As you design, market, and distribute a mobile health (mHealth) app that your customers will use to collect, share, use, or maintain individuals’ health information, it is likely you have questions about what U.S. federal laws apply. You may also wonder which federal agencies oversee various aspects of mHealth — including how this varies by how individuals, their health plan, or health care providers will use the app. Depending on who is expected to use an app and how they will get and use the app (e.g., direct-to-consumer (patient) app or a health care provider-directed app), this can vary.
To help you find answers, the Federal Trade Commission (FTC) released an update to the online, interactive Mobile Health Apps Tool. The updated tool was produced collaboratively, with contributions from ONC and our HHS colleagues at the Food and Drug Administration (FDA) and the Office for Civil Rights (OCR)…
Whether you are a developer new to mHealth, focusing on different users than you have with prior mHealth products, or are building innovative features into an existing app focused on the same kind(s) of users, the Mobile Health Apps Tool can serve as a sort of “trail guide” to these federal laws centered on information governance and federally required protections for information related to an individual’s health, as well as the safety and effectiveness of medical devices — which some mobile health apps might be. (However, please note there are federal as well as state laws that could apply to you or your technology that are not within the scope of this tool.)
We recognize the important role health technology developers have in helping enable and establish trust in the adoption and use of mobile technology. Building information privacy and security protections into mobile technology from the start makes privacy and security the default setting embedded in the overall design and development of the technology and business practices (sometimes referred to as privacy or security by design). This provides some assurance to users that the information is secure and will be used and disclosed only as expected or approved… Read the full article here.
