? It’s not going to the HHS website and sifting through obscurely worded governmental bulletins! SuperCoder’s health information compliance alert newsletter brings you the health information compliance news you need without the impenetrable legalese. Each month, you’ll get answers to the toughest privacy and electronic claims compliance questions along with the other updates and information you need. Check it out!


Susan taught health information and healthcare documentation at the community college level for more than 20 years. She has a special love for medical language and terminology. She is passionate about ensuring accurate patient healthcare documentation through education. She has a master's degree in healthcare administration, is a certified healthcare documentation specialist, and serves as immediate past president for the Association for Healthcare Documentation Integrity (AHDI).

, , , , ,

Leave a Reply