Dive Brief:
- HHS Office for Civil Rights (OCR) has launched a new website for app developers that provides HIPAA compliance advice and invites questions related to HIPAA privacy, security and breach notifications.
- According to Healthcare IT News, the website is part of HHS Secretary Slyvia Burwell's pledge to address HIPAA concerns and help close the gap between industry and federal rules concerning information privacy and security.
- The website could prove to be helpful for smaller businesses that may not have resources to hire outside consultants to decipher HIPAA compliance guidelines.
Dive Insight:
Susan Miller, an independent HIPAA attorney, told Healthcare Info Security that she hopes OCR uses questions submitted to the website as FAQ documents to create HIPAA case studies. She noted the website's importance since many mobile health app developers are confused about whether their products need to comply with HIPAA regulations.
David Holtzman, vice president of compliance at CynergisTek, a security consulting firm, said developers also need to go beyond HIPAA compliance in safeguarding patient data. "An insecure medical device or app that drives treatment decisions is both a threat to patient safety and a risk to any enterprise information system that it connects with," he told Healthcare Info Security.