This most recent OCR HIPAA media guidance about compliant apps that process health information is just such a response.
In this HIPAA compliant apps guidance FAQ, OCR states that:
- HIPAA gives individuals the right to access their protected health information (PHI, any demographic information that can be used to identify a patient). That means that if a patient requests for their PHI to be sent to a designated app, the provider should follow their request. That even includes scenarios when a provider may be concerned about the app’s privacy or security, or about how the app will go about using that PHI.
- Providers who transmit PHI to a third party app at a patient’s request will not be held liable under HIPAA regulation for subsequent unlawful disclosures that the app may make. It should be stressed that this exception only applies so long as the app was not “developed for, or provided by or on behalf of the [provider] – and, thus, creates, receives, maintains, or transmits ePHI on behalf of the [provider].”
- Providers who transmit PHI to a third party app at a patient’s request via an unsecured channel will not be held liable for a data breach that may occur in transit. However, the HIPAA compliant app HHS guidance stresses that providers should make patients aware of the risks involved with non-secure data transmissions.
To read the full guidance, click here to access the HHS/OCR release.
With newly unfolding healthcare tech, including apps and mHealth devices, HIPAA regulation must adapt to account for new data protection requirements. With increasing requests from patients to share PHI with third-party health information apps, providers must be aware of their responsibilities and liability when it comes to data privacy and security. Understanding HIPAA compliant app data sharing is critical to keeping up with patients’ increasing desire for data accessibility and provider engagement.
To find out more about HIPAA privacy and security requirements, click here to register for one of our upcoming educational HIPAA webinars!