Many mobile health tech developers want to sell their products into clinics and hospitals, but those sales are often stalled by the health provider’s concerns over the privacy compliance of the tech product.
Last fall, members of Congress, at the request of The App Association, wrote a letter to the Office of Civil Rights — the Department of Health and Human Services (HHS) office that administers and enforces HIPAA privacy rules — asking it to issue clearer guidelines for developers.
And today the Office of Civil Rights promised to do just that in a letter to Representative Peter DeFazio (D-Ore.).
In the letter, the agency did something government agencies don’t often do. It acknowledged that it could have done a better job of publicizing what it wanted to see in the privacy controls of health devices and apps.
Developers creating apps whose data could potentially be used by caregivers want to build in the appropriate privacy controls, but they often don’t get the guidance they need to make sure their products are HIPAA-compliant.
(HIPAA, or the Health Insurance Portability and Accountability Act, contains a set of rules that health care providers and insurance companies must follow to keep patient data away from people who have no good reason for seeing it.)
The privacy developer guidelines that do exist are outdated, said Morgan Reed, director of The App Association, which represents some 50,000 app developers and IT companies.
And hospitals, being extremely risk-averse, will not do business with partners whose technology might not be compliant, making it hard for startups to win new business.
Reed: “Often we talk to developers who have got their first round of funding. They have a good idea that promotes good patient outcomes, but then they get into the development cycle and the sales just aren’t there. There’s a disconnect.”
To begin to address the lack of guidelines, the Office of Civil Rights says it has already held several meetings with The App Association.
The office pledged that it would be more responsive and active in providing guidelines. It even proposed a series of “listening sessions” where the agency would hear directly from the tech companies about the compliance problems they’re facing.
In turn, The App Association wants to hear from developers about the compliance problems and case studies.
“My message is that we are looking to hear from the developer and VC communities that are active in the space,” Reed said. “We need them to send us examples of the use cases and the problems they’re facing so that we can make sure that they are covered in the guidance.”