Privacy and security regulation for mHealth doesnât stop at FDA
Health app developers are just starting to face regulations. While the FDA has passed their guidelines, more regulations from additional governing bodies are on the horizon, according to a group of Pepper Hamilton lawyers.
Mark Kadzielski, Sharon Klein and Dayna Nicholson of Pepper Hamilton spoke about additional regulation for mobile app developers during a recent webinar, pointing specifically to the areas of privacy and security.
Klein, the chair of the privacy, security and data protection practice, points to the vulnerability of cyber security incidents. With information being accessed through wireless and network connected devices, hacking and data breaches can happen. With many agencies – the FDA, the FCC, the FTC, the Office for Civil Rights and the states attorneys general – looking to implement regulations, app developers and provider organizations may have issues trying to comply with the different policies.
“The regulatory overlap is confusing and in some instances it’s duplicative,” Klein said as published by MobiHealthNews. “Congress has recognized this problem and passed the FDA Safety Act of 2012, which has mandated that HHS produce a report with a strategy and a recommendation, dealing with mobile health apps, which would balance innovation, patient safety, and avoid regulatory duplication. What we do know is there will be great enforcement in 2014 and the years to come in the mobile health area.”
Mobile developers are going to have to keep multiple regulations in mind that will be coming from different perspectives. One set of guidelines will look at patient safety while the other looks at data privacy. To avoid being fined, regulations from multiple agencies will have to be kept straight.
The National Institute of Standard and Technology (NIST) has also released guidelines they hope will be adopted by regulatory agencies. These regulations look to provide insight on the areas of privacy, encryption and data disposal.
To help developers keep all of these guidelines in mind, Nicholson and Klein provided some great tips: implement standard operating procedures in case of an emergency and implement safety protocols.
Have you created an mHealth app? What safeguards do you have in place?