Currently, HIPAA does not require that providers accommodate requests by patients to transmit information such as weight, vital signs, and or other health information.
Providers are worried that this requirement may be imposed. PHA developers are not regulated by HIPAA as either covered entities or business associates. The proposed new Privacy Rule does not regulate these entities, either. Healthcare groups, including providers and advocacy organizations, have submitted public comments voicing concerns about the privacy and security risks associated with sending protected health information (PHI) to these unregulated apps. These groups expressed concern that, since PHAs and those who develop, manufacture, or sell them, are not regulated by HIPAA, PHI that a provider sends to a PHA at a patient’s request may be accessed or used by third parties. These third parties could use the PHI for illegal financial gain or another illegal purpose.