Is HIPAA Omnibus Good for mHealth Developers?


This is a really good question. If you’re not sure of HIPAA omnibus, you might check out this video where Rita Bowen discusses HIPAA Omnibus.

The article linked above suggests that HIPAA omnibus is good because it narrows when you have to disclose of a possible breach (ie. lost or stolen laptop that was encrypted wouldn’t need disclosure probably) and that PHR software doesn’t fall under HIPAA unless it’s run by a health plan or healthcare provider.

I guess I agree that in some limited ways this is helpful for mobile health developers. However, the implications of business associates is the big part of HIPAA omnibus that should have many mobile health developers concerned. Before HIPAA omnibus, the covered entity (a healthcare provider) held liability for any breach. Hover, under HIPAA omnibus, the business associate shares that liability.

While it’s true that some mobile health applications won’t be considered a business associate, many more will be considered a business associate. If this is the case for your application, you better make sure you’re compliant with HIPAA or you’re subject to any fines or penalties for HIPAA violations just like the provider was previously.

The good thing is that all of this is sketched out. Being HIPAA compliant is doable for a mobile health developer, but I’m afraid that many aren’t taking it seriously. The nice thing is that there are HIPAA training courses out there to help. I really fear for those mHealth companies that choose to do nothing.

Certified HIPAA Security Professional

About the author

John Lynn

John Lynn is the Founder of HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

   

Categories